Table of Contents Chapter 1: Getting Started with SAP BusinessObjects Roambi Roambi ES product overview Roambi Analytics Roambi Flow Getting help
Chapter 2: Configuration and Customization Configuring Roambicast Editing SMTP settings for Roambi Testing the SMTP server Sending a Roambicast Constructing a Roambicast link to add portals to a mobile device Constructing a Roambicast link to add an account to a mobile device Enabling and disabling compression Modifying the display language for Roambi Installing language support on Windows Installing language support on Linux (RedHat Fedora) Installing language support on Linux (Ubuntu) Enabling Japanese characters for Linux Changing your organization's logo Logo size specifications Uploading logos to the Roambi server Installing a custom Roambi theme Uploading a custom theme to the Roambi server Defining a custom download URL for the Roambi client app
Chapter 3: Portal Management Adding and deleting portals Adding portals Deleting portals Modifying general portal details Customizing the server maintenance message for a portal Configuring server details for a portal Accessing the server configuration SAP BOE IBM Cognos Microsoft Reporting Services Liferay Microsoft SharePoint Microsoft SharePoint Online Microsoft Analysis Services Specifying a root folder for client devices Configuring Auto-synchronization for folders Enabling Auto-synchronization for folders Synchronizing folder names Roambi support for refreshed data in native report results
1 1 2 2 3
5 5 5 7 7 7 8 9 9 10 10 10 10 10 11 11 12 12 14
17 17 17 19 19 22 25 26 30 31 32 32 33 33 34 34 40 40 45 49
Folder synchronization support Specifying a working directory (Roambi Flow only) Enabling a portal as a primary login option Enabling or disabling a portal
Chapter 4: User Accounts Finding users Creating and deleting users Creating users Deleting users Granting and revoking administrator privileges Setting a temporary password Manually setting a user password Locking the Roambi client application Blocking and wiping a device Managing portal accounts Attaching a portal to an account Detaching a portal from an account
Chapter 5: Security General rules for Roambi server authentication Controlling Roambi Publisher access Blocking user access to Roambi Enabling auto block Disabling auto block Enabling and disabling screen shot capture Modifying device passcode settings Enabling a device passcode Specifying whether the passcode will only be required in offline-only mode Modifying the minimum length of the device passcode Modifying Server Encryption Secrets Encrypting Server Keys for added security Port Configuration
Chapter 6: Maintenance Viewing system details Running the system diagnostic check Migrating to a new Roambi ES release
Chapter 7: Load Balancing Load balancing and failover Using a BIG-IP Local Traffic Management appliance for load balancing Basic network for Roambi with a BIG-IP appliance Creating an HTTP health monitor for a BIG-IP appliance Defining a Roambi server pool Creating an HTTP profile Creating a TCP profile (optional) Creating a virtual server Using a Cisco ACE load balancer with Roambi
Chapter 8: Firewall Placement Roambi behind a firewall and client VPN Roambi behind a firewall and reverse proxy Reverse proxy architecture
49 50 54 58
63 63 65 65 66 67 69 72 74 77 79 80 81
83 83 84 85 85 86 87 89 89 90 90 91 93 93
95 95 96 99
101 101 102 102 103 103 104 104 104 105
107 107 108 108
Setting up a reverse proxy for Microsoft IIS Setting up a reverse proxy for Apache Setting up a reverse proxy for Citrix Netscaler Setting up a reverse proxy and SSL rewrite for Apache HTTPD mod_proxy Demilitarized Zone (DMZ) DMZ with load balancing Using Threat Management Gateway (or Internet Security and Application Server) with Roambi TMG integration with Roambi Setting up TMG for Roambi Creating a firewall policy in TMG for the Roambi client Enabling HMTL form authentication for iOS devices (optional) Configuring Tomcat, TMG, and Kerberos Enabling TMG for client devices
Chapter 9: SSL Preparing Tomcat to use SSL SSL requirements for Roambi and Tomcat Enabling the Tomcat HTTPS connector Installing SSL to Tomcat using OpenSSL Downloading and installing the OpenSSL utility Extracting the root CA of a server Using OpenSSL to view the contents of a PEM file Specifying that OpenSSL s_client should use a trusted certificate Verifying the certificate files SSL task reference Adding a trusted certificate authority (CA) to an iOS device Connecting to the Roambi server via SSL and troubleshooting connections Creating a keystore for Tomcat Creating a Certification Sign Request (CSR) for Tomcat Importing a certificate file to Tomcat Verifying SSL certificates via SSL Checker Viewing certificate details from a web browser Listing the certificates in a keystore Validating the SSL requirements using OpenSSL Verifying the server connection using OpenSSL Checking the certificate chain using OpenSSL Verifying SSL certificates using OpenSSL Verifying the Tomcat connector settings Installing SSL to a reverse proxy server Configuring Tomcat for SSL offloading Configuring Tomcat behind a reverse proxy SSL and BIG-IP appliances Installing SSL to IIS Downloading and installing the ARR extension for IIS Installing the certificate files Installing the intermediate certificates from the Certificate Authority (CA) to IIS
Chapter 10: Single Sign-on (SSO) Using SSO with Roambi HTTP requests between mobile device and SSO solution
109 110 111 111 111 112 113 113 114 114 115 117 121
123 123 123 124 124 124 125 126 127 128 128 128 129 129 130 130 130 130 130 131 131 131 132 132 133 133 134 135 135 135 135 136
139 140 141
HTTP requests between the SSO solution and Roambi server Requests between the Roambi server and BI system SSO architecture and HTTP request process HTTP requests between mobile device and SSO solution HTTP requests between the SSO solution and Roambi server Requests between the Roambi server and BI system Configuring SSO for Roambi Specifying an SSO solution for Roambi Configuring Roambi for use with SiteMinder Installing Web Agents for SiteMinder and Roambi General SiteMinder configuration tips Tips for integrating SiteMinder with Roambi and Cognos Integrating SiteMinder with Roambi and SAP BOE Configuring Roambi for Trusted Auth Configuring Roambi for Trusted Authentication with BOE Configuring Roambi for SiteMinder and Trusted Authentication with BOE Configuring Roambi ES for Quest Single Sign-on for Java Installation Guidelines Configuring Quest Single-Sign on for Java
Chapter 11: Batch Processes
141 142 142 142 143 143 143 144 145 146 146 146 147 149 150 152 154 154 155
157
Determining the source data and folder IDs for batch processes 157 Running Roambi batch processes 159 Executing the batch process command 159 Batch process syntax 159 Setting up a batch command when the source report resides in a different portal than the RBI 162 Defining a locale for the batch utility 162 Batch process command examples 162 Updating and replacing an RBI with new source data on the same portal 162 Copying an RBI to a new portal folder on the same portal 163 Creating a new RBI on a different portal 163 Creating a new RBI on the same portal with a new name and source parameters 164 Using the batch utility to create a template RBI when the source report has parameters 164 Using a text file as the parameter source for a batch process 165 Text file format for batch processes 165 Running a batch process with arguments stored in a text file 165 Using batch processes in SiteMinder-protected environments 166
Chapter 12: Application Service API Obtaining the report URL Obtaining the report URL from Roambi Publisher Obtaining the report URL from a Roambicast email Editing the report URL Launching the report Returning to the third-party application Linking to a specific Cardex card
Chapter 13: Troubleshooting Isolating issues Using log files to troubleshoot issues with Roambi
167 167 167 175 176 176 176 177
179 179 180
Enabling logging for Roambi on the server Accessing log files on client devices Recovering crash logs for mobile devices Roambi Flow Issues Roambi Flow publishing and PDF issues SSL issues with Roambi Flow on Linux SSL issues with Roambi Flow on Windows Screen capture issues for Roambi Flow Timeout errors Download timeouts Tomcat session timeouts MS Excel import errors and OpenOffice errors File import failed for MS Excel file MS Excel file import fails after a long wait OpenOffice index out of range error on import of Excel Missing entry for connStringInstance 1 in roambi-settings.properties java.lang.NoClassDefFoundError: com/sun/star/frame/XModel Missing or corrupt files Application has failed to start Roambicast issues Roambicast does not successfully send emails File upload issues MS Excel files do not upload File size is too large Client device errors Users cannot download or refresh Roambi analytics reports on their mobile devices Error: "Download failed" Network configuration issues HTTP 404 error after deployment of Roambi war file to Tomcat Troubleshooting the network configuration Roambi Publisher issues Publisher displaying "sqlite library not found" messages Post Too Large HTTP Request Error Batch Process Issues [main] INFO com.mellmo.roambi.UpdateRoambi - reponse body:Failed to update parameter values. Parameters table does not contain parameter: My Prompt: [main] INFO com.mellmo.roambi.UpdateRoambi - reponse body:Failed to update parameter values. XML document structures must start and end within the same entity. Error: “Server could not complete the request” when requesting a new parameter set on a batch Roambi. General portal issues Portal does not appear in Roambi Publisher SAP Business Objects Enterprise (SAP BOE) issues Enabling JCE verbose logging for SAP BOE User cannot log in to SAP BOE portal
180 181 182 182 182 183 183 183 184 184 184 185 185 185 185 186 186 186 187 187 187 187 187 187 188 188 188 189 189 189 191 192 192 192 192
193
193 193 193 194 194 194 194
INCORRECT PORTAL CREDENTIALS: The username-password combination you have used for this location are either invalid or incorrect 195 Server returned an HTTP error upon attempted login 195 Cannot import a webi document 195 Cognos Issues 195 Generating the Cognos logs 195 Verifying the Cognos configuration 196 INCORRECT PORTAL CREDENTIALS: The username-password combination you have used for this location are either invalid or incorrect. 196 Your Roambi installation is missing required library files. Please contact your administrator. 196 SSRS Issues 197 Non-functional parameters appear on the Roambi login screen 197 Cannot login: user id or password invalid 197 Roambi analytics reports are not correctly displaying 197 Config Manager webservice_url 198 HTTP 500 or 401 Not Authorized 198 Cannot publish in SSRS 198 Microsoft Analysis Services Issues 198 Blink View does not display cubes in the database folder 198 Blink View displays error ”Not authorized” on login 198 Cannot login. Get error “SSRS has authentication to Navigate” 199 Liferay Issues 199 Incorrectly formatted Web Service URL 199 User cannot publish view in Liferay 199 Users and content are missing when Liferay starts 200 Roambi batch process is successful, but the View does not update using Community Liferay Server 200 User cannot log in to Roambi ES with new Liferay account 200 SSL Issues 200 Issue: Web browser hangs when attempting to access SSL URL 200 Issue: Intermediate certificates are missing on HTTP server 200 Error message: "Cannot recover key" 201 Error message: "Your credentials could not be verified because the server could not be reached (-1206)” when using mod_ssl on apache" 201 Validation error: "verify error:num=19:self signed certificate in certificate chain" 201 Validation error: verify error:num=20:unable to get local issuer certificate 201 Reverse proxy issues 201 Checking if reverse proxy is working properly 202 Troubleshooting reverse proxy issues with Tomcat 202 Kerberos Issues 202 Enabling Kerberos debug logging 202 Checking the Kerberos configuration 202 Listing SPNs 203 Verifying that a Kerberos ticket can be issued 203 Checking if a tgt ticket has been created and cached on the client 203 [Krb5LoginModule] authentication failed 203 Client not found in Kerberos database (6) 203 Chapter 14: Roambi ESX 205
About Public Portals Adding a Public Portal Adding Authentication Credentials to a Public Portal Configuring a Public Portal Enabling a Public Portal Publishing Roambi Files to Public Portals
205 206 207 209 211 211
Chapter 1: Getting Started with SAP BusinessObjects Roambi The SAP BusinessObjects Roambi ES Administration Guide contains instructions and suggestions for configuring and administrating the Roambi Enterprise Server (ES). If you have not already installed the Roambi server, see the SAP BusinessObjects Roambi ES Installation Guide for step-by-step instructions for installing the server and its prerequisite software. This guide includes the following chapters: Configuration and Customization: Information about how to configure and customize the appearance of Roambi Portal Management: Adding, deleting, and modifying Roambi BI portals User Accounts: Managing Roambi user accounts Security : Adding or changing server, Publisher, or mobile device security options Maintenance: Basic Roambi server maintenance tasks Load Balancing: Benefits of load balancing and instructions for setting up a BIG-IP load balancing appliance Firewall Placement: Various options for firewall placement, including the pros and cons of each configuration SSL: Configuring SSL for the Roambi server Single Sign-on (SSO): SSO architecture and configuration instructions Batch Processes: Configuring and running Roambi batch processes Application Service API: Using the Application Service API to allow third-party applications to launch a specific Roambi analytics report. Troubleshooting : Common problems and solutions for the Roambi server
SAP BusinessObjects Roambi ES product overview
The Roambi Enterprise Server (ES) is a secure and scalable server solution that enables you to transform your critical business reports and data into interactive dashboards and reports for mobile devices.
The data sources for Roambi ES can range from single spreadsheets to sophisticated Business Intelligence (BI) systems. Roambi ES is designed to meet and exceed the unique requirements for an enterprise-grade mobile application, including: -1 -
Broad connectivity to diverse data sources and BI systems Enterprise-ready user interface and tools Security and administrative capabilities required by enterprise IT
Regardless of the size of your organization, Roambi ES enables your mobile workers to have convenient, up-to-the-minute business information for on-the-go-analysis, impromptu presentations, and smarter decision-making. In addition to the Roambi server, Roambi ES includes the Roambi Analytics Publisher application and optionally the Roambi Flow Publisher application. Each Publisher application works with your data to create the dashboards and reports that are viewable on your mobile devices.
In addition to the Roambi server, Roambi ES includes the Roambi Analytics Publisher application. The Publisher applications work with your data to create the dashboards and reports that are viewable on your mobile devices.
SAP BusinessObjects Roambi Analytics Roambi Analytics reports are interactive mobile dashboards that can be instantly delivered to any iPhone, iPad, or iPod Touch. Several types of reports, called Views, are available so that you can tailor your analysis to the source data that you are working with. Roambi ES includes the following views:
Blink Cardex CataList Elements Layers PieView Pulse Squares SuperList Trends
Card
SAP BusinessObjects Roambi Flow SAP BusinessObjects Roambi Flow is an information publishing platform that is available for purchase with the Roambi Enterprise Server. Roambi Flow enables users to easily create dynamic reports that embed Roambi analytics and that can be shared on the iPad. If your Roambi license agreement includes a Roambi Flow license, Roambi Flow will be automatically installed with the Roambi server, and you will only need to perform a few additional configuration steps to set up Roambi Flow for your organization's users.
-2-
Getting help
Roambi Flow requires that each Flow user has a separate account; SAP highly recommends that users not share accounts to prevent two users from simultaneously editing the same document.
Getting help If you are having any issues with the Roambi server, please review the Troubleshooting chapter of this guide and the sections of the ES5 Installation Guide that are relevant to your configuration before contacting Roambi technical support. If you are having any issues with the Roambi server, please review the Troubleshooting chapter of this guide before contacting Roambi technical support.
-3-
Chapter 2: Configuration and Customization You have several options provides several configuration options to customize your Roambi server for your organization. This chapter discusses available configuration options and how to use these options: Configuring Roambicast Enabling and disabling compression Modifying the display language for Roambi
Additionally, your organization has several options for customizing the look and feel of the Roambi server and client application. Note that some types of customization, such as creating a theme, require the involvement of your Roambi technical representative.
This chapter contains basic instructions for the following types of customization:
Changing your organization's logo Installing a custom Roambi theme
Note:
Configuration changes that should be made as part of the initial Roambi installation and set up process are discussed in the ES5 Installation Guide.
Configuring Roambicast
The Roambicast feature allows Roambi Publisher users to automatically email Roambi Analytics reports to fellow portal users. A Roambi system administrator must configure Roambicast before users can use the automated version of this feature.
Editing SMTP settings for Roambi
Before you can configure your SMTP settings for Roambi, you will need to set up the SMTP mail server to be used by Roambi. See the documentation for your mail server for instructions on setting up an SMTP server.
To configure Roambicast:
-5-
Chapter 2: Configuration and Customization
In the upper-right of the Administrator's Console, click the System tab. The System tab options display on the left pane of the screen. From the list of System tab options, click the SMTP Settings tab to display the current SMTP settings.
Enter the information for your SMTP server: In the Host field, type the name or DNS domain named host for the SMTP host server. In the Port field, type the port number used by the SMTP server. Press the Return key. Roambi validates the Host and Port values by attempting to connect to the SMTP server. If Roambi cannot connect to the SMTP server, the screen prompts you to check your settings and retry. After connecting to the SMTP server, the Administrator's Console displays fields for additional SMTP settings with default values already filled in with information from the SMTP server.
-6-
Configuring Roambicast
Verify that the default values are correct for your SMTP server, or make the necessary changes for the server. Depending on your email server configuration, these settings might include the following fields: Domain Host: SMTP server domain name. From Email: Email address displayed in the From field of a sent email. URL Host for Emails: Host value used to construct links for emails. If your Roambi server is behind a reverse proxy, this host name must be the reverse proxy machine name. To determine the value for this field, start a browser session using Roambi FQDN; this field should suggest the browser URL.
Click the Save Settings button. Roambi saves the settings and the Administrator's Console displays buttons giving you the options to send a test email (see Testing the SMTP server) or edit your settings.
Testing the SMTP server After you have added your SMTP server information to the Administrator's Console, you can verify that the server is working as expected by sending a test email. To validate the SMTP settings by sending a test email: 1. On the SMTP Settings tab, click the Send Test Email button to display a Send Test Email prompt. 2. In the Email field, enter a valid email address. 3. Click the Send button. Within a few moments, you should receive an email at the Send Test Email address, which confirms that your SMTP settings are correct. Users should now be able to send Roambi Analytics reports using Roambicast.
Sending a Roambicast You can send a Roambicast of a Roambi Analytics report using two different methods: If you have configured your SMTP settings, when you create an analytics report in Roambi Publisher, you will have the option to Roambicast that report at the end of the publishing process. You can manually construct a Roambicast link to automatically add portals or accounts to a device. (See Constructing a Roambicast link to add portals to a mobile device and Constructing a Roambicast link to add an account to a mobile device.)
Constructing a Roambicast link to add portals to a mobile device
To manually construct a Roambicast link that automatically adds a portal to a user's mobile device, use the following link format in your email, depending on how you installed the Roambi server:
-7-
Chapter 2: Configuration and Customization
When you installed the Roambi server, if you renamed the Roambi .war file "ROOT", use the following link format: For HTTP: roambi-http://[RoambiServer]/SourceManager/[PortalID] For HTTPS: roambi://https://[RoambiServer]/SourceManager/[PortalID]
When you installed the Roambi server, if you renamed the Roambi .war file something other than "ROOT", use the following link format: For HTTP: roambi-http://[RoambiServer]/roambi/SourceManager/[PortalID] For HTTPS: roambi://https://[RoambiServer]/roambi/SourceManager/[PortalID]
Note:
If you changed the name of the Roambi .war file to something other than "roambi" or "root", the directory under the RoambiServer directory should have the same name as your .war file. For example, if you renamed the Roambi .war file to "myapp.war", your HTTP URL would be roambi-http://[RoambiServer]/myapp/SourceManager/[PortalID].
The URL contains the following parameters:
RoambiServer is the address for the server where the Roambi server is installed.
PortalID is the ID for the portal where you created the Roambi analytics report that you want to send via Roambicast.
Constructing a Roambicast link to add an account to a mobile device To manually construct a Roambicast link that adds an account to a user's mobile device, use the following link format in your email:
To use HTTP: roambi-http:/[RoambiServer]
To use HTTPS: roambi://[RoambiServer]
The RoambiServer parameter should contain the URL used to access the Roambi server.
-8-
Enabling and disabling compression
Enabling and disabling compression Roambi analytics files (RBI files) that contain large amounts of data or that have certain features enabled, such as summary charts or different charts in each view, can grow to be quite large in size. These large files can take a long time to download to mobile devices. Additionally, if users are downloading files via a 3G network, large data files can result in increased data charges.
To decrease the size of RBI files while still retaining all of your data and features, you can enable file compression on the Roambi server (by default, file compression is disabled). Note:
If file compression is disabled, the server will not be able to open compressed RBI files.
To enable file compression on the Roambi server:
In the directory where your application server is installed, navigate to the following folder: [application_server]/webapps/[roambi]/WEB-INF/
Open the web.xml file in a text editor.
Scroll or use CTRL+F to find the following piece of XML code: Enable RBI compressionEnableCompressionfalse
Change the value of the param-value element from false to true to enable compression. Save your changes and restart the application server.
Modifying the display language for Roambi Roambi applications and file formats are UTF-8 encoded so that you can change your language on your machine, and the application and data will display in the new language. Because some Roambi report elements, such as the title bar on the Cardex report, are generated on the server, if most users will be using a language other than English, you will need to install support for that language on the server where the Roambi server is installed. Note:
Roambi retains the date and number format from the original source report regardless of what language the server uses.
When using the Roambi web application, language settings are determined by the OS that is running the browser.
For Mac, you can change the OS language in the System Preferences. For Windows, see the documentation for the version of Windows that you are using.
- 9-
Chapter 2: Configuration and Customization
Installing language support on Windows To install language support on Windows XP or Windows 2003: From the Windows Control Panel, select the Regional and Language option. Click the Keyboards and Languages tab. Under Display Language, click Install/uninstall languages. Follow the prompts to install the necessary language files for your language.
Installing language support on Linux (RedHat Fedora) To install language support on RedHat Fedora: 1. Install the font packages required for your language, such as fonts-korean sazanami, fonts-gothic sazanami, fonts-mincho, and fonts-chinese. 2. In the jre/lib folder, create a fontconfig.properties file describing which fonts should be used. Use fontconfig.RedHat.properties.src as a template for this file.
Installing language support on Linux (Ubuntu) To install language support on Ubuntu, type the following command: $ 1) sudo apt-get install ttf-unfonts
Enabling Japanese characters for Linux If your mobile device users will be accessing the version of the Roambi Visualizer client app that has been translated to Japanese, you will need to enable Japanese characters on your Linux server.
To enable Japanese characters for Linux: Create a $JAVA/jre/lib/fonts/fallback directory: $ sudo mkdir -p $JAVA/jre/lib/fonts/fallback
Copy the Japanese true type font to the /fallback folder: $
sudo
ln
-s
/usr/share/fonts/truetype/ttf-japanese-
gothic.ttf $JAVA/jre/lib/fonts/fallback/
Changing your organization's logo You can upload a custom logo to the Roambi server so that when users connect to their mobile devices, they see your organization's logo rather than the Organization Name as the link to their portals.
- 10 -
Changing your organization's logo
Logo size specifications If you have users connecting to the Roambi server via both phone and tablet devices, you will need both a small and large version of your logo so that the logo displays properly:
The small logo should be a PNG file that is 220 pixels wide by 40 pixels tall. The large logo should be a PNG file that is 440 pixels wide by 80 pixels tall.
Uploading logos to the Roambi server To add a custom logo for your organization to your devices portals, you need to upload the logo files to the Roambi server: In the upper-right portion of the Administrator's Console, click the System tab to display the list of system options on the left side of the screen. From the list of system options on the left side of the screen, click Appearance to display the Roambi appearance options:
Select a Small Logo: Under Organization Logos, in the Small Logo box, click the Select button to open a Select File window. The Select File window lists all small logo files that have been uploaded to the server and also allows you to upload or delete files on the server.
- 11 -
Chapter 2: Configuration and Customization
If you see that the logo file you want was previously uploaded, select that file and click the Save button. If you need to upload your logo file, click the + sign at the lower-left of the list of files. Clicking the + button opens a File Upload dialogue. Browse to your logo file and click Save. If you need to delete a file on the server, select the file and click the - button. Repeat the previous steps for the Large Logo. Restart the Roambi application on your mobile device. Once you confirm that you can see the new logos, instruct your users to restart the application on their mobile devices. If users have already created a portal with the previous logo (or no logo) on their mobile devices, they might need to exit the application, kill the application in the background, the relaunch the Roambi application to see the new logo.
Installing a custom Roambi theme Roambi themes are packaged as ZIP files and contain graphics and information about the look and feel of the Roambi user interface. Contact your Roambi technical representative to start the process of building a theme if you would like a custom look for your Roambi UI.
Uploading a custom theme to the Roambi server To install a custom Roambi theme:
- 12 -
Installing a custom Roambi theme
In the upper-right portion of the Administrator's Console, click the System tab to display the list of system options on the left side of the screen. From the list of system options on the left side of the screen, click Appearance to display the Roambi appearance options:
Under Custom Theme Settings, in the Install Theme box, click the Select button to open a Select File window.
This window lists any ZIP theme files that have already been uploaded to the Roambi server.
If you do not have your theme file already uploaded, in the lower-left corner of the window, click the + sign to open a File Upload dialogue. Browse to the theme ZIP file provided by your Roambi technical representative. Click Save.
- 13 -
Chapter 2: Configuration and Customization
Restart the Roambi application on your mobile device. Instruct your users to kill the application in the background, then restart the Roambi application on the device.
Defining a custom download URL for the Roambi client app If you would like your users to download the Roambi client app for their mobile devices from a URL other than the Apple App Store, you can specify a custom download URL. By default, when users are prompted to download the Roambi client via a Roambicast email, the email will contain a link to the Roambi version that can be downloaded from the Apple App Store. When you specify a custom download URL, you can direct users to a different download location. Use a custom download URL if your organization uses a custom application or a secure application loader.
To define a custom download URL for the Roambi client app: Click the System tab in the upper-right part of the Administrator's Console to access system-related functionality. Click the General tab to view general system details:
Scroll down to see the Applications section:
- 14 -
Defining a custom download URL for the Roambi client app
Under Applications, toggle the Show Custom URLs switch to ON:
The custom URL fields for Roambi Analytics and Roambi Flow become visible.
- 15 -
Chapter 2: Configuration and Customization
The custom URL field for Roambi Analytics becomes visible. In the Roambi Analytics URL field, specify the URL where users will download the Roambi Analytics Visualizer client app. If your organization uses Roambi Flow, in the Roambi Flow URL field, specify the URL where users will download the Roambi Flow client app.
- 16 -
Chapter 3: Portal Management This chapter contains information on adding, deleting, and modifying BI portals for SAP BusinessObjects Roambi: Adding and deleting portals Modifying general portal details Configuring server details for a portal Customizing the server maintenance message for a portal Specifying a root folder for client devices Configuring Auto-synchronization for folders Specifying a working directory (Roambi Flow only) Enabling a portal as a primary login option Enabling or disabling a portal
Adding and deleting portals
At least one Roambi portal should have been created for you when your Roambi server was initially set up. If you have at least one portal already created or imported for the Roambi server, you can add more portals or delete a portal from the Roambi Administrator's Console.
Adding portals
To add a portal to the Roambi server:
Click the Add Portal button in the lower left corner of the dashboard:
An Add Portal window opens:
- 17 -
Chapter 3: Portal Management
- 18 -
Modifying general portal details
From the Portal Source drop-down list, select the BI tool that will be used as the data source for the portal. Depending on which portal you choose, the portal may also be used to store RBI files. In the Name text box, type a unique name for the portal. Click Add. Configure the portal using the Administrator's Console. Each portal type has different configuration requirements. See the individual section for the portal type in the ES5 Installation Guide to learn about the configuration parameters for that portal.
Deleting portals You can delete a portal by selecting it in the left pane then clicking the Delete Portal button in the lower right corner of the dashboard:
Modifying general portal details After you add a portal to Roambi, you can still edit some of the general details related to the portal.
To edit the general details for a portal: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with.
- 19 -
Chapter 3: Portal Management
The Console displays the Portal Details:
- 20 -
Modifying general portal details
- 21 -
Chapter 3: Portal Management
The Portal Details section contains the following fields:
Type: Value is set during portal creation and cannot be changed. Name: Name of the portal as appears to users of the Roambi Administrator's Console and Publisher. ID: Unique identifier for the portal that was assigned when the portal was created; cannot be changed. ID Alias: Human-readable ID for the portal; This ID is used for migration when upgrading from previous versions of the Roambi server. Description: Short description for the portal. Support Message: Message to display to users when the server is taken down for maintenance (see Customizing the server maintenance message for a portal).
Customizing the server maintenance message for a portal If you need to take the Roambi server offline for maintenance, you can configure a custom message that displays when a user tries to connect to an affected portal.
- 22 -
Customizing the server maintenance message for a portal
The custom message also displays if an Administrator has disabled the portal from the Roambi
server. Custom messages enable you to communicate to users when and why they cannot connect to the server. To set a custom maintenance message for a portal: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 23 -
Chapter 3: Portal Management
- 24 -
Configuring server details for a portal
Click inside the Support Message box. The Support Message is enabled for editing.
Type a new Support Message describing the details of the maintenance or other information that you want to communicate to users who connect to the portal. Click Save to save your changes.
The new message will now be displayed to users who try to connect to the portal while the server is offline or the portal has been disabled.
Configuring server details for a portal The information required to configure server details for a portal varies by portal type. This topic explains how to navigate to the page where you can edit server details and what details are required for each portal type.
- 25 -
Chapter 3: Portal Management
Accessing the server configuration To access the server configuration details that can be edited: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 26 -
Configuring server details for a portal
- 27 -
Chapter 3: Portal Management
Click the Configuration tab to view the server configuration. Note that options on this screen vary by portal type:
- 28 -
Configuring server details for a portal
- 29 -
Chapter 3: Portal Management
For any type of portal, you can enable or disable the portal from this tab (see Enabling or disabling a portal). To learn more about the available fields under Portal Parameters, see the section that follows that corresponds to your portal type.
SAP BOE
SAP BOE has the following available Portal Parameters: Authentication:Type of BOE authentication to be used by Roambi. Valid values are secEnterprise, secLDAP, secWinAD, and secSAPR3. If you are using SiteMinder and/or Kerberos for authentication, set this value to secWinAD. If you are using TrustedAuth for SSO authentication, set this value to secEnterprise. If you are using both CA SiteMinder and TrustedAuth, set this value to secEnterprise.
- 30 -
Configuring server details for a portal
Server Name: Name of the server where the Content Management System (CMS) is deployed. Web Service Url (SAP BOE v4 only): URL to the BOE web services deployment. This URL will likely use the format http://[Server]/dswsbobje/services.
IBM Cognos
Cognos has the following available Portal Parameters:
Dispatcher URL: URL for the Cognos server that handles the Dispatcher. Gateway URL: URL assigned to the portal by the web server. For example, if you use IIS with a gateway named Cognos8, the gateway points to http://[server_name]/Cognos8/cgibin/cognos.cgi. (For ISAPI, replace "cognos.cgi" with "cognosisapi.dll".) Namespace: Name Space ID for the Authentication provider that is configured in the Security section of Cognos. Note:
If you are using Cognos v7 "Access Manager" as your namespace, do not specify Access Manager as your namespace in the Roambi Namespace field. Instead, specify the nampespace default, which is the CAMID in Cognos.
Version: Cognos version. Valid values are 83 (Cognos8.3), 84 (Cognos 8.4), and C10 (Cognos 10.x).
- 31 -
Chapter 3: Portal Management
Microsoft Reporting Services
Microsoft Reporting Services has the following available Portal Parameters:
Windows NT Domain: Windows domain that you use to log into Windows. If you do not specify this domain, you can log into any Windows domain, but you will need to manually enter the Windows domain on the Roambi Publisher login screen. Time Zone: Time zone used by the server. Use standard Time Zone format for this value: http://www.timeanddate.com/library/abbreviations/timezones/ Web Service URL: Web Service URL specifed in the Report Services Configuration Manager. If the report server instance has a name other than ReportServer, add the instance name at the end of the URL. For example: http://[server_name]:[port]/[instance_name].
Liferay
Liferay has the following available Portal Parameter: Web Service URL: URL for the Liferay portal. For example: http://liferay.[company_domain].com.
- 32 -
Configuring server details for a por-tal
Microsoft SharePoint
Microsoft SharePoint has the following available Portal Parameters: Context Path: Path to the web site that Roambi will access. The path should start with a "/". To determine the correct context path:
Navigate to the target SharePoint site. Go to Site Actions > Site Settings. The context path will be in the following place in the site URL: http://[SharePointURL]:[port]/[context_path]
Windows NT Domain: Default Windows NT domain for authentication. This parameter allows users who belong to this domain to skip typing the domain as part of their User ID. Users who do not belong to the domain will need to use the format [domain]/[user_name] when typing their User IDs. Web Service URL: SharePoint server URL without the context path. This URL should not end with a "/".
Microsoft SharePoint Online
- 33 -
Chapter 3: Portal Management
Microsoft SharePoint Online has the following available Portal Parameters: Context Path: Path to the web site that Roambi will access. The path should start with a "/". To determine the correct context path:
Navigate to the target SharePoint Online site. Go to Site Actions > Site Settings. The context path will be in the following place in the site URL: http://[SharePointURL]:[port]/[context_path] Web Service URL: SharePoint Online server URL without the context path. This URL should not end with a "/".
Microsoft Analysis Services
Microsoft SQL Server Analysis Services has the following available Portal Parameters:
Windows NT Domain: Default Windows NT domain for authentication (optional). Server Type: Analysis Services OLAP source. This parameter should contain "SSAS". Server URL: URL where the Microsoft Multidimenstional Pump application is installed. For example, http://[IIS_Server]/[OLAP]/msmdpump.dll.
Specifying a root folder for client devices Setting a root folder for client devices ensures which folders users will see as a top-level folder for navigation when they connect to a portal from their mobile devices. Any user with Administrator rights can specify a root folder for client devices. To specify that a folder should display as a root folder: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 34 -
Specifying a root folder for client devices
- 35 -
Chapter 3: Portal Management
- 36 -
Specifying a root folder for client devices
Above the Portal Details, click the Folders tab. The Console displays the Portal Folders:
- 37 -
Chapter 3: Portal Management
From this tab, you can set a root folder and specify Sync Folders. Sync Folders automatically synchronize the content on users' mobile devices with the content on the Roambi server.
Under Root Folders, click the Add Folder button. An Add Root Folder window opens.
- 38 -
Specifying a root folder for client devices
From the folder list, browse to and select the folder that you want to set as a root folder. Click the Add Root Folder button. The folder now appears in the list of root folders under Portal Folders:
Users will need to restart the Roambi Visualizer application on their mobile devices before the root folder will be visible. When users then connect to the portal, the root folder will display as one of the top-level folders in their folder list. Note that the root folder designation only applies to mobile devices and not to the Roambi server.
- 39 -
Chapter 3: Portal Management
Configuring Auto-synchronization for folders Auto-synchronization automatically updates the content of folders with this feature enabled on client devices. Auto-synchronized folders (called Sync Folders) ensure that users always access the most recent data on their mobile devices when they connect to a portal. After you enable auto-synchronization for a folder, users' mobile devices initiate the download. Once a device finds the sync folder, the download request initiates. When users open the auto-synchronized folder on their devices, the devices show the content of the synced folder on the device. The screen will appear empty if no RBI files have been downloaded. Additionally, the Roambi Visualizer application for mobile devices has a parameter in Settings that defines the maximum file size that can be downloaded by autosynchronization. By default, the size limit is 5MB, but users can increase the size limit on their devices to enable the download of larger files. If you set the File Expiration option for an RBI, auto-synchronization works slightly differently. For files with expirations set, auto-synchronization will only sync the report link and not the report itself. Synching only the link prevents users' devices from having download, delete, and redownload unread reports. Any user with Administrator rights can enable auto-synchronization for a folder.
Enabling Auto-synchronization for folders To enable auto-synchronization for a folder: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the General tab for the portal:
- 40 -
Configuring Auto-synchronization for folders
- 41 -
Chapter 3: Portal Management
- 42 -
Configuring Auto-synchronization for folders
Above the Portal Details section, click the Folders tab. The Console displays the Portal Folders section:
From this tab, you can set a root folder and specify folders to be auto-synchronized.
- 43 -
Chapter 3: Portal Management
Under Sync Folders, click the Add Folder button. An Add Sync Folder window opens.
From the folder list, browse to and select the folder that you want to auto-synchronize. If you want to automatically delete Roambi files from the device after they are deleted from the server, check the Auto Delete box. When an RBI file is deleted from the server portal, that RBI file will be deleted from both the folder in the Connect tab and from the Library (if it was previously downloaded) on users' mobile devices. As soon as users tap Refresh on their devices, the RBI file will be removed. Click the Add Sync Folder button. The folder now appears in the list of auto-synchronized folders under Portal Folders:
- 44 -
Configuring Auto-synchronization for folders
This folder will now automatically contain updated content when users connect to the portal after restarting the Roambi application from their mobile devices. However, note that if a user has already downloaded an RBI file, the data for that file will not be updated even if the data has changed. Additionally, if an RBI was deleted from the Roambi library, that RBI will not download again. Only RBIs that were republished with the same name in the same location will automatically download upon sync.
Synchronizing folder names You can manually sync the folder names from the server using the Administrator's Console. For example, if you change the name of a folder on a portal, use the folder sync feature to update the folder name on the Roambi server. To synch the folder names on the server: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 45 -
Chapter 3: Portal Management
- 46 -
Configuring Auto-synchronization for folders
- 47 -
Chapter 3: Portal Management
Above the Portal Details, click the Folders tab. The Console displays the Portal Folders:
Click the Sync Folder Names button to the right of the Portal Folders heading:
- 48 -
Configuring Auto-synchronization for folders
The folder names are updated to those that are on the portal.
SAP BusinessObjects Roambi support for refreshed data in native report results Depending on which BI tool you are using, Roambi's support for refreshing rendered, saved, or scheduled native report results varies. The following table summarizes Roambi's support for refreshed report results:
BI Tool
Refreshed native report support
SAP BOE Crystal Reports
Roambi supports scheduled report instances.
SAP BOE WebI
Roambi supports scheduled report instances.
IBM Cognos Microsoft SSRS
Roambi does not support saved report outputs due to inadequate metadata for the reports. Roambi supports snapshot reports.
Folder synchronization support With most iPad and iPhone configurations, folders will synchronize as expected when using the sync feature. The following table explains Roambi support for folder synchronization for various iPad and iPhone configurations:
- 49 -
Chapter 3: Portal Management
Configuration
Steps
Refresh
Comments
folders? Press lock button, then Default setup unlock device Close Smart Default iPad setup Cover, then open Press lock Device with button, then unlock passcode device Close Smart iPad with passcode Cover, then open
iPad with autolock disabled iPad with cover lock/unlock disabled, autolock enabled after 2 minutes iPad with cover lock/unlock disabled, autolock enabled
Y
Y
Y
Y
Close Smart Cover, then open
Y
Close Smart Cover, then open
Y
Application is sent into the background when Smart Cover is on, regardless of lock settings, because of the default Smart Cover settings.
Close Smart Cover, then open
Refresh runs after the application returns from the background or resumes from a "lock".
Specifying a working directory (Roambi Flow only) If your organization will be using Roambi Flow, you will need to set up a working directory for each portal after you have created and configured the portal. Roambi uses the working directory to store temporary files for Roambi Flow documents. You may have set up a working directory for a portal during the Roambi installation process, but if you ever add a new portal, you will need to set up a working directory for that portal if Roambi Flow will be accessing portal data.
Any user with Administrator rights can create the working directory for a portal. To create a working directory for a portal for Roambi Flow: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen.
- 50 -
Specifying a working directory (Roambi Flow only)
From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 51 -
Chapter 3: Portal Management
Above the Portal Details, click the Folders tab. The Console displays the Portal Folders:
- 52 -
Specifying a working directory (Roambi Flow only)
Under Roambi Flow Working Directory, click the Select Folder button. An Add Working Directory window opens:
- 53 -
Chapter 3: Portal Management
Browse to the folder that you want to use as a working directory and click Select Folder. The selected folder is now listed as the working directory:
In the BI tool that is associated with the portal, you will need to give Roambi Flow users read and write access to this folder on the network. One way to do this would be to set up a Roambi Flow users group within the BI tool, assign Roambi Flow users to that group, and then give the group read and write access to the folder on the network.
Enabling a portal as a primary login option The primary login portal is the BI portal that authenticates users to the Roambi server. The primary login portal should be a portal that actually stores content. Do not use Microsoft Analysis Services portal as primary login portals. The primary login portal is the portal that authenticates users to the Roambi server. The primary login portal should be a portal that actually stores content.
- 54 -
Enabling a portal as a primary login option
If you have multiple portals on the Roambi server, only one of these portals should be enabled as the primary login portal. If you are using a Single Sign-on (SSO) solution with one of your portals, this is the portal that should be enabled for primary login. To enable a portal as a primary login option: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 55 -
Chapter 3: Portal Management
- 56 -
Enabling a portal as a primary login option
Click the Security tab to display security options for the portal:
Under Login Options, toggle the Enable Primary Login switch to ON. This portal has now been enabled as a primary login option for users.
- 57 -
Chapter 3: Portal Management
Enabling or disabling a portal After you have created and configured a portal with the Roambi Administrator's Console, you will need to enable the portal before users can access it. Conversely, if you need to block access to a portal for any reason, you can disable that portal without having to delete it. To enable a portal: On the Administrator's Console, click the Portals tab to display the list of available portals on the left side of the screen. From the list of portals, select the portal that you want to work with. The Console displays the Portal Details:
- 58 -
Enabling or disabling a portal
- 59 -
Chapter 3: Portal Management
Click the Configuration tab to display portal configuration options.
- 60 -
Enabling or disabling a portal
- 61 -
Chapter 3: Portal Management
To enable the portal, under Portal Status, toggle the Enable Portal switch to ON. (To disable the portal, toggle the Enable Portal switch to OFF.)
- 62 -
Chapter 4: User Accounts Users create their own accounts in Roambi Publisher, but as an Administrator, you will be able to modify their accounts in such ways as granting or revoking administrative privileges and controlling access to the mobile devices that are associated with an account. This chapter contains instructions for the following tasks related to Roambi user accounts: Finding users Creating and deleting users Granting and revoking administrator privileges Setting a temporary password Manually setting a user password Locking Roambi client applications Blocking and wiping a device Managing portal accounts
Finding users
You can use the Administrator's Console to browse user accounts and make changes to individual accounts.
To find a user in the Administrator's Console:
In the upper-right part of the Administrator's Console, click the Users tab to display the list of users:
- 63 -
Chapter 4: User Accounts
Scroll through the list of users or use the Search field at the top of the list to find the user that you are looking for. Select the user that you want to view or edit.
- 64 -
Creating and deleting users
The General tab displays basic details about the user.
Creating and deleting users You can delete but not create users from the Administrator's Console.
Creating users You do not have the ability to create users from the Administrator's Console. Users create their own Roambi accounts by logging into Roambi Publisher with the same credentials that they use to access their BI tool accounts. For example, if a user has an SAP BOE account and logs into that account with the username JDOE and password 1234, they can log into the SAP BOE portal in Roambi using these credentials. Roambi automatically creates their account the first time that they log into the portal. As the Administrator, you have the ability to manage these accounts, and can perform tasks such as locking user devices and blocking and wiping devices. You do not have the ability to create users from the Administrator's Console. Users create their own Roambi accounts by logging into Roambi Publisher with the same credentials that they use to access their BI tool accounts. For example, if a user has a SAS account and logs into that account with the username JDOE and password 1234, they can log into the SAS portal in Roambi using these credentials. Roambi automatically creates their account the first time that they log into the portal. As the Administrator, you have the ability to manage these accounts, and can perform tasks such as locking user devices and blocking and wiping devices.
- 65 -
Chapter 4: User Accounts
You do not have the ability to create users from the Administrator's Console. Users create their own Roambi accounts by logging into Roambi Publisher with the same credentials that they use to access their BI tool accounts. For example, if a user has a SharePoint Online account and logs into that account with the username JDOE and password 1234, they can log into the SharePoint Online portal in Roambi using these credentials. Roambi automatically creates their account the first time that they log into the portal. As the Administrator, you have the ability to manage these accounts, and can perform tasks such as locking user devices and blocking and wiping devices.
Deleting users To delete a user account from the Roambi server: In the upper-right part of the Administrator's Console, click the Users tab to display the list of users:
Scroll through the list of users or use the Search field at the top of the list to find the user that you are looking for. Select the user that you want to delete:
- 66 -
Granting and revoking administrator priv-ileges
The General tab displays basic details about the user. In the lower-right corner of the Administrator's Console, click the Delete User button:
the Roambi server deletes the user account.
Granting and revoking administrator privileges If you have Administrator privileges for your Roambi account, you can grant and revoke Administrator privileges to other Roambi users. To grant or revoke Administrator privileges to a Roambi user: 1. In the upper-right part of the Administrator's Console, click the Users tab to display the list of users in the left part of the screen. 2. Browse the list of users and select the user whose rights you want to edit.
- 67 -
Chapter 4: User Accounts
3. The General tab displays basic information about the user. 4. Click the Security tab to display privilege and password options for the user:
- 68 -
Setting a temporary password
5. In the Administrator Privileges box, toggle the ON or OFF button to grant or revoke Administrator privileges to the user.
Setting a temporary password If users create new accounts or forget their passwords, you can manually set a temporary password for them from the Administrator's Console. Roambi then emails the temporary password to the users, and they will be prompted to select a new password the next time that they log into Roambi. To set a temporary password: In the upper-right part of the Administrator's Console, click the Users tab to display the list of users in the left part of the screen. Browse the list of users and select the user whose password you want to set.
- 69 -
Chapter 4: User Accounts
The General tab displays basic information about the user. Click the Security tab to display privilege and password settings for the user:
- 70 -
Setting a temporary password
Under System Password Settings, in the Reset to Temporary Password box, click the Reset Password button to open a Reset Password window:
Click the Reset Password button. The user's password is now changed for their Roambi account. Roambi will email the new password to the user. The next time that the user logs into Roambi, the user will need to click the Users tab, select his or her user account, and manually set a new password.
- 71 -
Chapter 4: User Accounts
Manually setting a user password If users forget their passwords, you can manually set them from the Administrator's Console. This feature is also helpful if you are setting up a shared account for a group. To manually set a user password: In the upper-right part of the Administrator's Console, click the Users tab to display the list of users in the left part of the screen. Browse the list of users and select the user whose password you want to set.
The General tab displays basic information about the user. Click the Security tab to display privilege and password options for the user:
- 72 -
Manually setting a user password
Under System Password Settings, in the Manually Set New Password box, click the Set Password button to open a Set Password window:
- 73 -
Chapter 4: User Accounts
In the New Password text box, type the new password for the user. In the Confirm New Password text box, re-type the same password to confirm the password change. Click the Set Password button. The user's password is now changed for their Roambi account. The user receives an email notification that the account password changed. Note that if a user has Administrator rights and manually sets his or her own password, the user will not receive an email notification.
Locking the SAP BusinessObjects Roambi client application As a security measure, the SAP BusinessObjects Roambi server provides a way for you to remotely lock the Roambi client application and data on a user's mobile device. This feature can be useful if users temporarily misplace their phones or iPads and blocks anyone who finds the device from accessing Roambi analytics until the device is returned to the user. If a user has left the company or knows that they will not recover their device, the block-andwipe feature (see Blocking and wiping a device) provides a more stringent way to restrict Roambi access than locking the Roambi application. To lock the Roambi application on a user's mobile device: In the upper-right part of the Administrator's Console, click the Users tab to display the list of users in the left part of the screen. Browse the list of users and select the user.
- 74 -
Locking the Roambi client application
The General tab displays basic information about the user.
Click the Devices tab to view the user's mobile devices:
- 75 -
Chapter 4: User Accounts
From the Device Name drop-down list, select the device that you want to lock. Click
the
Application
Lockdown
button. A warning prompt displays:
Click Lockdown to disable the Roambi application on the specified device.
- 76 -
Blocking and wiping a device
Blocking and wiping a device The Administrator's Console gives you the ability to block and wipe all Roambi accounts and data from a user's mobile device. Blocking a device blocks all access to the Roambi server, and wiping the device deletes all accounts and reports from that device. This feature is very useful if users leave the company and take their devices with them, or if a user's device is stolen. Because blocking and wiping a device is permanent, if you only temporarily need to block access to a device, such as if a user has lost their device and is still searching for it, use Application Lockdown instead of blocking the device. See Locking the Roambi client application.
To block and wipe a user's mobile device: In the upper-right part of the Administrator's Console, click the Users tab to display the list of users in the left part of the screen. Browse the list of users and select the user.
The General tab displays basic information about the user. Click the Devices tab to view the user's mobile devices:
- 77 -
Chapter 4: User Accounts
From the Device Name drop-down list, select the device that you want to block and wipe. Click the Block and Wipe button. A warning prompt displays:
Click the Block and Wipe button to complete the process.
- 78 -
Managing portal accounts
The Device Details now show that this device has been blocked:
If you need to unblock the device, you can select the device again and click the Unblock Device button.
Managing portal accounts Users with Roambi Publisher accounts can manage their own portal accounts for the Roambi server. The Account tab is visible in the upper-right corner of the web interface. Click the Account tab to view portal account options: Click the Account tab to view portal account options.
- 79 -
Chapter 4: User Accounts
The Portal Accounts tab lists all portals that are available for this Roambi server, even if the current active user does not have access to them. Users initially create their Roambi accounts by selecting a portal on the Publisher login page, then logging in with their credentials for that BI tool. If a user wishes to use Publisher with other portals, they will need to manually attach those portals to their Roambi accounts.
Attaching a portal to an account Portals that are available on the server but that the user cannot yet access are grayed out. To attach an available portal to a Roambi account: From the list of portals under Manage Accounts, select the portal that you want to attach to the active account. Type your username and password for the BI tool associated with the portal, and click Save. The portal is now displayed in color and is no longer grayed out.
- 80 -
Managing portal accounts
Detaching a portal from an account If you need to remove a portal from an account, you can also do that from the Portal Accounts tab. To detach a portal from a Roambi account: From the list of portals under Manage Accounts, select the portal that you want to detach from the account. Click the Remove Account button to remove the portal from the account. The portal is no longer associated with the Roambi account. If you need to add the portal back, you can do so at any time by entering user credentials for the BI tool that is associated with the portal.
- 81 -
Chapter 5: Security The Security tab of the SAP BusinessObjects Roambi Administrator's Console provides several options for adding security to the Roambi server:
Requiring a passcode for mobile devices Limiting access to Roambi Publisher to Administrators Specifying a Single Sign-on (SSO) type for user logins (see Specifying an SSO solution for Roambi) Modifying Server Encryption Secrets
This chapter describes how to perform the security-related tasks available from the Security tab of the Administrator's Console.
Additionally, you can perform security functions that are tied to an individual user's account, such as locking a mobile device, from the Users tab of the Administrator's Console. (See User accounts.)
General rules for Roambi server authentication
While most of this chapter concentrates on configuring Roambi security options using the Security tab of the Administrator's Console, keep in mind the following general rules for Roambi server authentication:
All Roambi portals use the standard OAuth-2 authentication protocol for all authentication requests and user authentication between the BI tool and Roambi server.
Users' mobile devices communicate with the Roambi server using a 128-bit encrypted access token via the OAuth-2 protocol. This access token identifies which user is accessing the server. The server decrypts the access token and looks up the user credentials, session, and login information that is required by the BI system. Roambi stores identifying information in the Roambi database and not on the mobile device. The access token for the user is stored in the mobile device keychain. If your configuration uses SSL the access token cannot be intercepted while the device and server are communicating. Once the device receives the access token and stores the token in the keychain, the token cannot be obtained elsewhere.
- 83 -
Chapter 5: Security
A server encryption key encrypts the user access tokens. The Roambi server administrator can modify the key at any time via the Administrator's Console. (See Modifying Server Encryption Secrets.) By default, access tokens expire after one hour; however, users do not need to re-enter their credentials when the token expires. Because access tokens are encrypted, potential hackers cannot modify them to impersonate a different Roambi user. If a hacker does obtain an access token, the token can be used to access the Roambi server by a different client/request, but can only access information that the token's original user had access to and can only access the server for the time that the token is valid. Because the token only represents the original user, the user's credentials are never at risk of being exposed. The hacker will not be able to access any underlying BI system outside of the context of the Roambi server.
Controlling Roambi Publisher access
You can restrict access to Roambi Publisher so that only users with Administrator privileges can use Publisher.
To restrict Roambi Publisher access:
In the upper-right of the Administrator's Console, click the System tab. The list of System tab options display on the left pane of the screen.
From the list of System tab options, click the Security tab to display security options for the Roambi server:
- 84 -
Blocking user access to Roambi
Under Publisher Access, toggle the Administrators Only switch to ON to restrict Publisher access to Administrators.
Blocking user access to SAP BusinessObjects Roambi If you need to temporarily block all new users from accessing your Roambi server from their mobile devices, you can do so through the the Roambi server Administrator's Console by enabling auto block. Typically, you would only enable auto block when you are setting up the Roambi server for the first time. By default, auto block is disabled for the Roambi server. Auto block only blocks mobile device access for new users who have never logged into Roambi before. If a user has previously connected to the Roambi server, enabling auto block will have no effect on that user.
Enabling auto block To block all user access to the Roambi server: In the upper-right of the Administrator's Console, click the System tab. The System tab options display on the left pane of the screen.
- 85 -
Chapter 5: Security
From the list of System tab options, click the Security tab to display security options for the Roambi server:
Under Device Settings, toggle the Auto block switch to ON to block user device access to the Roambi server.
If users try to access the Roambi server while Auto block is enabled, they will receive a "login error" when they attempt to connect to Roambi from their mobile devices.
Disabling auto block To unblock users after having enabled auto block:
- 86 -
Enabling and disabling screen shot cap-ture
In the upper-right of the Administrator's Console, click the System tab. The list of System tab options display on the left pane of the screen.
From the list of System tab options, click the Security tab to display security options for the Roambi server:
Under Device Settings, toggle the Auto block switch to OFF to disable auto block. Disabling auto block does not automatically unblock devices; you will need to go to each user's account and manually unblock their devices. Click the Users tab at the top of the Administrator's Console, and select a user whose device is blocked. Click the Device tab for the selected user. Manually unblock the appropriate device(s) for the user.
Enabling and disabling screen shot capture Using the Administrator's Console, you can enable and disable the ability of users to take screen captures of the currently open Roambi report. Screen shot capture is enabled by default.
To enable screenshot capture on users' mobile devices:
- 87 -
Chapter 5: Security
In the upper-right of the Administrator's Console, click the System tab. The list of System tab options display on the left pane of the screen.
From the list of System tab options, click the Security tab to display security options for the Roambi server:
Under Device Settings, toggle the Screenshot switch to ON to give users the ability to capture a screen shot of the currently active Roambi report.
To disable screenshot capture, toggle the Screenshot switch to OFF.
- 88 -
Modifying device passcode set-tings
Modifying device passcode settings Device passcode settings control user access to the Roambi server from a mobile device. If you enable a device passcode for Roambi users, users will be required to enter a passcode before they can access the Roambi application on their mobile devices. A Roambi administrator can specify whether users will only need to enter the passcode when their devices are in offline mode and the required length of a passcode.
Enabling a device passcode To enable passcodes for mobile devices running the Roambi application: In the upper-right of the Administrator's Console, click the System tab. The System tab options display on the left pane of the screen. From the list of System tab options, click the Security tab to display security options for the Roambi server:
Under Device Passcode Settings, toggle the Device Passcode switch to ON to enable passcodes for mobile devices.
- 89 -
Chapter 5: Security
When Device Passcodes are enabled, the Administrator's Console displays additional options for offline mode and passcode length.
Specifying whether the passcode will only be required in offline-only mode Enabling Offline Only mode means that users will only be prompted to enter passcodes for their mobile devices when their devices are in offline mode. To enable Offline Only mode: Enable device passcodes as described in Enabling a device passcode. The Offline Only option becomes visible:
Toggle the Offline Only switch to On to enable Offline Only mode.
Modifying the minimum length of the device passcode The default minimum passcode length is 4 characters. When Roambi prompts users to create and enter a passcode, the prompt will include the number of characters required for the passcode. You can modify this length under Device Passcode Settings in the Administrator's Console. Valid lengths are 4-10 characters. To modify the length of the device passcode: Enable device passcodes as described in Enabling a device passcode. The Offline Only option becomes visible:
- 90 -
Modifying Server Encryption Secrets
To the right of the Min Passcode Size field, click the button corresponding to the new minimum passcode length.
Modifying Server Encryption Secrets Roambi uses Server Encryption Secrets to secure communication between various parts of the Roambi application, such as browser cookies, mobile device client tokens, and Cross Site Request Forgery (XSRF) protection inputs. Security algorithms use the values for the Server Encryption Secrets to generate encrypted keys that are used in communication between the Roambi server, client application, and database.The Roambi server decrypts the keys to look up the appropriate information in the Roambi database as needed. You can modify the Server Encryption Secrets to any value at any time, either as part of a regular server maintenance schedule or if you believe that the Roambi server may have been compromised. The following Server Encryption Secrets are available for modification:
Cookie Secret: Hashes web browser cookies Token Secret: Encrypts user token values Portal Secret: Encrypts session data for a Roambi portal
After you change the Server Encryption Secrets, users will be prompted for passwords on their mobile devices the next time that they log in. To modify the Server Encryption Secrets: In the upper-right of the Administrator's Console, click the System tab. The System tab options display on the left pane of the screen. From the list of System tab options, click the Security tab to display security options for the Roambi server:
- 91 -
Chapter 5: Security
Under Server Encryption Secrets, toggle the Show Keys switch to ON to enable passcodes for mobile devices. The current Server Encryption Secrets values display:
As you hover over a Secret, an Edit button becomes visible.
- 92 -
Encrypting Server Keys for added security
Click the Edit button to change the value of that secret. The Secret is highlighted and random, cancel, and save buttons become visible:
Click the random button to generate a new random value for the secret, or manually type a new value for the secret. Click the save button to save your changes.
Encrypting Server Keys for added security By defaylt, the encryption keys are stored in the Roambi Database. To increase the lev-level of security you can add an encryption key that resides in your local file system. With this option the final keys used by the Roambi Server will be a combination of both keys: the one stored in the db plus the one provided in File System. Tospecify the additional encryption key, locate and edit the config.json file in the .roa-mbi folder where the license key is stored and add the db_secret argument with the desired encryption key: {"roambi-data":"0.2.0","db":"mysql://dbserverurl/db_name?user=username&password=password","db_secret=secretcode","setup_complete":true} Where secretcode is any string combination with letters and numbers.
Port Configuration When setting up your Roambi architecture, use non-standard ports to confuse and delay potential hackers. Using non-standard ports requires any hacker to scan for all available open ports rather than hacking known default ports. If you decide to use default ports, a potential hacker not only knows which port to use in an attack, but can often tell the application that is listening on the port and then knows which methods to use to attack.
- 93 -
Chapter 6: Maintenance You can perform basic system maintenance and diagnostics tasks from the SAP BusinessObjects Roambi Administrator's Console. This chapter describes how to perform these tasks: Viewing system details Running the system diagnostic check Migrating to a new Roambi ES release
If you need to troubleshoot an issue with the Roambi server, see Troubleshooting.
Viewing system details
Click the System tab in the upper-right part of the Administrator's Console to access system-related functionality.
Click the General tab to view general system details, such as Roambi version and build:
- 95 -
Chapter 6: Maintenance
From this tab, you can also run the system diagnostic check as described in Running the system diagnostic check.
Running the system diagnostic check The Roambi server provides a system diagnostic utility to check that everything on the server is configured correctly and to provide basic information about the system. This utility can be a helpful starting point for troubleshooting. To run the system diagnostic check: In the upper-right portion of the Administrator's Console, click the System tab to display the list of system options on the left side of the screen. From the list of system options on the left side of the screen, click General to display the System Status options:
- 96 -
Running the system diagnostic check
In the System Status box, click the Run Diagnostic button. Roambi runs the quick system check and displays the results in the System Diagnostic Results window:
- 97 -
Chapter 6: Maintenance
The following table lists the checks that the diagnostic utility performs. If the diagnostic check finds a problem read the Solution column to help resolve the problem.
Check
Description
Solution
Check that you can connect to the portal outside of Roambi, then Checks that at least one portal check that the portal is enabled in Active Portals Roambi. If you can connect to the is active and configured. portal, check that the portal was configured properly. Portal Integrity Check and Validates all portal Checks that all portals have Repair valid configurations. configurations. Determines if at least one Check that Enable Primary Login Primary Login Option portal is configured as a is turned on for at least one portal. primary login option. Check the Roambi ES5 Validates the Roambi ES License Key Installation Guide for instructions license key. to install the License Key. Contact Roambi support to Validates the Roambi License Key server license key. troubleshoot your license key. Follow the instructions in The SMTP Server settings SMTP Configured Configuring Roambicast to required for Roambicast configure the SMTP settings. have been configured. Verifies that the Roambi Check that the upload folder on the Upload Folder server can write to the server machine has write permissions set. directory for file uploads. Use the Java Memory Settings to Checks that the server is Server Headless Mode instruct the server to run in running in headless mode. headless mode. Validates that Roambi Flow will Checks that the system is Roambi Flow Thumbnails configured for Roambi correctly be able to render thumbnail images. Flow thumbnails. Checks that JAI is JAI Status Displays sample of JAI rendering. correctly configured. Check the Roambi ES5 Verifies that OpenOffice is OpenOffice Installation Guide for instructions properly configured and running. on configuring OpenOffice. Make sure that the correct fonts are Displays how the server will on the server. See Modifying the Font Rendering display language for Roambi if you render the system font. need help with language support.
- 98 -
Migrating to a new Roambi ES release
Migrating to a new SAP BusinessObjects Roambi ES release For most new releases, upgrading to a new Roambi ES release should be as easy as backing up the Roambi MySQL database and installing the new Roambi application. However, occasionally, you might need to perform additional installation steps. Each release of Roambi ES includes a Migration Guide with instructions on how to migrate from previous versions to the current release. Refer to this guide for details on migrating to the current release of Roambi ES.
- 99 -
Chapter 7: Load Balancing Load balancing helps to improve SAP BusinessObjects Roambi performance and reliability by using a set up that has redundant Roambi servers and an appliance that controls traffic to these servers. Using a load balancing appliance as part of your Roambi system configuration provides three significant benefits: High availability: If one Roambi server fails, requests are routed to the other available servers as part of health monitoring, if supported by your load balancing appliance. Transparency of maintenance: Taking a Roambi server offline to perform maintenance is nearly transparent to end users of the Roambi application. Performance scaling: You can upgrade one server while other servers in the cluster serve requests with the same externally available URL. Two load balancing appliance options are the BIG-IP Local Traffic Management (LTM) appliance and the Cisco ACE load balancer.
Load balancing and failover The high availability option for SAP BusinessObjects Roambi ES eliminates having a single point of failure in the server configuration and helps reduce failure risk throughout the configuration. To ensure high availability, SAP recommends hosting Roambi ES in a load balanced and redundant environment.This environment should have the following characteristics:
Two or more application servers with Roambi should be running behind a single load balancer. The environment should maintain session affinity for Roambi Publisher requests.
One configuration might use two Apache HTTP servers to take incoming HTTP requests and balance them across a dynamic pool of application servers via the Apache Tomcat Connector AJP. This architecture is an example of Tomcat clustering. In this case, the load balancer detects when an application server is unavailable and stops sending traffic to that server. Both the load balancer and individual application servers can be swapped out in the event of a failure.
Note:
If you are using a load balancing appliance, you must set sessions to be sticky on the load balancer.
- 101 -
Chapter 7: Load Balancing
Using a BIG-IP Local Traffic Management appliance for load balancing One way of performing load balancing with SAP BusinessObjects Roambi is to use a BIG-IP Local Traffic Management (LTM) appliance. This section discusses the specifics of setting up and using this type of appliance for Roambi servers.
Basic network for Roambi with a BIG-IP appliance The following network diagram shows a basic system with two Roambi servers that communicate with redundant BI systems. The Roambi servers are connected to the BIG-IP LTM appliance, which resides behind the corporate firewall. Roambi users communicate with their mobile devices from outside of the firewall.
The following topics in this section discuss how to set up and use a BIG-IP appliance with Roambi:
Creating an HTTP Health Monitor for a BIG-IP appliance Defining a Roambi server pool Creating an HTTP profile Creating a TCP profile (optional) Creating a virtual server Note:
This section does not discuss setting up the BIG-IP appliance itself. See the documentation for your appliance for specific instructions.
- 102 -
Creating an HTTP health monitor for a BIG-IP appliance
Creating an HTTP health monitor for a BIG-IP appliance Create an HTTP health monitor to periodically check if Tomcat is up and to display health status to the BIG-IP management console. Health monitoring is crucial to BIG-IP's capability to route traffic only to Roambi servers that are available for requests. To create an HTTP health monitor: Log in to the management console for your BIG-IP appliance. From the Local Traffic menu, select Monitors > Create. Under General Properties, set Type to HTTP. Under Configuration, set the Interval and Timeout. Timeout should be 3x the value of Interval. For example, if you set Interval to 60, set Timeout to 180. In the Send String text box, type GET /\r\n. In the Receive String text box, type
block
to
enable
SSO
integration
using
HTTP
As instructed in the XML code, uncomment the following block by removing the comment tags (). This block contains the following code: HttpHeaderAuthFilter com.mellmo.roambi.servlet.filter.HttpHeaderAuthFilte r name SM_USER authType header
- 150 -
Configuring Roambi for Trusted Auth
HttpHeaderAuthFilter/* -->
4. Set the values for the two elements: If your BOE configuration is not using the BOE REMOTE_USER variable, set the param-value for the authType parameter to header. In the element for the name parameter, replace the string SM_USER with the name of the header that is used to retrieve the the user name. If your BOE configuration uses the BOE REMOTE_USER variable, set the param-value for the authType parameter to remoteUser. The name parameter will then be ignored by Roambi.
Save your changes and close the file. Add the location of the TrustedPrincipal.conf file to your application server: In Tomcat (or do the equivalent for your application server), go to the Windows Start menu and go to Monitor Tomcat. The Tomcat Properties window opens. On the Tomcat Properties window, click the Java tab:
Scroll down to the bottom of the Java Options list, and add the following lines of text:
- 151 -
Chapter 10: Single Sign-on (SSO)
-Dbobj.trustedauth.home=PathToTrustedPrincipal.confFile
Replace the italicized text with the path to your TrustedPrincipal.conf file. Copy this file from a configured BOE server and place it in a location that is useraccessible and owned by Tomcat. The TrustedPrincipal.conf file must contain the line: SharedSecret=password
The password is configured in your internal BOE system. See your BOE documentation for details. Restart Tomcat. When you create the SAP Business Objects portal, using the web-based administrator's console, set the value for the Authentication parameter to secEnterprise.
Configuring Roambi for SiteMinder and Trusted Authentication with BOE Roambi is compatible with a BOE configuration that uses SiteMinder for user authentication. When using SiteMinder, BOE should also be configured to use Trusted Authentication and secEnterprise authentication. For this configuration, the Apache web server and BOE should each be protected by a SiteMinder web agent. If you tried to connect to an unprotected Tomcat server from a SiteMinder-protected BOE server, authorization would fail. To set up SiteMinder with BOE for Roambi: Open the [TomcatDirectory]/webapps/[RoambiInstallation]/WEBINF/web.xml file in a text editor. In the section containing the elements, locate the following comment:
block
to
enable
SSO
integration
using
HTTP
As instructed in the XML code, uncomment the block contained in the following the comment tags. This block contains the following code: HttpHeaderAuthFiltercom.mellmo.roambi.servlet.filter.HttpHeaderAuthFilter nameSM_USER
- 152 -
Configuring Roambi for Trusted Auth
HttpHeaderAuthFilter/* -->
Replace the string SM_USER with name of the cookie containing the user name for your configuration. Save your changes and close the file. Add the location of the TrustedPrincipal.conf file to your application server: In Tomcat (or do the equivalent for your application server), go to the Windows Start menu and go to Monitor Tomcat. The Tomcat Properties window opens. On the Tomcat Properties window, click the Java tab:
Scroll down to the bottom of the Java Options list, and add the following lines of text: -Dbobj.trustedauth.home=PathToTrustedPrincipal.confFile
Replace the italicized text with the path to your TrustedPrincipal.conf file.
- 153 -
Chapter 10: Single Sign-on (SSO)
Copy this file from a configured BO server and place it in a location that is user-accessible and owned by Tomcat. The TrustedPrincipal.conf file must contain the line: SharedSecret=password
The password is configured in your internal BOE system. See your BOE documentation for details. Restart Tomcat. When you create the SAP Business Objects portal, using the web-based administrator's console, set the following values for the BOE parameters: On the Configuration tab, set the value for the Authentication parameter to secEnterprise. On the Security tab, set the value for Single Sign-on Type to Trusted Auth (not SiteMinder).
Configuring Roambi ES for Quest Single Sign-on for Java Roambi ES supports SPNEGO-based Kerberos constrained delegation only when an organization utilizes Single Sign-on for Java from Quest Software (Version 3.3). Single Sign-on for Java is a third-party product that provides access management for Java applications utilizing Microsoft Active Directory. Note: When configuring Roambi ES for Quest Single Sign-on for Java, your organization is responsible for obtaining and maintaining compliance with the product license.
Installation Guidelines For complete installation instructions, see the Single Sign-on for Java documentation from Quest Software and any relevant documentation for your BI system. In order to install Single Sign-on for Java on the application server: Deploy the required JAR files for the SSO product by adding the files to the WEB-INF/lib directory. You may optionally choose to deploy these files on the CLASSPATH. vsj-standard.jar vsj-license.jar
Deploy these third-party JAR files. These are supplied with Single Sign-on for Java: commons-logging-1.1.jar. This implements the logging component. jcifs-1.1.9.jar. This implements the CIFS/SMB networking protocol.
Edit the vsj.properties file with your configuration parameters. A sample template can be found in the examples/ directory. Deploy the vsj.properties file to the WEB-INF directory.
- 154 -
Configuring Roambi ES for Quest Single Sign-on for Java
Configuring Quest Single-Sign on for Java To configure Roambi ES to utilize Quest Single Sign-on for Java: Open the [TomcatDirectory]/webapps/[RoambiInstallation]/WEBINF/web.xml file in a text editor. In the section containing the filter elements, enable the authFilter: authFiltercom.wedgetail.idm.sso.AuthFilter authFilter /* -->
In the section containing the filter elements, enable the VSJFilter: VSJFiltercom.mellmo.roambi.servlet.filter.VSJFilter VSJFilter /* -->
Save your changes and close the file. Restart the server. When you add the portal that will use constrained delegation to Roambi ES, go to the Security tab and set the value for Single Sign-on Type to Kerberos. Then, enable SSO on the portal .
- 155 -
Chapter 11: Batch Processes SAP BusinessObjects Roambi batch processes help you create Roambi analytics reports more efficiently. You can use batch processes to create new RBI files from a template but with a new data set. This feature eliminates the need to have to build an entirely new report for each RBI file. You can set up batch processes using the batch command line tool that is included with the Roambi server.
This chapter discusses how to configure and run batch processes to create Roambi analytics reports: Determining the source data and folder IDs for batch processes Running Roambi batch processes Batch process command examples Using a text file as the parameter source for a batch process Using batch processes in SiteMinder-protected environments
Determining the source data and folder IDs for batch processes
Before you can run a batch process, you will need to locate the source data and folder IDs for the source portal.
To locate the source data and folder IDs for a portal:
In a web browser, type the following case-sensitive URL to view the Source Manager for your domain: http://roambi.[MyDomain].com/roambi/SourceManager The browser displays an XML document showing the content of the site. The following example shows the source information for an MS SharePoint portal:
Locate the portal ID. The portal ID is contained in the Id element that is a child of the Source element. In the above example, the portal ID is SharePoint_2007. In your web browser, log into the portal by typing a URL in the following format, where PortalID is the ID that you just located and Username and Password are the credentials used to access the portal: http://[RoambiServerUrl]/roambi/SourceManager/[PortalID]?user_name=[Username] &password=[password] For example, the following URL logs onto the SharePoint_2007 portal at roambi.mycompany.com as the Administrator with the password 1234: http://roambi.mycompany.com/roambi/SourceManager/SharePoint_2007?user_ name=Administrator&password=1234 The page displays another XML document containing Folder IDs for the portal. The Folder ID is contained in an Id element that is a child of the Content element for the folder.
If you will be creating batch processes that copy RBIs from one folder to another, record these Folder IDs for use in your command. Log into a folder to view the Document IDs for the RBIs associated with that folder. To log into a folder, copy and paste the Folder ID (preceded with a / character) to the portal URL just after the Portal ID using the following format: http://[RoambiServerUrl]/roambi/SourceManager/[PortalID]/[FolderID]?user_name= [Username]&password=[password For example: http://roambi.mycompany.com/roambi/SourceManager/SharePoint_ 2007/%252Fcontent%252Ffolder%255B%2540name%253D%2BReports%2527%255D? user_name=Administrator&password=1234
- 158 -
Running Roambi batch processes
Do not nest your Folder IDs, or the batch command will not succeed. For example, the following URL has nested Folder IDs that will not work with batch processing: http://Server.com/roambi/SourceMnaager/Portal_ID/FolderA_ID/FolderB_ID?user_ name=abc&password=def
The browser displays an XML document containing the IDs for the RBI files associated with that folder. Record any IDs that you will be using for batch processes. Continue to navigate through the folders until you have all of the Folder IDs and document IDs that you will be using for batch processes. Once you have all of the IDs that you need, you can start running batch proceses. See Running Roambi batch processes.
Running SAP BusinessObjects Roambi batch processes After you have obtained all of the Folder IDs and RBI document IDs that you will be using in your batch processes (see Determining the source data and folder IDs for batch processes), you can construct a command line statement to execute the batch process.
Executing the batch process command Execute batch processes from the command line of the server machine where the application server is installed. To execute the batch process utility, type the following command: C:\> java -jar roambi-batch.jar [option], ...
The batch command has five required parameters: -server
-src_portal -src_username -src_password -src _rbi
All other parameters are optional. The next section describes all available (required and optional) batch parameters.
Batch process syntax The following arguments are valid batch process options:
- 159 -
Chapter 11: Batch Processes
Argument -arg_file [FileName] -connected
-del_params -dst_folder [FolderPath] -dst_password [Password] -dst_portal [PortalID]
-dst_rbi [RBIName] -dst_session [SessionID] -dst_token [Token] -dst_username [Username] -dst_data [DataID] -h -logfile -migrate -overwrite -server [URL] -src_data [DataID] -src_data_params
Description Specifies a text file containing the command line arguments for a batch process. If present, specifies that the RBI file should maintain a connection to the source report so that Row Level security is maintained. If present, this option overrides any parameters in the source report for the RBI with the parameters provided by the batch process. Unique identifier specifying the destination folder for the destination portal. Password for the destination portal. Sets a name for the destination portal. This name should correspond to the Portal ID configured for the Roambi server. Specifies the name for the destination RBI. You must specify a value for this parameter when creating a new RBI. Sets the destination session to authenticate into the destination portal. Sets the destination token to authenticate into the destination portal. Username to authenticate to the destination portal. Not required unless the destination token or destination session was not set. Defines which report to use from the destination portal when creating or refreshing the RBI file. Displays online "help" by listing all available command options. Specifies a path to a log file to record batch process events. Use this required parameter when migrating a report definition from Cognos 8 to Cognos 10. If present, enables batch updated Roambi files to be synchronized with devices when Auto Sync Folders is enabled. URL for the Roambi server. Specifies the source data ID for the source RBI file. This ID is unique to the portal where the source data resides. XML-formatted source data parameters. For
- 160 -
Running Roambi batch processes
example:
[XMLParameters]
-src_password [Password]
For RBIs where the source report resides in a portal other than the RBI, this parameter identifies the portal where the source report resides. For RBIs where the source report resides in a portal other than the RBI, this parameter is the username for the portal where the source report resides. Password that corresponds to the src_data_ username parameter. Password for authentication to the source portal.
-src_portal [PortalID]
ID for the portal where the source RBI resides.
-src_rbi [RBIID]
ID for the source RBI file. This ID is unique to the portal where the RBI resides. Sets the portal session for authentication into the source portal. Sets the token to authenticate into the source portal.
-src_data_portal [PortalID]
-src_data_username [Username] -src_data_password [Password]
-src_session [SessionID] -src_token [Token] -src_username [Username]
-sso_username [Username]
-sso_password [Password]
-update_params
-v
Username to authenticate to the source portal. Not required unless the destination token or destination session was not set. Single sign-on Username (for use with SiteMinder). Do not use the other username or password-related arguments if you are using Single Sign-on. Single sign-on password (for use with SiteMinder). Do not use the other username or password-related arguments if you are using Single Sign-on. Prompts the Roambi server to query the source report for new parameter values. When using the batch utility to create a template RBI, use -update_ params and -connected to ensure that the resulting RBI files have updated parameter values. Displays the Roambi ES version.
- 161 -
Chapter 11: Batch Processes
Setting up a batch command when the source report resides in a different portal than the RBI Some Roambi ES portals only store source reports and do not store RBIs. Source report-only portals include MS Analysis Services and QlikView. In this case, you will need to use a second portal to store your RBIs, in addition to the portal storing your source reports. When you use a different portal to store your source data from your RBIs, you will need to use the following three parameters in your batch command: -src_data_portal [PortalID] : Identifies the portal storing the source report.
-src_data_username [Username]: Username to access the portal storing the source report. -src_data_password [Password]: Password that corresponds to -src_data_ username.
Defining a locale for the batch utility Some BI tools support and expose translated content by using a locale defined at the browser or user level. When using the batch utility, you can define which locale the report should use for your data.
You can define a user locale by passing parameters to the Java JRE engine. To define the user locale, make sure that the user defined for the batch utility is set to use the default language. The parameter values will be passed to the server, and the Roambi server will execute the report in the specified language. For example, the following command sets the language to French: C:\> java -Duser.language=fr -Duser.country=FR -jar roambi-batch.jar -arg_file arguments_file
If you use the batch utility to create an RBI and do not use the -connected parameter, the resulting RBI will be translated to the language used by the batch command. In this case, the language of the RBI will not change according to the language defined on the mobile device. These types of RBI files are static and can only be refreshed via the batch utility.
Batch process command examples The following sections contain example commands for common batch process scenarios.
Updating and replacing an RBI with new source data on the same portal The most simple batch process uses an existing template RBI with updated data on the same portal. As part of the command, you will need to send authentication information via the command line to connect to the portal. To update and replace an RBI with new source data, type the following command: C:\> java -jar roambi-batch.jar -server [serverURL] -src_rbi [rbiID] src_ portal [EnterprisePortal1] -src_data [newSourceDataID] -src_username [Username] -src_password [Password]
- 162 -
Batch process command exam-ples
For example, the following command connects to a server at mycompany.com:8080 and replaces the existing RBI RBI123 on the SAP portal with new data from the Data123 data source. The batch process connects as the user Administrator with the password 1234: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SAPPortal -src_data Data123 -src_username Administrator - src_password 1234
For example, the following command connects to a server at mycompany.com:8080 and replaces the existing RBI RBI123 on the SAS portal with new data from the Data123 data source. The batch process connects as the user Administrator with the password 1234: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SASPortal -src_data Data123 -src_username Administrator - src_password 1234
Copying an RBI to a new portal folder on the same portal To copy an existing RBI to a new folder on the same portal, use the same options as the previous example, but instead of specifying new source data, specify a new destination folder: C:\> java -jar roambi-batch.jar -server [serverURL] -src_rbi [rbiID] -src_ portal [EnterprisePortal1] -dst_folder [FolderID] -src_username [Username] src_password [Password]
For example, this command connects to the same portal, but copies the RBI to the Folder123 folder: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 src_rbi RBI123 -src_portal SAPPortal -dst_folder Folder123 -src_username Administrator -src_password 1234 C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 src_rbi RBI123 -src_portal SASPortal -dst_folder Folder123 -src_username Administrator -src_password 1234
Creating a new RBI on a different portal To create a new RBI on a different portal than the source portal, type the following command: C:\> java -jar roambi-batch.jar -server [serverURL] -src_rbi [rbiID1] src_ portal [EnterprisePortal1] -src_data [newSourceDataID] -src_username [Username1] -src_password [Password1] -dst_portal [EnterprisePortal2 -dst_ folder [FolderID] -dst_rbi [rbiID2] -dst_username [Username2] dst_password [Password2
For example, this command uses an RBI created on SAPPortal1 and copies it to SAPPortal2 using the Data123 data source: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SAPPortal1 -src_data Data123 -src_username Administrator - src_password 1234 -dst_portal SAPPortal2 -dst_folder Folder123 -dst_rbi NewRBI123 -dst_username Administrator -dst_password 4321
- 163 -
Chapter 11: Batch Processes
For example, this command uses an RBI created on SASPortal1 and copies it to SASPortal2 using the Data123 data source: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SASPortal1 -src_data Data123 -src_username Administrator - src_password 1234 -dst_portal SASPortal2 -dst_folder Folder123 -dst_rbi NewRBI123 -dst_username Administrator -dst_password 4321
Creating a new RBI on the same portal with a new name and source parameters To create a new RBI on the same portal as the the source portal, but with a new name and new data source parameters, type the following command: C:\> java -jar roambi-batch.jar -server [serverURL] -src_rbi [rbiID1] src_ portal [EnterprisePortal1] -src_data [newSourceDataID] -src_username [Username1] -src_password [Password1] -dst_rbi [rbiID2] -src_data_params [ParameterXML]
For example: C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SAPPortal1 -src_data Data123 -src_username Administrator - src_password 1234 -dst_rbi NewRBI123 -src_data_params "" C:\> java -jar roambi-batch.jar -server http://mycompany.com:8080 -src_rbi RBI123 -src_portal SASPortal1 -src_data Data123 -src_username Administrator - src_password 1234 -dst_rbi NewRBI123 -src_data_params ""
Using the batch utility to create a template RBI when the source report has parameters If you use the batch utility to create a template RBI that contains parameters, you will need to make sure that the parameters have updated values when creating children RBI files from the template.
To set up the batch utility to update parameter values, run an initial batch command using the update_params and -connected parameters. Together, these parameters instruct the Roamib server to query the source report for new parameter values: C:\> java -jar roambi-batch.jar -update_params -connected [...other parameters]
To save performance, when you run subsequent batch commands for the template RBI, do not include the -update_params parameter.
- 164 -
Using a text file as the parameter source for a batch process
Using a text file as the parameter source for a batch process If you will be repeatedly running a batch process command with the same arguments, you can store those arguments in a text file rather than typing them each time that you execute the command. This option is particularly useful for storing source portal or other parameters that rarely change.
Text file format for batch processes The text file that you use to store batch process arguments should have the following characteristics:
Each parameter/value pair should be on a new line separated by a carriage return. Unicode characters are not supported. Parameters in XML format do not need to be escaped
The following example text file contains arguments for the following parameters:
Roambi server Source RBI file Source data Source Username Source password Destination RBI file Source data parameters
-server http://mycompany:8080 -src_rbi rbi123
-src_data Data123 src_username Administrator -src_password 1234 dst_rbi RBI123 -src_data_params
Running a batch process with arguments stored in a text file To run a batch process where the arguments are stored in a text file, specify the -arg_file parameter followed by the name of the text file when you run the batch command: C:\> java -jar -roambi-batch.jar -arg_file [FileName]
- 165 -
Chapter 11: Batch Processes
For example, the following command will run a batch process with the arguments stored in a text file called arguments.txt: C:\> java -jar roambi-batch.jar -arg_file arguments.txt
Using batch processes in SiteMinder-protected environments If you will be using batch processes with portals that are protected by the Single Sign-on feature by SiteMinder, you will need to use different parameters to indicate the username and password for that portal: -sso_username
-sso_password These parameters replace the -src_username, -src_password, -dst_username, and dst_password parameters for any SiteMinder-protected portals. For example, the following command updates the source data for an existing RBI on the source portal: C:\> java -jar roambi-batch.jar -server http://mySiteminderProtectedserver:8080 -src_rbi rbiID -src_portal EnterprisePortal1 -src_data Data123 -sso_username Administrator -sso_password SSO1234
- 166 -
Chapter 12: Application Service API The SAP BusinessObjects Roambi server provides an Application Service API, which allows third party applications to launch a specific Roambi report via an exposed URL. The Application Service API allows you to launch Roambi visualizations from your own third party applications.
Although Roambi and the third party application interact as separate applications on the iOS framework, mobile device users experience a seamless transition between the third party application and the Roambi report. Additionally, the Application Service API allows for a callback to the third party application when the application exits the Roambi report, which returns the user to the application. This chapter discusses the steps to use the Application Service API to launch Roambi reports from your third party applications: Obtaining the report URL Editing the report URL Launching the report Returning to the third-party application
Obtaining the report URL Before you can use the Application Service API, you will need to obtain the report URL for the Roambi report that you want to launch from your 3rd party application. You can obtain the report URL from two possible sources: Obtaining the report URL from Roambi Publisher Obtaining the report URL from a Roambicast email
If you obtain the report URL from a Roambicast email, you might need to edit the URL before you can use it with the Application Service API. See Editing the report URL.
Obtaining the report URL from Roambi Publisher
To obtain the URL for a Roambi report via Roambi Publisher:
- 167 -
Chapter 12: Application Service API
Click through the Views in the carousel on the Roambi Publisher home page until Open Existing Roambi is in front.
Once Open Existing Roambi is in front, click the phone preview to select it. Publisher displays a preview for the Open an Existing Roambi option:
Click Select This View to select the option.
- 168 -
Obtaining the report URL
Publisher displays the Import Your Data screen, which you can use to browse to your existing Roambi reports:
- 169 -
Chapter 12: Application Service API
Under Locations, select the portal/fileserver where you stored the report, then when the file system opens on the right, browse to the report that you want to open:
- 170 -
Obtaining the report URL
When you select an RBI file, four buttons giving additional options in the lower-left corner become enabled:
- 171 -
Chapter 12: Application Service API
- 172 -
Obtaining the report URL
- 173 -
Chapter 12: Application Service API
The Get URL button is the second button from the right:
5. Click the Get URL button to open a URL window:
- 174 -
Obtaining the report URL
The Application Service API URL for your Roambi report is located in the Launchpad URL field. Copy and paste the URL from the Launchpad URL field to a text file where you can save the URL. Click Close to close the window.
Obtaining the report URL from a Roambicast email To obtain the Roambi report URL from a Roambicast email: Open the Roambicast email containing the URL for the report:
Right-click the Tap Here to Download link, and select Copy Link Location from the context menu:
Paste the URL into a text editor. The URL should look similar to the following example: http://roambi.myserver.com/rbi?sourceId=7e1f34ba-c635-46fe-ace64732142d34b7&contentId=_s_p252Fusers_p252Fweblogic_p252FMichelle_ p252Fadventureworkscardex.rbi_e
- 175 -
Chapter 12: Application Service API
Follow the instructions in Editing the report URL to modify the report URL for the Application Service API.
Editing the report URL If you obtained your Roambi report URL by manually copying a link, such as by copying the link in a Roambicast email (see Obtaining the report URL), you will need to edit the report URL before you can use the URL with the Application Service API. To edit the Roambi report URl for use with the Application Service API: Consider the following example URL: http://roambi.myserver.com/rbi?sourceId=7e1f34ba-c635-46fe-ace64732142d34b7&contentId=_s_p252Fusers_p252Fweblogic_p252FMichelle_ p252Fadventureworkscardex.rbi_e
Change the URL scheme in the URL prefix: If the URL starts with "https://", change the "https://" to "roambi://". If the URL starts with "http://", change the "http://" to "roambihttp://" For example, the sample URl should be changed to:
roambi-http://roambi.myserver.com/rbi?sourceId=7e1f34ba-c635-46fe-ace64732142d34b7&contentId=_s_p252Fusers_p252Fweblogic_p252FMichelle_ p252Fadventureworkscardex.rbi_e
After you have edited the report URl, you can use the URL with the Application Service API.
Launching the report After you have obtained the URL for the Roambi report and edited the URL (if necessary), you can use the report URL with the Application Service API to launch that Roambi report. To launch the Roambi report from your 3rd party application, use the UIApplication openURL instance, as shown in the following example: [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@”roambihttp://roambi.myserver.com/rbi?sourceId=7e1f34ba-c635-46fe-ace64732142d34b7&contentId=_s_p252Fusers_p252Fweblogic_p252FMichelle_ p252Fadventureworkscardex.rbi_e”]];
Returning to the third-party application You can use the Application Service API to return end users to your 3rd party application when they exit the Roambi report. Use a callback parameter to automatically return to your 3rd party application.
To use a callback parameter to automatically return end users to your 3rd party application: Encode the URL to your application. This encoded URL will become your callback parameter.
Append the callback URL to your UIApplication openURL as shown in the following
- 176 -
Linking to a specific Cardex card
example: [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@”roambi-http://roambi.myserver.com/rbi?sourceId=7e1f34ba-
c635-46fe-ace6-4732142d34b7&contentId=_s_p252Fusers_p252Fweblogic_ p252FMichelle_p252Fadventureworkscardex.rbi_ e?callback=mycallbackURL%3A%2F%2F”]];
Linking to a specific Cardex card Using the Application Service API, you can direct users to a specific card in a Cardex View. You can direct users to a specific card by appending a Roambicast URL. To direct users to a specific Cardex card: Obtain the Launchpad URL for the Cardex View RBI. See Obtaining the report URL from Roambi Publisher. Append the URL with the following code, replacing the variables with the values for your Cardex card: ?defaults={"selections":
[{"[CardTitleCategory]":
"[CardTitle]", "[TabTitleCategory]": "[TabTitle]"}]}
Note that the parameters values are case-sensitive. For example, the following URL links to the Boynton Beach Outlets card in the Central region: roambi-http://roambi.mycompany.com/roambi/SourceManager/0e339e4c-5b394279-88d6-2907f3dcc1ad/_s_p252Fshared_p252FQA_p252RBI_p2527s_ p252Fcardex.rbi_e?defaults={"selections": [{"Store Name": "Boynton Beach Outlets", "Region": "Central"}]}
Encode the URL so that JavaScript can be passed through the URL. You can use an online tool such as the following web site to encode the URL: http://meyerweb.com/eric/tools/dencoder/ The final, encoded URL should look similar to the following example: roambi-http://roambi.mycompany.com/roambi/SourceManager/0e339e4c5b39-4279-88d6-2907f3dcc1ad/_s_p252Fshared_p252FQA_p252RBI_p2527s_ p252Fcardex.rbi_ e?defaults=%7B%22selections%22%3A%20%5B%7B%22Store%20Name%22%3A%20%22 Tallahassee%20Square%22%2C%20%22Region%22%3A%20%22East%22%7D%5D%7D
- 177 -
Chapter 13: Troubleshooting This chapter summarizes common SAP BusinessObjects Roambi server issues and their possible solutions: Isolating issues Using log files to troubleshoot issues with Roambi Roambi Flow Issues Timeout errors MS Excel import errors and OpenOffice errors Roambicast issues File upload issues Client device errors Network configuration issues Roambi Publisher issues Batch Process Issues General portal issues SAP Business Objects Enterprise (SAP BOE) issues Cognos Issues SSRS Issues Microsoft Analysis Services Issues Liferay Issues SSL Issues Reverse proxy issues Kerberos Issues
Isolating issues
To help isolate an issue, determine if the issue happens on different report types. For example, if a Crystal Reports-based report fails, does a Web Intelligence-based report also fail?
To help isolate an issue, determine if the issue happens on different report types. For example, if a report for a CataList fails, does a report for a Squares View also fail?
Next, try to determine if the issue happens on different data sources. For example, if a report connecting to MS SQL Server fails, does a report connecting to an Excel spreadsheet also fail?
- 179 -
Chapter 13: Troubleshooting
While you are trying to isolate the issue, make sure to check the log files for errors and other messages. See Using log files to troubleshoot issues with Roambi.
Using log files to troubleshoot issues with Roambi When you encounter Roambi issues, use or inspect log files to help you identify errors.This section describes how to enable and access Roambi log files for troubleshooting. For example, the following sample entry was added to the log file when a user tried to log into a portal with an invalid username or password: 2010-04-01 13:03:11 [1755750938@qtp-367355325-4] ERROR com.mellmo.roambi.SourceManagerServlet - getChildren failed
com.mellmo.roambi.portal.exceptions.InvalidCredentialException: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008
In another example, the following sample entry was added because the SAP BOE SDK was not available in the Roambi ES classpath: 2010-04-01 13:03:11 [1755750938@qtp-367355325-4] ERROR com.mellmo.roambi.SourceManagerServlet - getChildren failed
java.lang.NoClassDefFoundError: com/crystaldecisions/sdk/exception/SDKException
Enabling logging for Roambi on the server The first step to help troubleshoot most issues with Roambi is to enable additional logging. Log file entries can help you determine the cause of the issue. The logging utility for Roambi leverages the log4j package from Apache. To enable additional logging: Navigate to the following directory: /[AppServerDirectory]/webapps/[RoambiDirectory]/WEB-INF/classes
Open the log4j.properties file in a text editor. Verify that the file contains the following line. If the line is not present, copy and paste the line into the file: log4j.rootLogger=INFO, stdoutAppender
To enable more verbose output for the Roambi ES logs, you can set log4j.rootLogger to DEBUG or TRACE, instead of the default value of INFO. Note, however, that these more verbose settings use more disk I/O and therefore can negatively impact performance. By default, log4j is configured to log to the STDOUT of the Java application server. This location can vary by operating system and servlet container. For example, if you are using Apache Tomcat,
- 180 -
Using log files to troubleshoot issues with Roambi
Tomcat usually logs STDOUT to either the catalina.out or std.out file. These files are located in the Tomcat/logs directory.
Accessing log files on client devices To access iPhone or iPad log files for the Roambi Visualizer application: Download the Apple iPhone Configuration Utility to a computer: http://support.apple.com/kb/DL926 Follow the prompts to install the utility to the computer. Connect the mobile device to the computer. View the log files for the device: a. Start the configuration utility:
In the left pane, under devices, select the device. The utility displays the Summary tab containing device details. Click the Console tab to display the logs and traces for the device.
- 181 -
Chapter 13: Troubleshooting
To filter the results to only show Roambi logs and traces, type "Roambi" into the search field.
Recovering crash logs for mobile devices If the Roambi Visualizer application crashes on a mobile device, a crash log file is created on the device. When the device is synced with iTunes on a computer, this crash log is copied to that computer. Depending on your OS, the crash log will be copied to the following folder:
OS Mac OS X Windows XP
Windows Vista
Crash log folder ~/Library/Logs/CrashReporter/MobileDevice/ [DeviceName] C:\Documents and Settings\Application Data\Apple computer\Logs\CrashReporter\[DeviceName] C:\Users\AppData\Roaming\Apple computer\Logs\CrashReporter\MobileDevice\ [DeviceName]
SAP BusinessObjects Roambi Flow Issues This section lists common issues and possible solutions for Roambi Flow.
Roambi Flow publishing and PDF issues If you encounter issues publishing documents from Roambi Flow or working with PDF documents in Roambi Flow, perform the following configuration checks:
- 182 -
Roambi Flow Issues
Was the wkhtmltoimage utility correctly installed to the .roambi folder? (See the ES5 Installation Guide for instructions.) Were all three of the jai_*.jar files copied from [ApplicationServerDirectory] \webapps\[RoambiInstallation]\WEB-INF\lib to [ApplicationServerDirectory]\lib? Verify that you see the following files in [ApplicationServerDirectory]\lib: jai_codec-1.1.3.jar jai_core-1.1.3.jar jai_imageio-1.1.jar In the my.ini file (Windows) or my.conf file (Linux), make sure that the max_allowed_ packet parameter is set to 30M under both the [mysql] and [mysqld] groups. (See the
ES5 Installation Guide for details.)
SSL issues with Roambi Flow on Linux On Linux, make sure that the OpenSSL libraries were installed. Use the following command to install OpenSSL: $ sudo apt-get install openssl
SSL issues with Roambi Flow on Windows If your Roambi server or proxy server (if your configuration uses a proxy) uses SSL, you will need to configure Tomcat so that the wkhtmltoimage utility can communicate with Roambi ES.
To enable Tomcat so that wkhtmltoimage can communicate with Roambi ES: In the directory where Tomcat is installed, navigate to the /conf directory and open the server.xml file in a text editor. Add a new element to the server.xml file. This new connector should be HTTP-only. Configure your Windows firewall to block the new connector port from outside communication. Edit the .roambi\config.json file to add the following attribute-value pair: "poc_host":"http://[RoambiServerAddress]:[RoambiUnsecuredPort]/ [RoambiContextPath]"
Screen capture issues for Roambi Flow If Roambi Flow users are having trouble creating screen captures, and your Roambi ES configuration includes SSL, SSO, and/or a reverse proxy, you might need to set up a Bypass URL so that the Roambi server can access itself. To set up a Bypass URL: Edit the .roambi\config.json file to add the following attribute-value pair: "poc_host":"${BYPASS_URL}"
- 183 -
Chapter 13: Troubleshooting
Set the BYPASS_URL to an internal URL that the Roambi server can use to access itself.
Timeout errors This section describes causes and solutions for common timeout errors.
Download timeouts When a user's mobile device tries to download an RBI file from the Roambi server, the server will try to refresh the RBI before returning to the device. If the refresh process takes too long (over one minute, the server will instruct the device to call back later to a different URL.The device and the server repeat this process until either the device finishes downloading the file or the server fails. The callback process works well when the server can identify which URL the device called from. If you did not configure the reverse proxy correctly, the Roambi server will have a different URL than what the client requested, which can cause a download timeout. See Reverse proxy issues to determine if the reverse proxy was configured correctly. If the reverse proxy is not the issue, check the iPhone device log that is available from the iPhone configuration utility (see Using log files to troubleshoot issues with Roambi) to determine which URL the device is trying to use for the callback. Look for an entry that is similar to the following example to determine what callback URL the device is attempting to use: Dec 13 17:55:48 unknown Roambi[38613] : -[MMDownloadManager mellmoDownload:didFailWithError:] 1097 Error: Error Domain=NSURLErrorDomain Code=-1001 "Connection Failed" UserInfo=0x5c7b20 {NSErrorFailingURLStringKey= http://roambi.example.com:80/roambi/SourceManager/boeqa/_ sAc7CoJQaTDBFnn7W2GpaQL0_e?JSESSIONID=null, NSErrorFailingURLKey=http://roambi.example.com:80/roambi/SourceManager/boeqa/_ sAc7CoJQaTDBFnn7W2GpaQL0_e?JSESSIONID=null, NSLocalizedDescription=Connection Failed, NSLocalizedFailureReason=The connection to the server timed out., NSUnderlyingError=0x54eeb0 "The request timed out."}
Additionally, make sure that the port and hostname entries match the actual port and host-name.
Tomcat session timeouts The Tomcat session timeout parameter specifies the number of minutes to keep a session active if Tomcat does not receive any request from the client. If you are frequently experiencing Tomcat timeout errors, increase the value of this parameter. To increase the time limit for Tomcat session timeouts: Navigate to the /[TomcatDirectory]/conf directory. Open the web.xml file in a text editor. Locate the following code:
- 184 -
MS Excel import errors and OpenOffice errors
30
Increase the value of the session-timeout element. (Default is 30 minutes.)
MS Excel import errors and OpenOffice errors This section lists common issues and possible solutions for importing MS Excel files into Roambi.
File import failed for MS Excel file If Roambi displays an error that an MS Excel file import failed, perform the following checks: Check the log files for errors. (See Enabling logging.)
Check that OpenOffice is configured correctly. (See the SAP BusinessObjects Roambi ES Installation Guide.)
Verify that the openoffice.properties file contains the correct settings and path for your configuration. This file is located in [ApplicationServer]\webapps\ [RoambiDirectory]\WEBINF\classes\com\mellmo\roambi\data\plugins\ooexcel.
MS Excel file import fails after a long wait Roambi occasionally fails at importing very large spreadsheet files. If you suspect that file size might be causing problems with the import, test your theory by trying to import a sample spreadsheet, such as catalyst.xml, or superlist.xml. Roambi should be able to import these files without any problem. If the cause of the issue is not file size, try manually starting the soffice.exe program for OpenOffice. Respond to the introductory prompts so that soffice.exe does not display on startup. When soffice.exe displays on startup, it can cause the Roambi file import to hang in the background and does not register errors in the log files.
OpenOffice index out of range error on import of Excel If you see this error, make sure that each instance of OpenOffice that is configured in the openoffice.properties file has a corresponding connStringInstanceentry.
You should be able to find the openoffice.properties in the following location: [ApplicationServer]/webapps/[RoambiInstallation] /WEBINF/classes/com/mellmo/roambi/data/plugins/ooexcel/
- 185 -
Chapter 13: Troubleshooting
Missing entry for connStringInstance 1 in roambisettings.properties This error indicates an issue with the configuration of OpenOffice instances. See OpenOffice index out of range error on import of Excel for the solution to this error.
java.lang.NoClassDefFoundError: com/sun/star/frame/XModel If you see this error, check the application server error log for the following entry: ERROR com.mellmo.roambi.DataPluginManagerServlet [SessionId=C4CE7CA908BD9C1A787E7857924909FE]- Caught throwable java.lang.NoClassDefFoundError: com/sun/star/frame/XModel
This error occurs when required .jar files are missing or have been corrupted. On Linux, copy the following .jar files from the OpenOffice installation directory to the Tomcat /webapps/[RoambiInstallation]/WEB-INF/lib directory: /[InstallationDirectory]/openoffice.org3/basis-link/urelink/share/java/juh.jar /[InstallationDirectory]/openoffice.org3/basis-link/urelink/share/java/jurt.jar /[InstallationDirectory]/openoffice.org3/basis-link/urelink/share/java/ridl.jar /[InstallationDirectory]/openoffice.org3/basislink/program/classes/java/unoil.jar On Windows, copy the following .jar files from the OpenOffice installation directory to the Tomcat \webapps\[RoambiInstallation]\WEB-INF\lib directory: \[InstallationDirectory]\OpenOffice.org 3\ure\share\java\juh.jar
\[InstallationDirectory]\OpenOffice.org 3\ure\share\java\jurt.jar \[InstallationDirectory]\OpenOffice.org 3\ure\share\java\ridl.jar \[InstallationDirectory]\OpenOffice.org 3\Basis\program\classes\unoil.jar
Missing or corrupt files Missing or corrupt files produce the following error message: [C:\Windows\system32\config\systemprofile\AppData\ Roaming\OpenOffice.org\ 3\user\uno_packages\cache\registry\ com.sun.star.comp.deployment.configuration. PackageregistryBackend\registered_packages.db] Berkeley Db error (0): Db::open: Invalid argument.
This error indicates missing or corrupt OpenOffice .jar files. See java.lang.NoClassDefFoundError: com/sun/star/frame/XModel for the solution to this error.
- 186 -
Roambicast issues
Application has failed to start The application has failed to start with the following error message: The application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
If you see this error, shared .dlls, such as VC90 or CommonControls, were not installed into the C:\WINDOWS\WinSXS folder. Reinstall OpenOffice to fix this issue.
Roambicast issues This section lists common issues and possible solutions for Roambicast.
Roambicast does not successfully send emails If you are unable to use Roambicast to send emails, perform the following checks: Check that your SMTP settings are configured correctly. See Configuring Roambicast.
If your SMTP settings are correct, check for a library conflict: A library conflict can occur for Roambicast if your application server already has the mail-1.4.1.jar and activation-1.1.jar files in its class path because these files are also deployed with Roambi ES. If these files are already in your application class path, remove them from the following Roambi directory: [ApplicationServer]\webapps\[RoambiDirectory]\WEB-INF\lib
File upload issues This section lists common issues and possible solutions for uploading files to Roambi ES.
MS Excel files do not upload See MS Excel import errors.
File size is too large If you are trying to import files into Roambi that are larger than 6MB, you are exceeding the default limit for file uploads. You can increase this limit to avoid file upload errors related to file size.
To increase the file upload limit: Navigate to the following directory: [ApplicationServer]\webapps\[RoambiDirectory]\WEB-INF
Open the profile.json file in a text editor.
- 187 -
Chapter 13: Troubleshooting
Locate the following block of code (file_size is shown in bold): "features":{ "settings":{"storage":250,"file_size":6},
"views":["CATALOG","CATALOG_CARDEX","CATALOG_PIE","SIMPLE_LIST" , "ITREND","CATALOG_CONTAINER"], "functions":["collaboration","google_input","https","refresh" , "upload","flash_download","flash_url","rpt_import"], "sources":["google","roambi","boe"] },
Increase the value of the file_size parameter from 6 (MB) to a greater limit.
Client device errors This section lists common issues and possible solutions for errors encountered on users' mobile devices.
Users cannot download or refresh Roambi analytics reports on their mobile devices If users are unable to download or refresh Roambi analytics reports on their client devices, check Apache Tomcat to make sure that they are not encountering a Tomcat watched resources problem. Tomcat monitors specific static resources. By default, these watched resources are each context found in the [ApplicationServer]\webapps\[RoambiDirectory]\WEB-INF\web.xml file. Tomcat automatically reloads the context if the web.xml file changes. This behavior can both negatively impact performance and potentially lead to fatal errors for Roambi ES libraries.
To disable the watched resources behavior: Navigate to the [ApplicationServer]\conf\ directory, and open the context.xml file in a text editor. Locate and comment out the WatchedResources element as shown:
Restart the application server.
Error: "Download failed" If a user's mobile device displays a "Download failed" error, perform the following checks to identify the cause and correct this issue: Make sure that the user has access to the source report and/or supporting files on the BI portal.
Verify that the user has permission on the database to refresh the data source. Check that all of the necessary services of the BI system are running. For example, if the portal is an SAP BOE portal, the WI ReportServer process must be running. Check that all of the necessary services of the BI system are running.
- 188 -
Network configuration issues
If your server configuration uses a load balancer or reverse proxy, see if you can download the report directly from Tomcat. If you can download a report directly from Tomcat, the cause of the problem is likely a configuration issue with the load balancer or reverse proxy. Enable DEBUG mode for Roambi logging (see Using log files to troubleshoot issues with Roambi). Check the logs for information as to why the download failed. If the Roambi logs do not have this information, check the logs for your BI system.
Network configuration issues HTTP 404 error after deployment of Roambi war file to Tomcat Check the Tomcat logs for the following error message: Caused by: java.lang.LinkageError: JAXB 2.0 API is being loaded from the bootstrap classloader, but this RI (from jar:file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/ webapps/ROOT/WEB-INF/lib/jaxb-impl2.1.11.jar!/com/sun/xml/bind/v2/model/impl/ModelBuilder.class) needs 2.1 API. Use the endorsed directory mechanism to place jaxb-api.jar in the bootstrap classloader. (See http://java.sun.com/j2se/1.5.0/docs/guide/standards/)
This error occurs when you use a JDK version that is older than 1.6.0_04. (SAP recommends using JDK 1.6.0_04 or later, if possible.) If you must use a JDK version that is earlier than 1.6.0_04, use the following workaround:
Navigate to the [TomcatDirectory]/webapps/[RoambiInstallation]/WEBINF/lib folder. Copy the following two files: jaxb-api-2.2.1.jar jaxb-api-2.2.1.jar
Navigate to the [TomcatDirectory]/Tomcat6.0 folder and check if the /endorsed folder exists as a subfolder. If not, create a subfolder named /endorsed. (Although Roambi does not support Tomcat 5.5, if you are using Tomcat 5.5, this folder would be located at [TomcatDirectory]/Tomcat5.5/common/endorsed.) Paste the two JAR files that you just copied to the /endorsed folder. Restart Tomcat.
Troubleshooting the network configuration Roambi provides a utility to help troubleshoot possible network configuration issues. This utility checks which URL the client is sending and which URL the Roambi server thinks that the client is requesting. The utility also tests what would happen if the URL is returned in the Location header for various status codes. To run the network configuration check, type the following URL in your web browser:
- 189 -
Chapter 13: Troubleshooting
http://[RoambiServerURL]/check_network.jsp For example: http://mycompany.com/roambi/check_network.jsp When the network is configured correctly, this URL displays a page similar to the following example page:
If the URL or any of the ports are not configured correctly, the check_network URL displays a page similar to the following example:
- 190 -
Roambi Publisher issues
Roambi Publisher issues This section lists common issues and possible solutions for errors encountered in Roambi Publisher.
- 191 -
Chapter 13: Troubleshooting
Publisher displaying "sqlite library not found" messages If Roambi Publisher is displaying "sqlite library not found" messages, check Apache Tomcat to make sure that they are not encountering a Tomcat watched resources problem. See Users cannot download or refresh Roambi analytics reports on their mobile devices for instructions to correct this issue.
Post Too Large This error can occur when maxPostSize attribute is not properly set for the Apache Tomcat connector. To set maxPostSize for the Tomcat connector: Navigate to the server.xml file: [TomcatDirectory][version]\conf\server.xml
Open the server.xml file in a text editor. Locate the element, which should look the same or similar to the following example:
If the maxPostSize attribute is missing, add this attribute with either the value maxPostSize="-1" or maxPostSize equals the product of 1024 x 1024 x an integer (for example, 8MB = 8388608). If Tomcat is redirecting to an Apache or or IIS web server, also add the maxPostSize attribute to the connector for the AJP Port 8009.
HTTP Request Error An HTTP Request error occurs when the maxPostSize is not properly set. See Post Too Large for a solution to this issue.
Batch Process Issues This section lists common issues and possible solutions for Roambi batch processes.
- 192 -
General portal issues
[main] INFO com.mellmo.roambi.UpdateRoambi reponse body:Failed to update parameter values. Parameters table does not contain parameter: My Prompt: This error indicates that the name of the prompt in the BI report in the batch script is incorrect. To fix the issue, check and correct the name of the prompt in the BI report in the batch script. The following example shows a valid prompt name and format:
[main] INFO com.mellmo.roambi.UpdateRoambi reponse body:Failed to update parameter values. XML document structures must start and end within the same entity. This error likely means that a set of double quotes was not escaped with forward slashes in the batch script. If you failed to escape any double quotes, the command will fail because the XML was malformed. The following example shows the correct use of escaping double quotes:
Error: “Server could not complete the request” when requesting a new parameter set on a batch Roambi. This error cab occur on a mobile device when the device is requesting a new parameter set from a Roambi batch process. To fix this issue, try one of the following options: Specify the -connected argument when running the batch process (see Running Roambi batch processes). Hide the parameter in the Roambi analytics report using the -del_params argument when running the batch process (see Running Roambi batch processes). Hard code the condition into the data source so that no parameters are available.
General portal issues This section lists common issues and possible solutions for Roambi portals.
- 193 -
Chapter 13: Troubleshooting
Portal does not appear in Roambi Publisher If you have configured a portal in the Administrator's Console, the portal should automatically appear and be available to Roambi Publisher users who have a portal account. If the portal is not appearing in Publisher, perform the following checks:
Check that the portal settings in the Administrator's Console are correct. Check the log files for errors. (See Enabling logging.) Make sure that the portal has been enabled in the Administrator's Console.
SAP BusinessObjects Enterprise (SAP BOE) issues This section lists common issues and possible solutions for SAP Business Objects Enterprise (SAP BOE) portals.
Enabling JCE verbose logging for SAP BOE To help identify and troubleshoot SAP BOE issues, SAP recommends enabling JCE verbose logging. To enable JCE verbose logging:
1. Navigate to the Java options for Tomcat: On Linux, navigate to /usr/local/tomcat/bin/catalina.sh, and locate the JAVA_OPTS variabe. On Windows, navigate to Start > AllPrograms > ApacheTomcat > MonitorTomcat, and click the Java tab.
Add “-Dbobj.logging.log4j.config=verbose.properties” to the Java options. After enabling verbose logging, the client_verbose.log file will be generated in the businessobjects directory for the Tomcat user. For example, on Windows 2003 this would be C:\Documents and Settings\Default User\.businessobjects\client_ verbose.log, or on Windows 2008, this would be C:\Users\[UserName]\client_ verbose.log.
User cannot log in to SAP BOE portal If a user cannot log in to the Roambi SAP BOE portal, check that the server name and authentication method are correct. The server name should be the hostname of the server hosting the CMS. Set this value in the Administrator's Console by going to Portals > [SAPBOEPortal] > Configuration > Server Name. Set the authentication method by going to Portals > [SAPBOEPortal] > Configuration > Authentication. Valid authentication values are secEnterprise, secLDAP, secWinAD, and secSAPR3.
- 194 -
Cognos Issues
INCORRECT PORTAL CREDENTIALS: The usernamepassword combination you have used for this location are either invalid or incorrect This error can occur if required .jar files are missing or corrupt. Make sure that all of the SAP BOE .jar files (as described in the ES5 Installation Guide) and Roambi plugin .jar file are copied to the [TomcatDirectory]/webapps/[RoambiInstallation]/WEB-INF/lib folder.
Server returned an HTTP error upon attempted login This error can occur if required .jar files are missing or corrupt. See INCORRECT PORTAL CREDENTIALS: The username-password combination you have used for this location are either invalid or incorrect for a solution to this error.
Cannot import a webi document If you are unable to import a webi document, check for the following error: com.mellmo.roambi.portal.exceptions.PortalException: Cannot initialize Report
Engine server. (Error: RWI 00226)
This error could be caused by a DNS configuration issue with the target BOE server. One clue that this is the cause is that the other BOE servers function normally. To fix this, add the correct hostname for the server to the Roambi server's /etc/hosts file. If you do not know the host name, enable JCE logging on the Webi Server (see Enabling JCE verbose logging for SAP BOE ), or check the DNS configuration for systems that are working. Additionally, make sure that no firewall exists between the Roambi server and BOE.
Cognos Issues This section lists common issues and possible solutions for Cognos portals.
Generating the Cognos logs Check the Cognos logs to verify basic configuration and connection information. To check the logs: Stop the Cognos 8 service. Start the Log Console: Rename the C8\logs directory. Double-click the C8\bin\logconsole.exe file to launch the Log Console application.
- 195 -
Chapter 13: Troubleshooting
From the Log Console, generate a new report: Under Components, select IPF Performance. In the top right pane, under Enabled, make sure that all of the check boxes are checked.
Under File, click Save. Under Service, click Restart Service. Wait for the service to start, then start Cognos Connection. Re-run the report from Cognos Connection, and wait for the report to complete. Stop the Cognos 8 service. Return to the Log Console, and uncheck all of the boxes in the top right pane under Enabled. Save the changes but do not restart the service yet. Zip and send the C8\logs directory. Delete the C8\configuration\ipfclientconfig.xml file, if it exists. Restart the Cognos 8 service.
Verifying the Cognos configuration To verify that the Cognos configuration is valid: In the Roambi Administrator's Console, navigate to the Cognos configuration tab: Portals > [CognosPortal] > Configuration
Verify the values in the following field: Dispatcher URL (example: http://cognos:9300/p2pd/servlet/dispatch) Gateway URL (example:http://cognos/cognos8/cgi-bin/cognos.cgi) Namespace (example: Cognos8) Version (example: 83 or 84 with no period)
Make sure that a user can log into Cognos using the Gateway URL and Namespace.
INCORRECT PORTAL CREDENTIALS: The usernamepassword combination you have used for this location are either invalid or incorrect. This error can occur if required .jar files are missing or corrupt. Make sure that all of the Cognos .jar files (as described in the ES5 Installation Guide) and Roambi plugin .jar file are copied to the
[TomcatDirectory]/webapps/[RoambiInstallation]/WEB-INF/lib folder.
Your Roambi installation is missing required library files. Please contact your administrator. This error can occur if required .jar files are missing or corrupt. See INCORRECT PORTAL CREDENTIALS: The username-password combination you have used for this loation are either invalid or incorrect to fix this problem.
- 196 -
SSRS Issues
SSRS Issues This section describes tips for troubleshooting common issues with the SSRS plugin that is required for use with Microsoft SharePoint and Microsoft Reporting Services.
Non-functional parameters appear on the Roambi login screen This issue occurs when one or more parameters for the portal were entered incorrectly or contained typos. Specifically, you should double-check the values entered for Windows NT Domain and Web Service URL for the portal. To check the values of these portals, in the Administrator's Console, go to Portals > [PortalName] > Configuration. Verify that the Windows NT Domain is correct and that the Web Service URLmatches the URL specified in the SSRS Config Manager. This URL should not end in /ReportServer, which Roambi assumes by default.
Cannot login: user id or password invalid If you see this error for a valid user-password combination, check that the authentication type was correctly configured for SSRS. To check the authentication type: Navigate to to the rsreportserver.config file for SSRS. Locate the element. Check which authentication types are listed as child elements under this element. The default configuration using the startup as the Network Account is . However, if you are using a specific Service NT account, you will likely need to set . If you have a Microsoft Analysis Services or SharePoint portal, you will need to set to integrate these tools with Kerberos and SSRS.
Roambi analytics reports are not correctly displaying If Roambi analytics reports are not correctly displaying, check to see that the Roambi Renderer is correctly installed. To check if the Roambi Renderer was correctly installed: In a web browser, go to the SSRS Report Manager: http://[ServerDNSName]/Reports
Go to a report, and check that under the export format options, Roambi Renderer is visible as an available option. If Roambi Renderer is not visible, make sure that the ssrs.dll was copied to [SQLInstallationDirectory]\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin.
- 197 -
Chapter 13: Troubleshooting
If Roambi Rendereris visible, but the Roambi Renderer is not generating XML, make sure that the following files were correctly copied to SSRS: SQLInstallationDirectory\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\rssrvpolicy.config
SQLInstallationDirectory\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\rsreportserver.config
Config Manager webservice_url If you specified the webservice_url parameter without including /ReportServer on the end, Roambi automatically assumes its presence and will automatically use this ending. Make sure that /ReportServer was entered in the Config Manager if you customized this value there. Also make sure that each webservice_url that you defined uses a unique port.
HTTP 500 or 401 Not Authorized If you see this error, make sure that the data source user is authorized to refresh the report.
Cannot publish in SSRS If you cannot publish in SSRS, check the logs for the following entry: INFO org.apache.commons.httpclient.HttpMethodDirector - I/O exception (java.net.SocketException) caught when processing request: Software caused connection abort: socket write error
If you see this entry, enable DEBUG mode in logging and use the DEBUG logging entries to determine the best workaround.
Microsoft Analysis Services Issues This section lists common issues and possible solutions for Microsoft Analysis Services portals.
Blink View does not display cubes in the database folder If the Blink View is not displaying any cubes in the database folder, make sure that the msmpump.dll on IIS is configured for Integrated Auth only and does not include BASIC or
Anonymous auth.
Blink View displays error ”Not authorized” on login If the Blink View is displaying a "Not authorized" error when you log in, make sure that Kerberos is configured properly. To check the Kerberos configuration, make sure that a ticket can be issued using kinit and that the ticket is visible in kerbtray. See Kerberos Issues.
- 198 -
Liferay Issues
Cannot login. Get error “SSRS has authentication to Navigate” This error indicates that the Authentication Type for SSRS might not have been set properly.
If you configured SSRS as a Network Account, check the rsreportserver.properties file to make sure that the element has a child element. If you set the service to log in as an Admin user, use the element. Because MSAS (and SharePoint) require Kerberos, you should also include a element.
Liferay Issues This section lists common issues and possible solutions for Liferay portals.
Incorrectly formatted Web Service URL As a first step, check that the Web Service URL is correctly formatted in the Administrator's Console. In the Administrator's Console, go to Portals > [LiferayPortal] > Configuration, and check the Web Service URL field. This URL should have the following format: http://[LiferayServer]:[Port]/tunnel-web/secure/webdav/liferay.com/[user]/document_library For example: http://liferay.mycompany.lan/tunnel-web/secure/webdav/liferay.com/guest/document_library
User cannot publish view in Liferay Check for the following error: Error: com.mellmo.roambi.portal.exceptions.PortalException: com.mellmo.roambi.portal.plugins.webdav.WebDAVException: invalid path or name, or path too long
If you see this error, then check for the following error in the Liferay Tomcat portal log: [DLWebDAVStorageImpl:623] com.liferay.documentlibrary.FileNameException: DLFE-1.rbi
This error indicates that the .rbi file extension used by Roambi is not a supported file type. To fix this problem: Log in to the Liferay portal using the Admin account. In the server section, under Control Panel, select the Server Administration option.
- 199 -
Chapter 13: Troubleshooting
Click the File Uploads tab. Add the .rbi file type as a supported file type.
Users and content are missing when Liferay starts If this problem occurs, check the LifeRay log for a "temp path not found" error. This error can occur if Liferay was installed under Program Files. To fix this, reinstall Liferay under the root C:\ drive. Additionally, Java sometimes encounters errors when Liferay is installed in a path containing a space.
Roambi batch process is successful, but the View does not update using Community Liferay Server This issue is caused by a bug with Liferay Community Edition where sometimes Liferay does not programatically update a file. This issue does not occur with Liferay Enterprise Edition.
User cannot log in to Roambi ES with new Liferay account New Liferay Portal users are required to log in to Liferay and set up a security question and answer for their Liferay Portal user account. If a new user does not complete the account set up process in Liferay, an error message will appear when the user attempts to log in to Roambi ES.
SSL Issues This section lists common SSL errors and their possible solutions. If you think that you have encountered an SSL error with Roambi, read through this section to try to solve the problem before calling Roambi technical support.
Issue: Web browser hangs when attempting to access SSL URL If your web browser hangs when you attempt to access the SSL URL, check the Tomcat logs to see if the Apache Portable Runtime (APR) is loading. The APR loading indicates that the Tomcat native SSL is loaded but that the SSL connector is using the older "HTTP/1.1" protocol, as usually recommended by SAP. To correct this problem, delete the [TomcatDirectory] \bin\tcnative-1.dll file so that Tomcat uses the HTTP/1.1 SSL protocol.
Issue: Intermediate certificates are missing on HTTP server If intermediate certificates are missing, the openssl s_client -connect [ServerURL]: [Port] command returns the following output verify error:num=20:unable to get local issuer certificate verify error:num=27:certificate not trusted verify error:num=21:unable to verify the first certificate
- 200 -
Reverse proxy issues
This output indicates that the server is returning a certificate but does not include the certificate of the issuer, often when the issuer is an intermediate certificate. To fix this problem, add the intermediate certificates to the server. If you are using an IIS web server, see Installing the intermediate certificates from the Certificate Authority (CA) to IIS, otherwise, see the documentation for your web server.
Error message: "Cannot recover key" This error usually means that the password for the certificate key did not match the keystore password. Use the following command to update the keystore password: $ keytool -keypasswd -alias [KeyAlias] -keystore [KeystoreName]
Error message: "Your credentials could not be verified because the server could not be reached (-1206)” when using mod_ssl on apache" If you are using the mod_ssl toolkit with Apache, the SSLVerifyClient=optional value is not supported for Roambi and WebKit-based browsers. The only supported values for WebKit are none and require. If you are using two-way SSL, use SSLVerifyClient=require.
Validation error: "verify error:num=19:self signed certificate in certificate chain" When you verified the SSL requirements (see Validating the SSL requirements using OpenSSL) one possible status error message is verify error:num=19:self signed certificate in certificate chain. This error means that the certificate chain that was returned by the server ends with a "self-signed certificate." Because a self-signed certificate is not a trusted certificate, the validation check reported it as an error. To eliminate the error, specify a trusted root CA. (See Specifying a trusted root CA for the server.)
Validation error: verify error:num=20:unable to get local issuer certificate If you see this error when verifying the SSL requirements, it means that OpenSSL does not know which root CA to trust. Because OpenSSL does not have a default trusted root CA, you will need to explicitly specify which root CA OpenSSL should trust. To correct this error, specify a trusted root CA. (See Specifying a trusted root CA for the server.)
Reverse proxy issues This section gives tips to help troubleshoot possible reverse proxy issues.
- 201 -
Chapter 13: Troubleshooting
Checking if reverse proxy is working properly To check if the reverse proxy is properly working, check the /roambi/check_network.jsp file. If reverse proxy is not properly working, the file will be shown in red.
Troubleshooting reverse proxy issues with Tomcat If you are using Tomcat as your application server, check Tomcat's requestdumpervalve to see if requests are successful. The host header and referer header need to be from the same host; otherwise, the server will reject the request with a "Forbidden" message.
Kerberos Issues This section describes tips for troubleshooting common Kerberos issues, plus some common errors and their solutions.
Enabling Kerberos debug logging To enable Kerberos debug logging in Tomcat:
1. Navigate to the Java options for Tomcat: On Linux, navigate to /usr/local/tomcat/bin/catalina.sh, and locate the JAVA_OPTS variabe. On Windows, navigate to Start > AllPrograms > ApacheTomcat > MonitorTomcat, and click the Java tab.
Add “-Dsun.security.krb5.debug=true” to the Java options. Go to the Roambi log4j.properties file, and make sure that the default log level is DEBUG. In your login.conf file make sure to set or add debug=true to the parameters. Kerberos debug logging should now be enabled in the catalina.out log file. In the log file, look for a "failure to authenticate" error.
Checking the Kerberos configuration See the Java documentation for a list of common Kerberos errors: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html Additionally, in the krb5.ini file, make sure that the entries meet the following requirements:
All realms must be in all uppercase. You must have a single space (and only a single space) before and after equals signs (=). You cannot have any spaces before the definition of a realm (WindowsRealmName).
You must have a single tab (and only a single tab) before the entries for kdc = and default_domain = .
- 202 -
Kerberos Issues
Listing SPNs To list all SPNs associated with a host, type the following command: $ setspn -L DOMAIN/hostname
SPNs must be unique. To list any duplicate SPNs associated with a host: $ setspn -Q HTTP/hostname
Verifying that a Kerberos ticket can be issued To verify that a Kerberos ticket can be issued, download and use the kinit utility: http://download.oracle.com/javase/1,5.0/docs/tooldocs/linux/kinit.html The following sample command requests proxiable and forwardable credentials for a different principal and stores these credentials in the default location: $ kinit –fp [email protected]
Checking if a tgt ticket has been created and cached on the client Use the kerbtray.exe tool to check if a tgt ticket has been created and cached on the client.
[Krb5LoginModule] authentication failed This error indicates that a domain controller might be missing from the krb5.ini file. Make sure that the krb5.ini file includes all necessary domain controllers in the [domain_realm] section.
Client not found in Kerberos database (6) This error indicates that a domain controller might be missing from the krb5.ini file. See [Krb5LoginModule] authentication failed for the solution to this problem.
- 203 -
Chapter 14: SAP BusinessObjects Roambi ESX This chapter discusses features and functionality that are only available in SAP BusinessObjects Roambi ESX. Roambi ESX consists of Roambi Analytics and Roambi Flow, specially licensed for sharing free, 'external' Roambi content with the general public. From next-generation product collateral to interactive financial reports, Roambi ESX lets you deliver unsecured Roambi content to the general public, utilizing a Public Portal. Public Portals eliminate the need for end user credentials and provide a seamless user experience for public-facing Roambi Analytics reports and Roambi Flow publications. Note: When enabling public access to a portal storing your source data and Roambi files, your organization is responsible to maintain its compliance with its portal license. Included in this chapter: About Public Portals Adding a Public Portal Adding Authentication Credentials to a Public Portal Configuring a Public Portal Enabling a Public Portal Publishing Roambi Files to Public Portals
About Public Portals
When you designate a portal as public, users can gain access to the Roambi report files (RBIs) and Roambi Flow publications published to the portal using the public account information.
To create and publish Roambi reports and Roambi Flow publications, authors must log into the Public Portal using their personal access credentials and not the public account. To download and access reports and publications on mobile devices, end users can access Roambi files using the public account information which does not require access credentials.
Enabling the Public Portal option does not prevent users from logging into the portal with credentials other than what you specify for the public account.
Important things to note about Public Portals:
- 205 -
Chapter 14: Roambi ESX
The Public Portal option is not available for portals that use single sign-on (SSO). The Public Portal option must be enabled when you add a portal. If you would like to designate a portal that has already been added to Roambi, you must delete the portal from Roambi and then add it again it as a Public Portal.
Adding a Public Portal Add a Public Portal as you would normally create a new portal in Roambi ES5. To add a portal: Click the Add Portal button in the lower left corner of the dashboard:
An Add Portal window opens:
From the Portal Source drop-down list, select the portal that will be used as the data source for the portal. Depending on which portal you choose, the portal may also be used to store Roambi RBI files and Flow publications. In the Name text box, type a unique name for the portal source. When creating a Public Portal, it is recommended that you include "public" in the portal name. This will ensure report authors know that they are importing data from and publishing reports to a Public Portal. For more details, see Publishing Roambi Files to Public Portals.
Check the Enable Public Portal box. Click Add.
- 206 -
You have successfully enabled a Public Portal for Roambi ESX. Next, see Adding Authentication Credentials to a Public Portal.
Adding Authentication Credentials to a Public Portal Next, add the public authentication credentials to the portal as follows: Add the public authentication credentials to the portal: On the left pane of the Administrator's Console, select the portal. Click the Configuration tab:
On the Configuration tab, enter the required parameters for your portal type. The fields requiring data entry will vary from portal to portal. For details, see the section that pertains to your portal type in this guide. The Portal Status section displays a message prompting you to verify your settings.
- 207 -
Chapter 14: Roambi ESX
Click the Verify button to open a Verify Portal window:
Type the credentials that you use to access the portal. These credentials do not need to be the same credentials as the username and password for the public account. Click Verify to close the Verify Portal window. The Portal Status section of the configuration tab displays a message prompting you to configure the Public Portal.
- 208 -
Configuring a Public Portal To configure a Public Portal: Click the Security tab for the portal. The section is now visible. This section will not be visible unless you enabled the Public Portal option when you created the portal:
In the Public Account field, click the Attach Account button:
- 209 -
Chapter 14: Roambi ESX
Enter the account credentials for your portal's public account. By specifying the account's access credentials here, end users will be permitted to access the Roambi reports (RBIs) and Roambi Flow publications on the portal without being prompted for credentials. Click Attach to attach the account. The Public Account field now displays the username for the public account:
- 210 -
If you want to select a custom logo for the portal, click the Select button for Small Logo and/or Large Logo and follow the prompts to change the logo. If you want to allow users to browse the contents of the portal, rather than only being able to access Roambi reports sent via Roambicast or Roambi Flow documents sent via Flow Cast, toggle the Enable Browsing switch to ON. (Browsing is disabled by default.) If you enable browsing, two more options become available: Available For and Public Portal URL:
In the Available For field, select whether you want users to be able to browse Analytics files (RBIs), Roambi Flow files, or both. The Public Portal URL contains the URL that you can copy and email to users or integrate with another application.
Enabling a Public Portal To enable a Public Portal: Click the Configuration tab for the portal. The Portal Status section now displays a message about enabling the portal. Toggle the Enable Portal swich to ON. The portal is now enabled and Roambi files that are published to the portal can now be accessed by users via the public account credentials.
Publishing Roambi Files to Public Portals If you have more than one portal integrated with Roambi, ensure that your report authors are aware that if they want to provide mobile end users with public access to a Roambi file, they must always choose the Public Portal as the publishing location. This is true for both Roambi reports (RBIs) and Roambi Flow publications. In order to avoid confusion in environments where portals may have similar names, MeLLmo recommends that you always assign your Public Portal a unique name to clearly identify it as public. For more information see the recommendation in Adding a Public Portal.
- 211 -