QlikView Server Reference Manual - ENG

Server/Publisher
Version 11.20 SR13 for Microsoft Windows

Lund, Sweden, 2015
Authored by QlikTech International AB

Copyright1994-2015QlikTechInternationalAB,Sweden.
Underinternationalcopyrightlaws,neitherthedocumentationnorthesoftwaremaybecopied,photocopied,
reproduced,translatedorreducedtoanyelectronicmediumormachine-readableform,inwholeorinpart,
withoutthepriorwrittenpermissionofQlikTechInternationalAB,exceptinthemannerdescribedinthe
softwareagreement.
QlikTechandQlikViewareregisteredtrademarksofQlikTechInternationalAB.
ActiveDirectory,Excel,InternetExplorer,Microsoft,.NET,SharePoint,SQLServer,Visual
Studio,Windows,Windows7,Windows2000,WindowsNT,WindowsServer,WindowsVista,
andWindowsXParetrademarksofMicrosoftCorporationintheUnitedStates,othercountries,orboth.
CASiteMinderisaregisteredtrademarkofComputerAssociates.
ChromeisatrademarkofGoogleInc.
FirefoxisaregisteredtrademarkoftheMozillaFoundation.
IBMisatrademarkofInternationalBusinessMachinesCorporation,registeredinmanyjurisdictions
worldwide.
IntelandCoreDuoaretrademarksofIntelCorporationintheU.S.and/orothercountries.
NetWeaverandSAParetrademarksorregisteredtrademarksofSAPAGinGermanyandinseveralother
countries.
NovellisaregisteredtrademarkofNovell,Inc.,intheUnitedStatesandothercountries.
OracleisaregisteredtrademarkofOracleand/oritsaffiliates.
SafariisatrademarkofAppleInc.,registeredintheU.S.andothercountries.
Salesforce.comisatrademarkorregisteredtrademarkofSalesforce.com,Inc.
WikipediaisaregisteredtrademarkoftheWikimediaFoundation.
Othertrademarksarethepropertyoftheirrespectiveownersandareherebyacknowledged.
2 QlikView Server/Publisher - QlikView 11.20

SR13
Contents
Contents
Part 1 Introduction 7
1 Overview 9
1.1QlikView 9
1.2QlikTechSupportServices 9
1.3Conventions 9
1.4AboutthisDocument 10
2 Whats New in QlikView 11 Server? 11
Part 2 Installation 17
3 Upgrading QlikView 19
3.1UpgradeConsiderations 19
3.2UpgradeProcedure 19
3.3Multi-machinePreparation 20
4 Installing QlikView Server 23
4.1LoggingtheInstallation 24
4.2ObtainingtheMSIpackage 24
4.3CompletingtheInstallation 24
5 Building a Farm 27
5.1Planning 27
5.2Root/FirstInstall 28
5.3AddingServicesonOtherMachines 28
5.4Clustering 28
Part 3 Architecture 31
6 Roles 33
6.1QlikViewwithPublisher 33
6.2QlikViewwithoutPublisher 34
6.3QlikViewServer 35
6.4WebServer 36
6.5DirectoryServiceConnector 37
6.6ManagementService 38
6.7DistributionService 39
6.8ReloadEngine 39
7 Logging 41
7.1LoggingfromQlikViewServer 41
7.2SessionLog 41
7.3PerformanceLog 43
7.4EventLog 44
7.5End-userAuditLog 45
7.6ManagerAuditLog 47
7.7TaskPerformanceSummary 48
8 Documents, Data, and Tasks 49
8.1UserDocuments 49
8.2SourceData 50
8.3SourceDocuments 50
QlikView Server/Publisher - QlikView 11.20 3

SR13
Contents
8.4Tasks 50
9 Service by Service 53
9.1QlikViewServer 53
9.2QlikViewDistributionService 56
9.3QlikViewPublisherRepository 58
9.4ConfigurationFiles 59
9.5WebServer 61
9.6DirectoryServiceConnector 64
9.7QlikViewManagementService 65
Part 4 Security 67
10 Security Overview 69
11 Protection of the Platform 71
11.1Functionality 71
11.2SpecialAccounts 71
11.3Communication 71
12 Authentication 73
12.1AuthenticationwhenUsingQlikViewServerinaWindowsUserEnvironment 73
12.2AuthenticationwithaQlikViewServerUsinganExistingSingleSign-onSoftwarePackage 74
12.3AuthenticationUsingneitherIWAnorSingleSign-onSoftware 75
12.4QlikViewServerAuthenticationUsingCustomUsers 76
13 Authorization 79
13.1DocumentLevelAuthorization 79
13.2DataLevelAuthorization 79
Part 5 Licensing 81
14 Client Access Licenses 83
14.1CALTypes 83
14.2Identification 84
14.3DocumentCALRestrictions 84
14.4CombiningDifferentCALs 84
14.5LicenseLease 85
14.6ClusterLicensing 85
14.7ColdStandbyServers 85
15 Editions of QlikView Server 87
15.1Editions 87
15.2FeaturesandLimitations 89
Part 6 Appendix 91
16 Silent Installation 93
16.1Settings 94
16.2Dialogs 94
16.3AdditionalDialogs 98
16.4MST 99
16.5AdditionalInformation 100
17 Clustering QlikView Servers 101
17.1WhyClusterQlikViewServers? 101
17.2RequirementsforClusteredQlikViewDeployment 102
17.3BuildingandInstallingaQlikViewCluster 104

SR13
Contents
18 Clustering QlikView Publisher 109

18.1Introduction 109
18.2WhyClusterQlikViewPublisher? 111
18.3RequirementsforaClusteredQlikViewPublisherDeployment 111
18.4Security 113
18.5ConfiguringQlikViewPublisherClustering 115
18.6Troubleshooting 118
19 OEM 121
19.1General 121
19.2DetailedFunctionDescription 121
20 DSP Interface 123
20.1DirectoryServiceProvider 123
21 SNMP 125
21.1MIBFile 126
21.2AdditionalInformation 127
22 Deploying MSI Packages with Group Policies 129
22.1General 129
22.2DeployingtheMSIPackage 129
22.3Step-by-stepGuide 130
23 Certificate Trust 135
23.1Architecture 135
23.2Requirements 136
23.3Installation 137
23.4UsingMicrosoftManagementConsole 140
24 QlikView Server Extensions 143
24.1AddingExtensionstoQlikViewServer 143
25 Configuring Microsoft IIS for Custom Users 145
26 Triggering EDX Enabled Tasks 149

SR13
Contents

SR13
Part 1 Introduction
Part1Introduction

SR13
SR13
1 Overview
1 Overview
ThisdocumentdescribesQlikViewServerandcontainsinformationoninstallation,architecture,security,
andlicensing.Thedocumentalsoincludesanumberofappendixesthatprovideadditionalin-depth
information.
1.1 QlikView
QlikView Server
QlikViewServerisaplatformforhostingandsharingQlikViewinformationoveranintranetortheInternet.
QlikViewServerconnectsusers,clienttypes,documents,andobjectswithinasecureenvironment.
QlikView Publisher
QlikViewPublishermanagescontent,access,anddistribution.Byreducingdata,eachusercanbepresented
withtailoredinformation.TheQlikViewPublisherserviceanduserinterfacearefullyintegratedinto
QlikViewServerandQlikViewManagementConsole(QMC).
1.2 QlikTech Support Services

ContactQlikTechifproductsupport,additionaltraining,orconsultationconcerningapplication
developmentisneeded.ConsulttheQlikTechhomepageforcurrentinformationonhowtogetintouchwith
thesupportservices:
http://www.qlikview.com
QlikTechInternationalheadquarters:
QlikTech International
150 N. Radnor Chester Road
Suite E220
Radnor, PA 19087
USA
Phone: +1 (888)-828-9768
Fax: 610-975-5987
Forotherlocations,visittheQlikTechhomepage(seeabove).
1.3 Conventions
Style Coding
Menucommandsanddialogoptionsarewrittenin bold.Filenames,paths,andsamplecodearewrittenin
Courier.

SR13
1 Overview
Environment Variables
Thepathsdescribedinthisdocumentuseenvironmentvariables.Thevariablesandtheequivalentpathsin
WindowsVista(andlater)andWindowsXParepresentedbelow.
Environment
Windows Vista and later Windows XP
Variable
%ProgramData% C:\ProgramData C:\Documents and Settings\All
Users\Application Data
%ProgramFiles% C:\Program Files C:\Program Files
%UserProfile% C:\Users\[username] C:\Documents and Settings\[username]
1.4 About this Document

ThisdocumentdescribesQlikViewServerandQlikViewPublisherversion11.20.Thecontentsofthe
softwareaswellasthedocumentmaychangewithoutpriornotice.

SR13
2 Whats New in QlikView 11 Server?

ThischapterdescribesthefunctionalitythathasbeenaddedorimprovedinQlikView11Server.
Context Sensitive Help

ContextsensitivehelphasbeenaddedinQlikViewManagementConsole(QMC).
LDAPs
ConfigurableLDAPDSPforLDAPs(LDAPviaSSL)supporthasbeenadded.
Audit Logging by Document

Insomecases,itisrequiredtogenerateauserauditlog,sothateveryqueryisregisteredanditispossibleto
seewhodidwhatretroactively.
QlikView10Servercandothis;however,theswitchisfortheentireservereitheralldocumentsare
loggedornodocumentislogged.Inaddition,ifthereisalargenumberofselectionsinalistbox,notevery
selectionislogged.
InQlikView11Server,thisloggingcanbedoneperindividualdocument.Inaddition,loggingofevery
selectioncanbeenabled.

SR13
Enable/Disable Document Download, Exporting, and Printing

per Document and User
Inmanysituations,thesystemmanagerwantstopreventanyharddatacomingoutofQlikViewServer.In
thesesituations,downloadsofthe .qvwfile,printing,andexportingarenotallowed;onlytheinteractive
sessionwithQlikViewServerispermitted.
InQlikView10Server,thisfunctionalityisavailableatthedocumentlevelonlyfordownloading.
InQlikView11Server,thishasbeenimprovedsothatthefunctionalityisavailableonaperuserlevelas
wellasthecapabilitytoenableanddisableexportingandprintingonaperdocumentanduserlevel.
Supporting Task for .qvd Creation

Thecreationof .qvdfilescanbeaddedasaSupportingTask.
Note!Thisis notareplacementforcreating .qvdfilesusinga .qvw.SeetheQMConlinehelpformore
information.
Distribution to Email within a .qvw Document

A .qvwfilecanbedistributedtoemailrecipientsdefinedinafieldinthedocument.
Alert Email to Document Administrators

Alertemailscanbesenttodocumentadministrators.

SR13
License Tracking
TheuseoflicenseshasbeenaddedtotheQlikViewEventServerlogs.Thefollowingeventsarenowlogged
(whenusinglowverbositylogging):
l PGO,Recreating[filename]frombackup
l PGO,Recreatingcorruptfile[filename]
l PGO,Creatingfile[filename]
l License,Licenseleasedtouser[username]onmachine[machinename]
l CALusage,UsingCALoftype[CALtype]foruser[username]onmachine[machinename].
Sessionsonthiscaltype:X
l CALusage,ReleasingsessionCALforuser[username]onmachine[machinename]
l CALusage,UsageCALsessionforuser[username]onmachine[machinename]stopped
l CALusage,NamedUserCALsessionforuser[username]onmachine[machinename]stopped
l CALusage,DocumentCALsessionforuser[username]onmachine[machinename]stopped
l CALallocation,Unused(Document)NamedUserCAL[username]deletedok
l CALallocation,(Document)NamedUserCAL(notusedfor24hours)[username]deletedok
l CALallocation,Unused(Document)NamedUserCAL[username]markedfordeletionok
l CALallocation,(Document)NamedUserCAL[username]addedok
l CALallocation,NamedUserCAL(notusedfor24hours)[username]deletedok
l CALdeallocation,(Document)NamedUserCAL[username]nolongermarkedfordeletionok
l CALdeallocation,(Document)NamedUserCAL[username]notmarkedfordeletiondenied
l CALdeallocation,(Document)NamedUserCAL[username]notfounddenied
Distribution and Reload Performance

Theperformanceofreloadanddistributionhasbeenimproved.
Reloads
PriortoQlikView11Server,areloadisperformedinthefollowingwaywithPublisher:
1. Theentiredocument(.qvw)isloadedtomemoryfromdisk.
2. Areloadiscompleted.
InQlikView11Server,areloadisperformedinthefollowingway:
1. Thedocument(.qvw)withoutthedataisloadedtomemoryfromdisk.
2. Areloadiscompleted.
Theperformanceenhancementisthereductionintimetoloadthedocumenttomemoryfromdisk,since
thereisnodata.QlikView11Publishercanopensourcedocumentswithoutdatapriortoexecutingareload
task.Thereisnoneedtoloadthedocumentdatatomemoryandthenperformareloadofthedocument.
Loop and Reduce

PriortoQlikView11Server,aloopandreduceisperformedinthefollowingwaywithPublisher:
1. Theentiredocumentisloadedtomemoryfromdisk.
2. Thedocumentisreducedandsavedtodisk.
3. GotoStep1untiltheLoopiscompleted.
InQlikView11Server,aloopandreduceisperformedinthefollowingway:
1. Theentiredocumentisloadedtomemory.
2. Thedocumentisreducedwhilebeingduplicatedinmemory.
3. Thedocumentisreducedandsavedtodisk.
4. GotoStep2untiltheLoopiscompleted.
Theperformanceenhancementisthenumberoftimesthedocumentisloadedfromdiskforeachloop.
However,thememoryfootprintisincreased(basedonthelargestsliceduringtheloopandreduce)forthe
document.

SR13
QlikView Management Console User Interface

TheQMCuserinterfacehasbeenimproved:
l Userinterfaceinconsistencieshavebeencleanedup.
l TheperformanceofrefreshingtablesallovertheQMChasbeenimproved.
l TheStatuspageisdrawnandupdatedfaster.
l Allofataskchaincanbeexpandedbyright-clicking.
l Ausercanberemovedfromalldistributionswheretheuserisexplicitlytargeted.
l SearchandfiltershavebeenaddedtoSourceDocuments,UserDocuments,andTasks.
l AlertswithinQMChavebeenaddedforservicestatus.
l Clusteringandusertypeshavebeenmademoreconsistentamongtheservices.
Reduction with Lock Fields

InpreviousversionsofQlikView,areductionwasaffectedbylockfields(byineffectreduceonthelocked
values).InQlikView11Server,thereductionignoresanylockedfields.
Improved Logging
ChangestothesettingsinQlikViewServerandQlikViewWebServerarestoredintheauditlog.
ThelogginganderrorhandlinghavebeenimprovedforQlikViewDistributionService.
QMC and QMEC are Merged into QMC

QMChasbeenremovedandQlikViewEnterpriseManagementConsole(QEMC)hasbeenrenamedto
QMC.
AccessPoint Remake
AccessPointhasbeengivenanewlookandfeel:
l Newsearchcapabilitieshavebeenadded.
l Thedocumentattributeshavebeenleveragedtoimprovethecategorizationofdocuments.
l Documentdescriptionscanbeadded.
l GlobalmessagescanbeshownontheAccessPointbyaddingmessagesinQMC.
EDX Enhancements
StartinganEDXreturnsasessionIDtoallowinterrogationofthestatusofthesessionratherthanonthe
task.Whenthesessionisdone,thestatuscontainsalistofallthetasks(andsessionIDs)thathavebeen
triggered,allowingforcontinuoustrackingofthestatus.ThisfunctionalityisavailablethroughtheAPI.
Load Balancing Improvements

Anewalgorithm,CPUwithRAMOverload,forloadbalancingwhenusingaQlikViewWebServerhas
beenaddedforimprovedmanagementofaclusterofwebservers.Inessence,thewebservercannowroute
trafficbasedonRAMandCPUuse.
Retries
Ifataskthatcontainsaloopfails,itrestartsfromthepointoffailure,ratherthanfromthebeginningofthe
loop.
MSI Installation of QlikView Server

TheusabilityoftheMSIhasbeenimproved.

SR13
QlikView Settings Service

WhenMicrosoftIISisusedaswebserver,anewsupportservice,QlikViewSettingsService,allowsIISto
bemanagedviathesameport(4750)thatisusedtomanageQlikViewWebServer.

SR13
SR13
Part 2 Installation
Part2Installation

SR13
SR13
3 Upgrading QlikView
3.1 Upgrade Considerations
Migrating from 32-bit (x86) to 64-bit (x64) Version
Whenmigratingfrom32-bit(x86)to64-bit(x64)orfrom64-bit(x64)to32-bit(x86),therunningversion
mustbemanuallyremovedpriortoinstallingthenewversion.
Upgrading from Version 8 to 11

UpgradingfromQlikViewServerversion8toversion11requiresupgradingtoversion9priortoupgrading
toversion11.
Note!QlikViewServer cannotbeupgradeddirectlyfromversion8toversion11.
Upgrading from Version 9 or 10 to 11

ConsiderationsforupgradingfromQlikViewversion9or10toversion11:
l TheinstallationofQlikViewServerrequiresarebootofthemachineforproperoperation.
l QlikViewServerversion9handlesEDXtriggersviaHTTPPOSTcallsonly.InQlikViewServer
version10and11,EDXtriggersaretriggeredbytheQlikViewManagementService(QMS)API,
wheremoregranularfunctionalityisavailable.SeetheQMSAPIdocumentationintheManagement
ConsolesandtheQlikViewSDKforusageinstructions.
l QlikViewAccessPointisthedefaultstartpageforQlikViewServer.
l PreviousManagementConsolesforQlikViewServerandPublisherhavebeencompletelyreplacedby
QlikViewManagementConsole(QMC).TheQMCmustbestartedtoregisteralicenseforQlikView
Server,unlessavalidlicenseisalreadyavailableonthemachinerunningQlikViewServer.
l Anti-aliasingonfontsisnolongeravailable.
l QlikViewhasacommonfileformatforversions7,8,9,10,and11.
l Windows2000isnolongeranofficiallysupportedhostoperatingsystem.
l SeetheReleaseNotesformoreinformationonupgradingtoQlikView11.
3.2 Upgrade Procedure

ForasuccessfulupgradeofQlikViewServer,takethefollowingbasicpracticesintoaccount:
l BackupthecurrentQlikViewdatadirectory,whichincludesmostofthelogandsomeofthe
configurationfilesaswellasthedocumentfolders.Thefilesaretypicallylocatedinthefollowing
location:
Windows7andlater,WindowsServer2008andlater: %ProgramData%\QlikTech
WindowsXP,WindowsServer2003: C:\Documents and Settings\All
Users\Application Data\QlikTech
l PerformtheupgradeduringascheduleddowntimeQlikViewServermustbestoppedforthe
upgradetobesuccessful.
l LicensinginformationandsettingsaresavedbydefaultwhenQlikViewServerisremoved.Theyare
appliedtoanysubsequentinstallationofQlikViewServeronthesystem.
Note!TheinstallationdoesnotsupportupgradefrombetaorreleasecandidateversionsofQlikView11
Server.

SR13
ToinstallQlikViewServer,proceedasfollows:
1. VerifythatbackupmediaexistsforthecurrentreleaseofQlikViewServerandbackupallcurrent
filesassociatedwithQlikViewServer(HTMLpages,QlikViewdocuments,licensingfile,QlikView
Server .sharedfiles,andsoon).
2. WhenrunningQlikViewServerversion8,usethe UserstabinQMCtodetermineifthereareany
activeuserslinkedtoQlikViewServer.Itmaybeagoodideatosendoutabroadcastmessageto
notifytheusersthattheservicewillbestopped.
3. UninstallQlikViewServerfrom Start Menu>Control Panel.
4. InstallQlikView11Server.
Note!WhenupgradingfromapreviousversionandusingMicrosoftIIS,thevirtualfoldersinIISmustbe
updated(seethetablebelow).
Microsoft IIS
Update Required
Virtual Folder
QVAJAXZfc Updateto %ProgramFiles%\QlikView\Server\QlikViewClients\
QlikViewAjax.
QvPlugin Updateto %ProgramFiles%\QlikView\Server\QlikViewClients\

QlikViewPlugin.
QvClients Updateto %ProgramFiles%\QlikView\Server\QlikViewClients.
QvAnalyzer Removed
QvJava Removed
QvPrint Removed
3.3 Multi-machine Preparation

Whenupgradinganinstallationthatisspreadovermultiplemachines,extraplanningisrequired,since
versionscannotbemixedarbitrarily.
Simple Upgrade
Thisprocedurerequiresnospecialplanningandinvolvesthesmallestrisk,butcausesthesystemtobedown
forsometime.
Proceedasfollowstoperformastraight-forwardupgrade:
1. Performabackupasdescribedin Upgrade Procedure (page 19).
2. Stopallservicesrunningonallmachines.
3. Upgradetheservicesoneachmachine(inanyorder).
4. Startallservicesonallmachines.
Maximize Uptime
Thisprocedurerequiresmoreplanning,butthesystemuptime(fromanenduserpointofview)ismaximized.
Proceedasfollowstoperformtheupgrade:
1. Performabackupasdescribedin Upgrade Procedure (page 19).
2. StopQMS(whichmeansQMCbecomesunavailable).
3. Upgradeinthefollowingorder(lettheinstallerrestarttheservices):
a)Webservers
b)DirectoryServiceConnector(DSC)
c)QlikViewServer(QVS)

SR13
d)QlikViewDistributionService(QDS)
e)QMS
4. StartQMS(whichmeansQMCbecomesavailableagain).
Migration to a New Machine

Analternativewayistobuildthenewenvironmentonnewservers.
Note!WhenupgradingfromapreviousversionandusingMicrosoftIIS,thevirtualfoldersinIISmustbe
updated(see Upgrade Procedure (page 19)).
Proceedasfollowstoperformamigrationtoanewmachine:
1. Onthenewmachine,installarunning,licensedversionofQlikView11Server.
2. StopallQlikViewservicesontheoldmachine.
3. Removeorrenamethe %ProgramData%\QlikTech\ManagementService\QVPRfolder.
4. Removeorrenamethe %ProgramData%\QlikTech\ManagementService\qvpr_
<NewMachineName>.inifile.
5. Copythe QVPRfolderandthe .inifileasisfromtheoldmachinetothenewone(thatis,keep
thefoldername):
Version9: %ProgramData%\QlikTech\Publisher\CommandCenter
Version10: %ProgramData%\QlikTech\ManagementService
6. Renamethe .inifile(thatis,change qvpr_<OldMachineName>.inito qvpr_
<NewMachineName>.ini).
7. Changeallreferencesto <OldMachineName>to <NewMachineName>intheQVPR .xmlfiles.
8. StarttheQlikViewservicesonthenewmachine.
9. InQMC,changethesourcefolderpathtothecorrectfolder(orthetaskscannotbeedited).
10. Shutdowntheoldmachine.

SR13
SR13
4 Installing QlikView Server

Note!IfMicrosoftIISistobeusedaswebserver,itmustbeinstalledpriortoQlikViewServer.
Note!IPv4isrequiredforinstallationofQlikViewServer.IPv6iscurrentlyunsupported.
ItisrecommendednottomovefolderlocationsaftertheQlikViewServerinstallationiscomplete,since
manysettingsdependontheinitialfilelocations.IfthelocationofQlikViewServerhastobechangedafter
theinstallation,proceedasfollows:
1. RuntheQlikViewServerinstallationexecutable:
l MicrosoftWindowsx86version:QlikViewServer_x86Setup.exe
l MicrosoftWindowsx64version:QlikViewServer_x64Setup.exe
l MicrosoftWindowsServer2012/Windows8(andlater):QlikViewServer_Win2012andUp.exe
2. IftheUserAccountControldialogisdisplayed,click Yestoallowtheprogramtomakechangeson
thiscomputer.
3. Click NextintheWelcomedialog.
4. Selecttheregionforthelocationoftheserver.Click Nexttocontinue.
5. Readthelicenseagreement,select I accept the terms in the license agreement,andclick Nextto
continue.
6. EnterthecustomerinformationforQlikViewServer.Click Nexttocontinue.
7. Allfilesareinstalledinthespecifiedfolder.Tochangetherootfolderfortheinstalledfiles,click
Changetospecifythepreferredlocation.Finally,click Nexttocontinue.
8. Selectthetypeofinstallationyouwanttoperform:
l Full installation, Single machine with QlikView Webserver:Usedtorunallcomponentsonasingle
machinewithQlikViewWebServeraswebserver.
l Full installation, Single machine with Microsoft IIS:Usedtorunallcomponentsonasinglemachinewith
MicrosoftIISaswebserver.ThisoptionisonlyavailableifIISisinstalledonthetargetmachine.
l Custom installation, select profiles:Ifthisoptionisselectedyouselecttheprofilesyouwanttobeincluded
intheinstallationfromtheProfilessectioninthedialog:
l QlikView Server:InstallsQlikViewServer,DirectoryServiceConnector,andtheQlikViewServerexample
documents.
l Reload/ Distribute Engine:InstallstheReloadEngineandtheQlikViewDistributionService.
l Management Console:InstallstheQlikViewManagementServicetogetherwiththeQlikView
ManagementConsole(QMC).
l Webserver:InstallstheQlikViewWebServer.
Tomakefurtherconfigurationoffeaturestobeinstalled,clickConfig.Whendone,clickNext.
Tousepre-definedconfigurationoffeatures,clickNext.
9. SettheaccountthattheQlikViewServerandPublisherservicesaretorununder.ClickNext tocontinue.
Note!TheaccountthatisusedtoruntheQlikViewservicesmusthavelocaladministratorprivileges.
Note!IfusingalocaladministratoraccountonWindowsXPProfessionalx64SP2thatisnotpartofadomain,the
installationprogramcannotresolvetheaccount.ThismeansthattheaccountfortheservicesinComputer Manager
hastobesetmanually.
YoucanalsoselectI want to specify the account to be used for the services later.
10. SelecttheIISWebsitefromthedrop-downlistandclickNext.
Note!ThisstepisonlyapplicableifFull installation, Single machine with Microsoft IISwasselectedinStep 8.If
not,proceeddirectlytothenextstep.
11. SelecttheServiceAuthenticationmethod:
l Use digital certificates:AuthenticatecommunicationbetweenQlikViewserversusingdigitalcertificatesand
SSL.Thisalternativeisrecommendedinenvironmentswherenotallservershaveaccesstoacommon
WindowsActiveDirectoryorwhenthesecurityprovidedbycertificateauthenticationisrequired.Notethat
digitalcertificatesareonlysupportedbyWindowsServer2008R2andlater.

SR13
l Use QlikView Administrators Group:AuthenticatecommunicationbetweenQlikViewservicesbasedon

membershipinthelocalWindowsgroupQlikViewAdministrators.Thisalternativecanbeusedin
environmentswhereallserversthatarepartoftheQlikViewinstallationcanauthenticateusingacommon
WindowsActiveDirectory.
ClickNext tocontinue.
12. ClickInstall tostarttheinstallation.
Note!Thismaytakeseveralminutestocomplete.
13. ClickFinish whentheinstallationiscomplete.
14. LogofffromWindowsandthenlogonagain,sothatgroupmembershipsaddedduringtheinstallationareupdated.
Note!ItmaybesufficienttologofffromWindowsandthenlogonagain.However,itisrecommendedtorestartthe
machinetoenabletheQlikViewServerfunctionality.
4.1 Logging the Installation

ThesetupprocedureisloggedwhenrunningtheQlikViewServerinstallationexecutable.Thelogfilesare
asfollows:
l MicrosoftWindowsx86version: QlikViewServerx86.wil
l MicrosoftWindowsx64version: QlikViewServerx64.wil
l MicrosoftWindowsServer2012/Windows8(andlater): QlikViewServer_Win2012andUp.wil
Thelogfilesarestoredinthe Tempfolderoftheuser(forexample,
%UserProfile%\AppData\Local\Temp).Eachtimeaninstallationisexecuted,anewfileis
generated,over-writingthepreviouslogfile.
4.2 Obtaining the MSI package

IftheMSIpackageisneededfortheinstallation,proceedasfollowstoextractitfromthe .exefile:
1. Starttheinstallationfromthe .exefileandwaituntilthefirstdialogopens.
2. LocatetheMSIfile(oftenstoredwitharandomname,forexample, ed34g.msi)inthe Tempfolder
in %UserProfile%\AppData\Local(C:\Documents and Settings\username\Local
Settingsonpre-WindowsVistasystems).
3. Copythe .msifiletoanotherlocation.
4. Exitthe .exeinstallation.
5. InstallQlikViewServerusingthe .msifile.See Silent Installation (page 93)forinformationon
howtoperformasilentinstallation.Foradditionalinformation,see Deploying MSI Packages with
Group Policies (page 129).
4.3 Completing the Installation

AftersuccessfullyinstallingQlikViewServer,alicensemustberegisteredinQlikViewManagement
Console(QMC)toactivatetheinstalledsoftware.
Note!IfaccessisdeniedwhenstartingQMC,logofffromWindowsandthenlogonagain,sothatgroup
membershipsaddedduringtheinstallationareupdated.
Note!Runningreal-timeanti-virusprotectionontheserverdegradestheperformanceofQlikViewServer.It
isrecommendedthattheuserdocuments,sourcedocuments,logdirectories,and .pgofilesareexcluded
fromtheanti-virusscanning.
Running Microsoft IIS

Handling Timeouts
Note!ThisisonlyneededwhenusingverylargeQlikViewdocumentsthatreturntimeouts.

SR13
Proceedasfollowstohandletimeouts:
1. Openthe %ProgramFiles%\QlikView\Server\QlikViewClients\QlikViewAjax\web.configfileinatext
editor(forexample,Notepad).
2. Searchforthefollowingtext:
<httpRuntime requestValidationMode="2.0" />
3. Editthetextsothatitbecomes:
<httpRuntime requestValidationMode="2.0" executionTimeout="900"/>
4. Savethefile.
Enabling ASP.NET
IfMicrosoftIISisusedaswebserverinaWindowsServer2003(orlater)environment,enableASP.NETto
ensureproperoperationoftheQlikViewServersamplepagesandtheextendedfunctions(forexample,
QlikViewServertunnel).
Optimizing the Performance

TooptimizetheperformancewhenrunningMicrosoftIISandAJAX,turnoncompressioninthewebserver.
ForinformationonhowtoconfigureIIS6,see
http://technet.microsoft.com/en-us/library/cc730629%28WS.10%29.aspx.
ForinformationonhowtoconfigureIIS7,see
http://technet.microsoft.com/en-us/library/cc782942%28WS.10%29.aspx.
Licensing
ThelicensingisusedtoauthenticateQlikViewServerandallowittorunonaspecificmachine.
ProceedasfollowstoenterthelicenseforQlikViewServer:
1. Goto System>LicensesintheQMC.
2. SelectaQlikViewServerorPublisher.
3. Fillinthe Serial numberand Controlfieldsonthe QlikView Server Licenseor QlikView
Publisher Licensetab(dependingonwhetherQlikViewServerorPublisherwaschosen).
Note!AnypreviouslydefinedtasksaredeletedwhentheQlikViewPublisherlicenseisactivated.
QlikView Server/Publisher License tab in QMC

Thelicenseischeckedeverytimeadocumentisopened.IfthetimelimitspecifiedbytheLicenseEnabler
File(LEF)isreached,theQVSautomaticallyentersofflinemode,whichmeansthatitisreachablefromthe
QMC,butnotoperational.
TheLicenseEnablerFile(LEF), lef.txt,forQlikViewServerisautomaticallysavedin
%ProgramData%\QlikTech(C:\Documents and Settings\All Users\Application
Data\QlikTechonpre-WindowsVistasystems).

SR13
The PubLef.txtfileforQlikViewPublisherissavedin
%ProgramData%\QlikTech\ManagementService\Publisher LEF(C:\Documents and
Settings\All Users\Application Data\QlikTech\ManagementService\Publisher
LEFonpre-WindowsVistasystems).
Click Update License from Servertodownloadanew lef.txtfilefromtheQlikViewLEFserver.Thisis
primarilyusedwhenupdatingthenumberofClientAccessLicenses(CALs).
IftheLEFinformationcannotbeaccessedthroughtheInternet,itcanbeobtainedfromthelocalvendor.In
thatcase,copytheentire lef.txtfiletothelocationmentionedabove,orpastetheLEFdatausingthe
correspondingfieldontheQlikViewServer/PublisherLicensetabinQMC.Contactthelocalvendorfor
specificinstructions.

SR13
5 Building a Farm
5 Building a Farm
Serverfarmscanbeusedtoprovideadditionalperformance,redundancy,andsecurityinplaceofasingle
serversolution.
5.1 Planning
Beforestartingtheactualinstallation,planningisneeded.Thefollowingitemshavetobeconsidered:
l Trustmechanism
l Webserver(QlikViewWebServerorMicrosoftIIS)
l Redundancylevel
l Accounttoruntheservicesunder
l QVPRformat(XMLorSQL)
l Userdirectory
l Userauthentication
l Firewalls
Trust Mechanism
TrustmechanismsareprovidedwithWindowsgroupsorcertificates.
Windowsgroupscaneasilybedeployed,ifallservicesresideinasingleActiveDirectory(AD).Ifencrypted
communicationisneeded,itcanbeaddedmanually.
Certificatesprovidefortrustmechanismsincross-domainenvironmentsandcanalsoprovideSSLencryption.
Web Server
QlikViewWebServerisintendedforusewhenthewebserverisnotneededforotherpurposes.Itis
lightweightandeasytomanage,butatthesametimelimitedtosupportthetasksneededbyaQlikView
installation.
AMicrosoftIIS-hostedwebserverisrecommended,if:
l Moreflexibilityormoreadvancedtuningisrequired
l ThewebserveristobeusedforothertasksthanQlikView
l Anauthorizationschemenotavailableout-of-the-boxisrequired
Redundancy Level
Theredundancylevelismainlyaquestionofclusteringand/orhavingmultiplemachinesrunningthesame
service.AllservicesexceptQlikViewManagementService(QMS)canbeinstalledonmultiplemachines.In
addition,QlikViewServer(QVS),QlikViewDistributionService(QDS),andDirectoryServiceConnector
(DSC)canbeclustered.
Account to Run the Services Under

AdedicatedaccountshouldbecreatedtomanagetheQlikViewservices.Theaccountshouldbeassigned
duringtheinstallation,withproperprivileges,see Security Overview (page 69).Itisrecommendedthatthe
sameaccountisusedforallservices.
QVPR Format
ThechoiceofQVPRformatisbasedonreasonsoutsidetheQlikViewproduct(forexample,backupand
availability).TheinstallationalwaysstartsinXMLmode.

SR13
5 Building a Farm
User Directory
QlikViewdefaultstoWindowsusers(thatis,NTFSmode).Ifnon-Windowsusersaretobegivenaccess
(otherthananonymously),QlikViewServermustruninDocumentMetadataService(DMS)mode.
DMSmodemayalsobepreferableforotherreasons,see Document Level Authorization (page 79).
User Authentication
QlikViewsupportsmultipleauthenticationschemes.AdditionalschemesmayrequireASPXdevelopment
andthepossibleuseofMicrosoftIISforwebservices.
Forinformationontheavailableauthenticationschemes,see Authentication (page 73).
Firewalls
Makesurethattheservicesareabletocommunicate(forexample,byopeningtheappropriateportsinthe
firewalls).Forinformationontheports,see Service by Service (page 53).
5.2 Root/First Install

Beforestarting,makesurethattheappropriateserviceaccount(oraccounts)issetupandavailableonthe
machineswheretheservicesaretobeinstalled.
Inallinstallations,theremustexistexactlyoneQMS,whichmustbeinstalledfirst.NotethattheQMSmust
beabletocommunicatewithallthesubsequentlyinstalledservices.
Ifmoreservicesaretorunonthesameserver,theycanbeinstalledatthesametime.
5.3 Adding Services on Other Machines

Thenextstepistoinstalltheotherservicesontheotherservers.Ifmoreservicesaretorunonthesame
server,theycanbeinstalledatthesametime.Theorderinwhichtheservicesareaddedisnotimportant.
Whentheserviceshavebeeninstalled,itistimetoreturntoQlikViewManagementConsole(QMC)and
configuretheservices.ThisisdoneontheSystemtab.Thefirststepistoaddtheservices.Makesuretonote
thedifferencesbetweenbuildingoutaclusterandcreatingabrandnewcluster.
5.4 Clustering
ThissectionprovidesanoverviewofhowcreateaQlikViewServercluster.Foradditionalinformation,see
Clustering QlikView Servers (page 101)and Clustering QlikView Publisher (page 109).
Note!Do notmixarchitecturesthatis,32-bit(x86)and64-bit(x64)withinacluster.
QlikView Server
FortheQlikViewServerclustertoworkproperly,itisimportanttoset System>Setup>QVS
resource>Folders>Root Foldertoacommonsharedfolder.Inaddition, Alternate Temporary Files Folder
Pathmustbesettoacommonsharedfolder(separatefromtherootfolder).
Ifextensionsareused,itsimplifiesmanagementif Alternate Extension Pathissettoacommonshared
folder.
Itisalsocommonpracticetoset System>Setup>QVS resource>Logging>Log Foldertoacommonplace,
butthisisnotstrictlynecessary.
Note!Therootfoldermust notbeusedforanythingelsethanclusterfiles(thatis, .pgofiles)anduser
documents.

SR13
5 Building a Farm
QlikView Distribution Service

ForaclusterofQDSs, System>Setup>General>Application Data Foldermustbesettoacommonshared
folder.Inaddition, Source Foldersmustbecommonsharedfolders.
Directory Service Connector

AclusterofDSCsdoesnotneedanyspecificsettings.Thedifferencebetweenclusteredandnon-clustered
DSCsiswhetherthesettingsaresharedornot.
QlikView Web Server

Multiplewebserverscanbesetup,buttheyarealwaysconfiguredindependently(thatis,theyarenever
clustered).Notethatitisuncommon,butfromatechnicalperspectivepossible,tohavesomewebservers
runningQlikViewWebServer(QVWS)andsomeMicrosoftIIS.
Tunneling Using Microsoft IIS

TunnelingisusedbyWindowsnativeclients(QlikViewDesktop,theOEMOCX,andtheInternetExplorer
plugin)andneededwhentheclientscannotcommunicatewithQlikViewServeronport4747(mostlikely
duetoafirewallblockingthetraffic):
l QVWS:Noextrasettingsarerequired.
l MicrosoftIIS:The QVSTunnel.dllfilemustbeaddedasanISAPIfilter.
ProceedasfollowstosetuptunnelingforMicrosoftIIS7:
1. OpentheInternetInformationServicesManager.
2. SelecttheIIStopnode.
3. OpentheISAPIandCGIRestrictionsdialog.
4. Select AddintheActionspaneandbrowsetothelocationof QVSTunnel.dll.
5. Provideadescriptionoftheinstanceandcheckthe Allow extension path to executebox.
6. OpenthesitethatistohosttheQlikViewServerandPublisherpagesandclick Scripts.
7. OpentheHandlerMappingsdialog.
8. LocateISAPIdllandselect Edit Features PermissionintheActionspane.
9. Click Executeinthedialogthatopens.
ThefollowingentriesarerequiredintheregistrywhentheQVSandMicrosoftIISarelocatedondifferent
machines:
l Key: [HKEY_LOCAL_MACHINE\SOFTWARE\QlikTech\QlikTunnel]
l Values:
l Name:QVSPort
l Type:DWORD
l Data:000012a6
l Name:QVSServer
l Type:String
l Data:QvsHost
Note!Iftheentriesdonotalreadyexistintheregistry,theyhavetobeaddedmanually.
TesttheQlikViewServertunnelbyenteringthefollowingURLinaclientbrowserwindow:
http://<Servername>/scripts/qvstunnel.dll?test
Servernameisthewebserver.Ifthetunneliscorrectlysetup,thewebpagereturnsamessage(that
tunnelingisavailable)andtheQlikViewServerversionnumber.

SR13
SR13
Part 3 Architecture
Part3Architecture

SR13
SR13
6 Roles
6 Roles
TheoverallarchitectureofaQlikViewinstallationreflectstheseparationofroles.
6.1 QlikView with Publisher

ThefigurebelowshowsaQlikViewdeploymentwithPublishercontainingthelocationoftheQlikView
components.
QlikView deployment with Publisher containing the location of the QlikView components
Front End
Thefrontendiswhereendusersinteractwiththedocumentsanddatathattheyareauthorizedtoseevia
QlikViewServer.ThefrontendcontainstheQlikViewuserdocumentsthattypicallyhavebeencreatedvia
QlikViewPublisheratthebackend.Allcommunicationbetweentheclientandservertakesplacehereand
QlikViewServerisfullyresponsiblefortheclientauthorization.
Thefrontendreliesoninfrastructureresources(forexample,Windows-basedFileShareforclustering).
Note!QlikViewServercurrentlyonlyconformswithWindowsFileShareoraWindows-basedNAS.This
meansthatstoragemustbeowned,governed,andsharedbyaWindowsoperatingsysteminstance(typically
accessedusingapathlike \\<servername>\<share>).
Note!QlikViewdoesnotsupportWindowsDistributedFileSystem(DFS).

SR13
6 Roles
Authenticationofendusersis(withexceptionofthebuilt-inCustomUsers)handledoutsideQlikView.
Back End
ThebackendiswheretheQlikViewsourcedocuments,createdusingQlikViewDeveloper,reside.These
sourcefilescontainscriptstoextractdatafromvariousdatasources(forexample,datawarehouses,Microsoft
Excelfiles,SAP,andSalesforce.com).Thisextractionsometimesinvolvesintermediatefiles(QVD
files).ThemainQlikViewcomponentthatperformstheloadinganddistributionatthebackendisthe
DistributionService.Withinthebackend,theWindowsfilesystemisalwaysinchargeofauthorization(that
is,QlikViewisnotresponsibleforanyaccessprivileges).
Thebackendusestheinfrastructureresourcesforclustering(forexample,Windows-basedFileShare)and
mayalsouseresourceslikeSMTPserversanddirectorycatalogs.
Note!QlikViewServercurrentlyonlyconformswithWindowsFileShareoraWindows-basedNAS.This
meansthatstoragemustbeowned,governed,andsharedbyaWindowsoperatingsysteminstance(typically
accessedusingapathlike \\<servername>\<share>).
Asdepictedhere,boththebackendandfrontendaresuitablefordevelopment,testing,anddeployment.
6.2 QlikView without Publisher

WithoutPublisher,theQlikViewarchitecturebecomesmorerestrictive.Alldistributionandreduction
facilitiesareremovedandreplacedbyareloaddirectlyontheuserdocuments.Withoutthedistribution
abilitiesofPublisher,developersneedtomanuallydeploythe .qvwfilebehindtheserver.

SR13
6 Roles
QlikView architecture without Publisher
6.3 QlikView Server

Thenumberofservers(clusteredornot)withinaninstallationisonlylimitedbythelicense.Itis,however,
notfeasibletorunmorethanoneQVSprocessperserver(physicalorvirtual).QVSisdesignedtomakethe
mostoftheresourcesavailabletoit.NotablytheQVSkeepsasmanycalculationresultsaspossiblecached
inmemorytokeeptheresponsetimestoaminimum.
QlikView Server Client Communication

TheQlikViewServerclientcommunicationarchitecturerequiresthreeprimaryprocesses,whichmustbe
abletocommunicatewitheachotherinaconsistentandsecuremanner.Thisinteractioncanpotentially
involvemultiplemachinesandmultiplenetworkconnections,aswellasothersubordinateprocesses.
QlikView Server client communication

Thethreeprimaryprocessesaredescribedbelow.
Process Description
QVS ProvidesQlikViewfunctionalitytotheclient.Themachinethathoststhisservicemustbe
runningaMicrosoftWindowsoperatingsystem.
Client Runsinawebbrowseroranapplicationshellthatprovidesacontainerfortheclientcode.The
clientcommunicateswithQVSeitherdirectlyorthroughthewebservertoprovidethe
QlikViewinterfaceandfunctionalitytotheenduser.
Web Runsanhttpserver,whichcanbeusedtoservehtmlwebpagestotheclient,assistswith
server authenticationoftheuser,andenablescommunicationbetweentheclientandQVS.
WiththeexceptionofCustomUsers,theauthenticationofclientusersisdoneoutsideQlikViewusing,for
example,Windowsauthentication.See QlikView Server Authentication Using Custom Users (page 76)for
informationonauthenticationofCustomUsers.
TheprotocolsdefinedforclientcommunicationwithQVSarelistedbelow.

SR13
6 Roles
Protocol Description
QlikViewProtocol Encrypted,binary,andTCP-based;communicatesdirectlywithQVSonport
(QVP) 4747.
QVPX XML-based;communicateswiththeQVSusinghttp/httpsthroughaweb
server.
Windowsclients(.exe/.ocx)communicatedirectlywithQVSusingQVPonport4747.Theseclientsdo
notrequireawebservertoestablishandmaintainaconnectionwithQVS.
TheAJAXclientandmobileclientsdonotcommunicatedirectlywithQVS.Theyestablishandmaintaina
connectionusingtheQVPXprotocolthroughawebserver,QlikViewWebServer(QVWS)orMicrosoftIIS.
Thisisnormallydoneusingport80(http).Thewebserver,inturn,communicateswithQVSusingthe
QVPX2protocolonport4747.
ThedefaultinstallationsettingsforQVSuseQVWS,notIIS.QVWSsharesport80withIISonWindows
Vista(andlater)andWindowsServer2003(andlater).OnWindowsXP,onlyoneofthetwowebservers
canuseport80.Ifbothareconfiguredtorun,theymustbeassigneddifferentports.
QlikView Server User Document

Forausertoopenadocument,itisrequiredthat:
l ThereisaClientAccessLicense(CAL)fortheuser
l Theuserhasaccesstothedocument
TheuserdocumentsarealwaysreadbyQVSandthustechnicallyonlyneedtobereadablebytheaccount
runningQVS.TheaccessrightsareeitherstoredintheACLlistofthedocument(whenQVSrunsinNTFS
mode)orinthe .METAfile(whenQVSrunsinDocumentMetadataServicethatis,DMSmode).These
settingsarepartofthedistributionfromthebackend.
Items(forexample,layout,reports,bookmarks,annotations,andinputfieldvalues)createdbyendusersare
storedin .Sharedfiles. .Sharedfilesarenotreplacedbythedistributionfromthebackend.
6.4 Web Server

QlikViewWebServer(QVWS)isincludedaspartoftheQlikViewServerinstallation.Thewebservercan
actasastandaloneservicetofulfilltheneedofmanyQlikViewServerinstallations.
Asanalternative,aMicrosoftIISsolutionthatprovidesmoreflexibility,additionalauthenticationschemes,
andwebservicesforapplicationsotherthanQlikViewServercanbedeployed.WhenIISisused,aspecial
service,QlikViewSettingsService,thathandlesmanagementcallsisinstalled.
OtherwebserverscanbeusedinaQVSenvironment,butatsomepointthetraffictargetingQVShastogo
througheitherQVWSorthededicatedASPXpagesonIIS.
TheQlikViewWebServercomponent(eitherQVWSorIIS-based)performsseveraltasks:
l HandlestheAccessPointbackend
l Transforms/routestrafficbetweenstatelesshttpandto/fromthesession-basedcommunicationwith
QVS
l HandlesloadbalancingofQVSclusters
l Servesstaticcontent(optional)
l HandlesauthorizationofWindows-authenticatedusers
l HandlesauthenticationofCustomUsers(optional)
l HandlesgroupresolutionthroughWindowsorDirectoryServiceConnector(DSC)(optional)

SR13
6 Roles
QlikView Server Tunnel

IftheQVScommunicationport(4747)isblockedinthenetworkfirewall,Windowsclientsattempttore-
routetheirconnectionthroughport80(http).ThisconnectionpathmustthenincludetheQVWS,orbe
installedonMicrosoftIIS,sothatQVStunnelcommunicationcanbeestablished.
6.5 Directory Service Connector

Thefigurebelowshowstheinformationflow.TheDirectoryServiceConnector(DSC)isresponsiblefor
retrievinguserinformationrelatedtoendusersfromavarietyofsources,including(butnotlimitedto)
ActiveDirectory,LDAP,ODBC,andCustomUsers.

ThewebserverusesDSCforgroupresolution,theDistributionServiceusesittolookupe-mailaddressesor
UIDsduringdistribution,andtheManagementServiceusesittohelptheadministratorfindusersand
groups.

SR13
6 Roles
6.6 Management Service

TheManagementServiceistheentrypointforallmanagement,boththroughQlikViewManagement
ConsoleandtheQlikViewAPIs.
Management Service
TheQlikViewManagementService(QMS)keepssettingsinadatabaseofitsown,theQVPR.TheQVPRis
bydefaultstoredasXMLfilesanalternativeisstoringthesettingsinanSQLdatabase.Aninstallation
canonlyhaveasingleinstanceofQMSactive.Active/passivefailovershouldbeusedforredundancy.Note
thatnootherserviceneedsQMStoberunning.

SR13
6 Roles
6.7 Distribution Service
Distribution Service
TheDistributionServiceworkswiththesourcedocumentstoproduce:
l Userdocuments
l .qvwfilesfordistributiontoafolderorviae-mail
l .pdfdocumentsfordistributiontoafolderorviae-mail
Thechainofeventsuptothefinaldistributioninvolvesoneormanyofthefollowingtasks:
1. Dataisloadedfromoneormoredatasources(includingQVD)intooneormore .qvwor .qvdfiles.
2. Adocumentisreducedintooneormoresmallerdocuments.
3. Attributesandusagerulesareadded(applicableonlywhendistributedtoaQVS).
TheDistributionServiceperformsthetasksaccordingtodefinedschedulesand/orasresponsestoevents.
6.8 Reload Engine

IntheabsenceofaPublisherlicense,theReloadEngineprovidesasubsetofthePublisherdistribution
services.TheReloadEngineonlyreloadsuserdocumentsandthesettingsaredefineddirectlyintheuser
documents.
Note!AllQlikViewservicesmustberunningonthesamemachinefortheReloadEnginetowork.Ifyou
installtheservicesondifferentmachines(forexample,theQMC,DSC,andQDSononemachineandthe
QVSandQVWSonanothermachine),theReloadEnginewillnotwork.

SR13
SR13
7 Logging
7 Logging
AllalertsfromtheQlikViewservicesappearintheWindowseventlog.
7.1 Logging from QlikView Server

Detailedsessionlogsarefoundintheloggingdirectory,whichisspecifiedonthe System>Setup>Logging
tabinQlikViewManagementConsole(QMC).Thedefaultlocationis
%ProgramData%\QlikTech\QlikViewServer(C:\Documents and Settings\All
Users\Application Data\QlikTech\QlikViewServeronpre-WindowsVistasystems).
Logfilescanbesettosplit(thatis,createnew)daily,weekly,monthly,yearly,ornever.Performancelog
intervalscanbesetfromoneminuteandhigher.
Note!Settingtheintervaltobeverysmall,forexample,onlyoneminute,maynegativelyimpactthe
performance.
7.2 Session Log

Asessionisdefinedasasingleuserconnectedtoasingledocument.
Note!Thesessionlogisupdatedeachtimeasession ends.Thismeansnologentryiscreatedwhena
sessionstarts.
Thefilenameofthesessionlogis Sessions*.log,where *reflectstheservernameandthesplitinterval.
Eachentryofthesessionlogcontainsthefieldslistedbelow.
Field Description
ExeType TypeofQVSbuild.
Example:RLS32=32-bitreleasebuild
ExeVersion FullversionnumberofQVS.
Example:11.00.11076.0409.10
ServerStarted DateandtimewhenQVSwasstarted.
Timestamp Dateandtimewhenthelogentrywascreated.
Document QlikViewdocumentthatwasaccessed.
Document Filetimestampofthedocumentthatwasaccessed.
Timestamp
QlikViewUser QlikViewsectionaccessuserID(ifused).
ExitReason Reasonforsessiontermination:
l Socketclosed=Client-inducedtermination
l LRU=TerminatedasLeastRecentlyUsedinfavorofnewuser
l Shutdown=Server-inducedterminationforotherreasons
Note!Thisisnotacompletelist,astheexitvalueinsomecasescomesfromtheoperating
system.
SessionStart Timewhenthesessionwasstarted.

SR13
7 Logging
Field Description
SessionDuration Durationofsessioninhours:minutes:seconds.
CPUSpent(s) CPUsecondsspentbythesession.
BytesReceived Bytesreceivedbytheserverduringthesession.
BytesSent Bytessentbytheserverduringthesession.
Calls NumberofQlikViewcallsduringthesession(bidirectional).
Selections NumberofQlikViewselectionsmadeduringthesession.
AuthenticatedUser AuthenticatedWindowsNTuserID(ifany).
IdentifyingUser Clientuseridentification.
ClientMachine Clientmachineidentification.
Identification
SerialNumber SerialnumberoftheQlikViewclient(installedclientsonly,thatis,QlikView
DesktopandInternetExplorerplugin).
ClientType Clienttypeused:
l WindowsExe=QlikViewDesktopandInternetExplorerplugin
l Ajax=allclientsthatusetheQVPXprotocol
l Unknown
ClientBuild BuildversionoftheQlikViewclient.
Version
SecureProtocol Secureprotocolused:
l Onwhenencryptedcommunicationisused(typicallyWindowsclients).
l Offwhennon-encryptedcommunicationisused.
TunnelProtocol TunnelwhenQVStunnelcommunicationisused.
ServerPort Portusedbytheserver.
ClientAddress ClientIPnumberfortheclientthatisconnectedtotheserver(throughtheport
specifiedintheServerPortfieldabove).
ClientPort Clientport.
CALType ClientAccessLicense(CAL)type:
l User=NamedUserCAL
l Session=SessionCAL
l Usage=UsageCAL
l Document=DocumentCAL
CALUsageCount NumberofUsageCALs.
Session SessionID.

SR13
7 Logging
7.3 Performance Log

Theperformancelogisupdatedattheintervalspecifiedonthe System>Setup>LoggingtabinQMC.The
defaultintervalisfiveminutes.Additionalentriesareaddedwhenevertheserverisstartedorstopped.The
filenameofthesessionlogis Performance*.log,where *reflectstheservernameandthesplitinterval.
Eachentryofthelogcontainsthefieldslistedbelow.
Field Description
ExeType TypeofQVSbuild.
Example:RLS32=32-bitreleasebuild
ExeVersion FullversionnumberofQVS.
Example:11.00.11076.0409.10
EntryType Entrytype:
l Serverstarting=Startup
l Normal=Normalintervallogentry
l Servershuttingdown=Shutdown
ActiveDocSessions Numberofdocumentsessions*thathasshownactivityduringtheinterval
andstillexistsattheendoftheinterval.
DocSessions Totalnumberofdocumentsessions*thatexistsattheendoftheinterval.
ActiveAnonymousDocSessions Numberofdocumentsessions*withanonymoususerthathasshown
activityduringtheintervalandstillexistsattheendoftheinterval.
AnonymousDocSessions Totalnumberofdocumentsessions*withanonymoususerthatexistsat
theendoftheinterval.
ActiveTunneledDocSessions Numberofdocumentsessions*withtunneledconnectionthathasshown
activityduringtheintervalandstillexistsattheendoftheinterval.
TunneledDocSessions Totalnumberofdocumentsessions*withtunneledconnectionthatexists
attheendoftheinterval.
DocSessionStarts Numberofdocumentsessions*thathasbeeninitiatedduringtheinterval.
ActiveDocs Numberofdocumentsloadedattheendoftheintervalinwhichtherehas
beenuseractivityduringtheinterval.
RefDocs Numberofdocumentsloadedattheendoftheintervalforwhichthereis
asessionattheendoftheinterval.
LoadedDocs Totalnumberofdocumentsloadedattheendoftheinterval.
DocLoads Numberofnewdocumentsloadedduringtheinterval.

SR13
7 Logging
Field Description
DocLoadFails Numberofdocumentsthathasfailedtoloadduringtheinterval.
Calls TotalnumberofcallstoQVSduringtheinterval.
Selections Numberofselectioncallsduringtheinterval.
ActiveIpAddrs NumberofdistinctIPaddressesthathasbeenactiveduringtheinterval
andstillexistsattheendoftheinterval.
Note!TunneledsessionsandmultipleusersoriginatingfromthesameIPcannotbe
distinguished.
IpAddrs TotalnumberofdistinctIPaddressesconnectedattheendoftheinterval.
Note!TunneledsessionsandmultipleusersoriginatingfromthesameIPcannotbe
distinguished.
ActiveUsers NumberofdistinctNTusersthathasbeenactiveduringtheintervaland
stillexistsattheendoftheinterval.
Note!Anonymoususerscannotbedistinguished.
Users TotalnumberofdistinctNTusersconnectedattheendoftheinterval.
Note!Anonymoususerscannotbedistinguished.
CPULoad AverageCPUloadfromQVSduringtheinterval.
VMAllocated(MB) SizeinMBofthevirtualmemoryallocatedbyQVSattheendofthe
interval**.
VMCommitted(MB) SizeinMBofthevirtualmemoryactuallyusedbyQVSattheendofthe
interval.ThisnumberispartofVMAllocated(MB)andshouldnotexceed
thesizeofthephysicalmemoryinordertoavoidunacceptableresponse
times.
VMFree(MB) SizeinMBoftheunallocatedvirtualmemoryavailabletoQVS**.
VMLargestFreeBlock(MB) SizeinMBofthelargestcontiguousblockofunallocatedvirtualmemory
availabletoQVS.ThisnumberispartofVMFree(MB).
UsageCalBalance -1.00=TherearenoUsageCALs.
*Oneuser+onedocument=Onedocumentsession.
**VMAllocated(MB)+VMFree(MB)=TotalmaximumvirtualmemoryspaceavailabletotheQVSprocess.
7.4 Event Log

TheeventlogisupdatedeachtimealogentryismadeintheWindowseventlogbyQVS.Thestored
informationisamirroroftheinformationwrittentotheWindowseventlog.Thefilenameoftheeventlog
is Events*.log,where *reflectstheservernameandthesplitinterval.

SR13
7 Logging
Usethe Event Log Verbosityradiobuttonsonthe System>Setup>QlikView Servers>Loggingtabinthe

QMCtosettheverbositylevel.Dependingontheverbositylevelselected,thefollowingentriesarewritten
totheEventlog:
l Low:Errormessages
l Medium:Errorandwarningmessages
l High:Error,warning,andinformationmessages
Eachentryofthelogcontainsthefieldslistedbelow.
Field Description
SeverityID IDfortheseveritylevel:
1=Error
2=Warning
4=Information
EventID UniqueIDfortheeventtype.
Severity Eventseveritylevel:
l Error
l Information
l Warning
Message Eventdescription.
7.5 End-user Audit Log

Theend-userauditlogcontainsinformationonuserselections,includingclearedselections,activatedsheets,
applicationofbookmarks,accessedreports,andmaximizedobjects.
Alogfilecalled AUDIT_<machinename>issavedto
%ProgramData%\QlikTech\QlikViewServer(C:\Documents and Settings\All
Users\Application Data\QlikTech\QlikViewServeronpre-WindowsVistasystems).
Note!Tickthe Enable Extensive Audit Loggingcheckboxonthe System>Setup>QlikView
Servers>LoggingtabintheQMCtoenabledetailedauditlogging(forexample,loggingofallselections
thatcomewithabookmark).However,theloggingofuserselectionsinQVSisbasedonhowthecurrent
selectionsobjectworksandthereforelargerselectionsmaynotbeloggedindetail.
Field Description
Server DateandtimewhenQVSwasstarted.
started
Document Pathandnameofthedocumentthatwasaccessed.
Type Typeofselectionmade(forexample,SelectionorBookmark).
Foranoverviewofthetypesavailable,seethetablebelow.
User Username.

SR13
7 Logging
Field Description
Message Informationonthetypeofselectionorapplicationofbookmarkthatwasmadeinthe
document(forexample,ApplyServer\Bookmark15).
Foranoverviewofthemessagesthatcanbepostedinthisfield,seethetablebelow.
Id IDoftheobjectthatisconnectedtotheoperation(forexample,Document\SH03).If
thereisnoobjectconnectedtotheoperation,thisfieldisempty.
Session SessionID.
ThetypesandmessagesthatcanbepostedintheTypeandMessagefieldsintheend-userauditlogare
listedbelow.
Note!Intheend-userauditlog,XXXandYYYarereplacedwithvaluesfromtheQlikViewdocument.
Type Message Description

Bookmark ApplyXXX BookmarkXXXwasapplied.
Bookmark XXX SelectionXXXwasmadebecauseabookmarkwasselected.

Selection Entriesofthistypeareonlyloggedwhendetailedaudit
loggingisselected.
Export SheetObjectXXX SheetobjectXXXwasexported.
Maximize SheetObjectXXX SheetobjectXXXwasmaximized.
Print SheetObjectXXX SheetobjectXXXwasprinted.
Report AccessedreportXXX ReportXXXwasaccessed.
Selection ClearAll Allselectionswerecleared.
Selection XXX SelectionXXXwasmade.
SendToExcel SheetObjectXXX SheetobjectXXXwassenttoMicrosoftExcel.
Sheet ActivatedsheetXXX SheetXXXwasactivated.
Session SessionCollaboration AsessioncollaborationwithIDXXXwasinitiated.

Collaboration Initiated,ID:XXX
Session SessionCollaboration UserXXXjoinedthesessioncollaborationwithIDYYY.

Collaboration userXXXjoined
session,ID:YYY
Session SessionCollaboration UserXXXleftthesessioncollaborationwithIDYYY.

Collaboration userXXXleftsession,
ID:YYY
Thefollowingexampleshowstheresultinglogentrywhenabookmark(Bookmark01)isselected.Thelog
hasbeenputinatableforbetteroverview.
Field Value

SR13
7 Logging
Serverstarted 2013-05-0610:17:33
Timestamp 2013-05-0610:23:28
Document C:\ProgramData\QlikTech\Documents\Test.qvw
Type Bookmark
User QlikTech\jsmith
Message ApplyServer\Bookmark01
Ifdetailedauditloggingisselected,thelogentryabovemaybefollowedbyoneormorelogentriesthat
detailtheselectionsthatweremadebecausethebookmarkwasselected.Intheselogentries,theTypefield
issettoBookmarkSelection.
7.6 Manager Audit Log

Theauditloggingprovidesthepossibilitytotrackchangestotasksandsettingsinthesysteminordertosee
whomadethechangesandwhentheyweremade.
Theauditlogsarestoredin %ProgramData%\QlikTech\ManagementService\AuditLog.One
folderpertableiscreated.Eachfoldercontainsonefileperdaywiththechangesmadetothetasks.Thelogs
aretabseparatedfiles.
Theentriesfoundinthelogsarelistedbelow.
Entry Description
TransactionID TransactionID,whichisusefulforkeepingtrackofchangesmadesimultaneously.
ChangeType Typeofoperation, Update(neworchangedentries)or Delete(entrieshave

beendeleted).
ModifiedTime Timeanddate(inUTC)whenthechangesweremade.
ModifiedByUser Theuserthatmadethechangesintheuserinterface. Systemmeansthatthe

changewasinitiatedbythesystemandnotbyanyuser.
ID IDoftherow(thatwasupdatedordeleted)inthetablethatwaschanged.
Thefollowingexamplecomesfromthe AlertEmailtable.Theloghasbeenputinatableforbetter
overview.
TransactionID 455a241d-8428-4dc7-ba67-4ae7cb21cf3d
ChangeType Update
ModifiedTime 2010-02-0215:12:54
ModifiedByUser MyDomain\mjn
ID b3745325-cee7-4fe7-b681-9c9efe22fc5c
DistributionServiceID 8846d7dd-bb3f-4289-9c9b-b0ca71b7c3b2

SR13
7 Logging
FolderID 18fcf23e-bd07-4fb9-a8ed-eb71df701b0f
MailAddress mjn
Thefollowingexamplecomesfromthe QDSClustertable.Notethat TransactionIDisthesamefor

bothexamples.Thismeansthatthechangesweremadesimultaneously.
TransactionID 455a241d-8428-4dc7-ba67-4ae7cb21cf3d
ChangeType Update
ModifiedTime 2010-02-0215:12:54
ModifiedByUser MyDomain\mjn
ID a37f242c-6d80-42da-a10c-1742d2ec927f
DistributionServiceID 8846d7dd-bb3f-4289-9c9b-b0ca71b7c3b2
QDSWebAdress http://computer-mjn:4720/qtxs.asmx
CurrentWorkorderID 96bff2dc-f1ea-84d2-b6c4-ea58bf5c98e5
CurrentConfigurationID c0c4bbb4-66ab-4a8e-4c3a-16aa7febce6e
7.7 Task Performance Summary

Thetaskperformancesummaryisusedtologtaskperformanceinformation.
Proceedasfollowstoactivatethetaskperformancesummary:
1. Openthe Settings.inifileinatexteditor.Thedefaultlocationofthefileis:
C:\Windows\system32\config\systemprofile\AppData\Roaming\QlikTech\QlikViewBatch
2. Locatethefollowingsectioninthe Settings.inifile:
[Settings 7]
InterfaceLanguage=English
InstalledLIBID110={4D121C39-415E-11D1-934D-0040333C91CC}
3. Add EnableQVBProcessSummary=1attheendofthesectiontoactivatethetaskperformancesummary.
Note!ThelastrowintheSettings.inifilemustbeempty.
4. Savethe Settings.inifile.
5. RestarttheQlikViewDistributionService(QDS).
OncetheQDShasrestarted,thetasklogisupdated.Exampleoftaskoutput:
Name:qvb.exe,PID:1360,PeakCPU:50,0%,PeakPhysicalRAM:26.00Mb,PeakVirtualRAM:
21.69Mb,AverageCPU:1,0%,AveragePhysicalRAM:24.47Mb,AverageVirtualRAM:20.37
Mb,PeakTotalCPU:58,3%,PeakTotalPhysicalRAM:6143.49Mb,PeakTotalVirtualRAM:
12285.17Mb,ElapsedTime:00:00:36.4692722

SR13
8 Documents, Data, and Tasks

8.1 User Documents
AuserdocumentisthedocumentthatanenduserseeswhenaccessingadocumentonQlikViewServer
(QVS).Tofullyidentifyauserdocument,boththeQVSserver/clusterandthepathrelativetotheserver
havetobeknown.Technically,auserdocumentconsistsofthreefiles:
1. .qvwfilethatcontainsthedataandlayout.
2. .METAfilethatcontains:
a. AccessPointattributes
b. Pre-loadoptions
c. Authorization(DocumentMetadataServicethatis,DMSmodeonly)
3. .Sharedfile(seebelow)
Note!IftheuserdocumentisdistributedbytheQlikViewDistributionService,boththe .qvwandthedata
inthe .METAfileareoverwritten.
TheaccesstouserdocumentsiscontrolledbyQlikViewServer.
Shared Files
TherearemultipleobjectsavailableforusercollaborationandsharingthroughQlikViewServer:
l Bookmarks
l Sheetobjects,includingcharts
l Reports
l Annotations
Eachoftheseobjectsmaybedefinedasauserobject,availabletoauthenticatedusers,regardlessofaccess
methodorlocation,orasharedobject,availabletoallusersofthedocumentthroughQVS.
TheobjectsareconfiguredandmanagedusingQlikViewManagementConsole(QMC).
OnceQVSisenabledforserverobjects,anyoftheQVSobjectsettingsarechecked,andthedocumentis
openedinQVS,aspecialdatabasefileiscreatedandmaintainedinthesamelocationastheQlikView
document.ThefilehasthesamenameastheQlikViewdocument,buta .Sharedfileextension.
Example:
l QlikViewdocument: Presidents.qvw
l QVSsharefile: Presidents.qvw.Shared
IfthenameoftheQlikViewdocumentischanged,the .Sharedfilehastobemanuallyrenamedtomatch
beforeopeningtherenamedQlikViewdocumentinQVS.Thispreservesthesharedobjectsattachedtothe
document.
WhenupdatingaServerobject,report,bookmark,orinputfielddata,thefileisexclusivelylocked.Making
aselectionorsimplyactivatingtheobjectdoesnotlockthefileandanynumberofserverscanreadthefile
atthesametime.Apartiallockisimplementedsothatdifferentsectionsofthefilemaybeupdated
simultaneouslybydifferentserversinacluster.
Thefileisreadoncewhentheserveropensthedocument,butitisnotreadagainunlesstherearechanges.
Allsessionssharethesameinternalcopyofthe .Sharedfile(thatis,openingasessiongenerallydoesnot
requirethefiletobereadfromdisk).
Theserverobjectscanbemanaged(forexample,changeofownershipordelete)onthe Documents>User
Documents>Server>Server ObjectstabinQMC.

SR13
8.2 Source Data

Sourcedataisanyexternaldatausedtopopulatethedatawithina .qvwfile.Thesourcedataisloadedto
the .qvwatreloadtime,whichcanbedone:
1. ThroughtheQlikViewDistributionService
2. ThroughtheReloadEngine
3. Manuallybythedeveloper
Accesstosourcedataisnotrequiredforenduserstousethe .qvwdocumentthroughQVSoncethe .qvw
fileispopulated.
8.3 Source Documents

SourcedocumentsareonlyapplicablewhenaPublisherlicenseisapplied.Mostsourcedocumentsoriginate
fromadeveloper,othersarecreatedbytheQlikViewDistributionServiceaspartofthedistributionprocess.
QlikViewDatafiles(QVD)canalsobecreatedaspartofthedistributionprocessasanintermediatestep.A
QVDfileisatableofdatastoredinformatthatisoptimizedforspeedwhenreadbyQlikView.
TheaccesstosourcedocumentsisgovernedbyNTFS.
8.4 Tasks
Taskscanbeusedtoperformawidevarietyofoperationsandbechainedtogetherinanyarbitrarypattern.
Thestartingpointwhendescribingtasksisthetransformationofasourcedocumentintoauserdocument.
Transforming Source Document into User Document

Thetransformationstartswithasourcedocumentandendsinoneormanyuserdocuments.
Source
Ataskisalwaystiedtoasourcedocument,sothesourceisgiven.
Layout
Thesourcedocumentcontainsthelayout,whichiscopiedunchangedallthewaytotheuserdocuments.
Theserversidelayoutisassociatedwiththeuserdocumentandisalsounchanged.
Reload
Thedatacanbe:
l Usedasstoredinthedocument(thatis,noreload)
l Partlyreloadedfromthesource(thatis,requirescriptpreparation)
l Fullyreloadedfromthesource,discardinganyolddata
l ReloadedinpartsbyuseofScriptParameters(whichrequirescriptpreparation)
Reduce
Thedocumentcanbereducedafterreload.Thereductioncaneitherreducetheinputintoasmallerdocument
(simplereduce)orsplititupintoseveralsmallerdocuments(loopandreduce).
Thereductionisbasedonaselection,eitherdonedirectlyinQMCorusingbookmarks.
Distribution
DistributionrequiresaQlikViewPublisherlicense.

SR13
Thedestinationisdefinedas:
l AlistofusersandafolderonaQlikViewServer
l Alistofusersandafolderinthefilesystem
l Alistofusers(assumingtheire-mailaddressesareknown)
Note!Loopanddistributemustbeused,ifdifferentcontentistobedistributedtodifferentusers.Ifnot,
thesamedocument(ordocuments)isdistributedtoall.
Information
Informationcanbeassociatedwiththedocumentaspartofthedistributiontoaserver.Theinformationis
notmovedwiththedocument,ifitisdistributedtoanotherlocation.TheinformationisusedinQlikView
AccessPoint.
Thefollowinginformationcanbeassociatedwiththedocument:
l Description
l Category
l Arbitrarynamevaluepairs
Server Settings
Thesettingsforthedocumentaredistributedtoaserver.Thesettingsarenotmovedwiththedocument,ifit
isdistributedtoanotherlocation.ThesettingsareenforcedbyQlikViewServer.
Authorizationenforcedbytheserver(equaltoallservers):
l Theusersauthorizedtocreateserverobjects
l Theusersauthorizedtodownloadthedocument
l TheusersauthorizedtoprintandexportthedocumenttoMicrosoftExcel
PreferencesappliedbyQlikViewAccessPoint(equaltoallservers):
l InternetExplorerpluginisrecommended
l Mobileclientisrecommended
l AJAXclientisrecommended
Performanceenforcedbytheserver(equaltoallservers):
l Auditlogging
l Maximumopensessions
l Documenttimeout
l Sessiontimeout
Availability(perserver):
l Never
l On-demand
l Pre-loaded

SR13
SR13
9 Service by Service
ThischapterdescribestheQlikViewServer/Publishercomponentsindetail.
Note!TheaccountthatisusedtoruntheQlikViewservicesmusthavelocaladministratorprivileges.
9.1 QlikView Server

Overview
Executable %ProgramFiles%\QlikView\Server\QVS.exe
Data %ProgramData%\QlikTech\QlikViewServer
Listens to QVP:4747;QVP(tunneling):4774;Broadcast:14747;SNMP:161
Uses/Controls -
Used by QDS,QMS,QVWS,QlikViewDesktop/InternetExplorerplugin/OCX
Files
Settings and Configuration
File Description
Settings.ini StorestheQlikViewServer(QVS)settings.Manualchangesinthisfilerequirerestart
ofQVS.ThisfileisalwaysstoredintheDatafolder(see Overview (page 53)).
Cluster
QVSuses .pgofilestocoordinateacluster.ThefilesarestoredintheDatafolder(see Overview (page
53)).
File Description
BorrowedCalData.pgo KeepstrackofborrowedClientAccessLicenses(CALs).
CalData.pgo KeepstrackofCALs.
IniData.pgo Coordinatedversionof Settings.ini.
ServerCounters.pgo Keepstrackofstatistics.
TicketData.pgo Keepstrackoftickets.
Logs
Thelogsarekeptonepernodeinthecluster.ThelogfilesarestoredintheDatafolderbydefault(see
Overview (page 53)forthedefaultpath).
File Description
Events_<computer_name>.log Eventlog.

SR13
File Description
Performance_<computer_name>.log Performancelog.
Sessions_<computer_name>.log Sessionlog.
Special Folders
ThespecialfoldersarestoredintheDatafolder(see Overview (page 53)forthepath).
Folder Description
Extensions Note!TheExtensionsfolderhastobecreatedmanually.
Bydefault,QVSlooksforextensionsinthisfolder.Extensionobjectsarelocated
in Extensions\Objectsanddocumentextensionsarelocatedin
Extensions\Document.U seQlikViewManagementConsole(QMC)to
manageallextensionsinoneplaceincaseofacluster.
Temp Bydefault,QVSputstemporaryfilesinthisfolder(forexample,whenexporting
usingtheAJAXclient,atemporaryfileiscreatedinthefolder).
Load Sharing (Clustering)

Allclusteringrequiresacluster-enabledQlikViewServerlicense.QlikViewServersupportsloadsharingof
documentsacrossmultiplemachines.Thissharingincludestheabilitytoshareinrealtime,information
aboutserverobjects,automateddocumentloading,anduserlicenseCALs.Speciallicensingisavailableto
enablemultipleserverinstancessharethesamelicensenumber.

SR13
Load sharing using QlikView Web Server

TouseloadsharingbetweenmultipleQVSs,alldocumentandsupportfilesmustbesharedbetweenthe
servers.Inotherwords,allserversshouldpointtothesamephysicallocationforthefiles.QVScreatesand
maintainsadditionalfilestostoreloadsharingdata.ThesefileshaveaPersistentGroupObject(.pgo)file
typeextensionandarelocatedintheDatafolder(see Overview (page 53)).Thesefilesarelockedwhen
QVSisrunning.Thedifferent .pgofilescontaininformationonborrowedCALs,CALsinuse,server
settings,andticketdata.
OperatingsystemloadbalanceorfailoverconfigurationsareexternaltotheQVSloadsharingconfiguration,
andQVShasnocontroloverthosesystems.
ServerconfigurationsettingsaresharedbetweenallclusteredQVSsandcanbemaintainedthroughQMC
connectedtoanyoftheclusteredQVSs.PerformanceofaparticularQVSsystemcanbemonitoredthrough
QMCbyconnectingtothatsystem.Theloadbalancingsettings,thatis,whichQVStheclientshouldbe
directedto,arestoredinQlikViewWebServer(QVWS).
Document-relatedmetadataissharedvia .metafiles(oneperdocument).Thisdataisoftenreferredtoas
DocumentMetadataService(DMS)data.SinceDMSdataissharedamongtheQVSs,anyautomated
documentloadproceduresareperformedonallservers.DMSauthorizationisalsosharedamongallclustered
QVSs.

SR13
9.2 QlikView Distribution Service

Overview
Executable %ProgramFiles%\QlikView\Directory Service
Connector\QVDirectoryServiceConnector.exe
Data %ProgramData%\QlikTech\DistributionService
Listens to HTTP:4720;SNMP:4721
Uses/Controls DSC,QVS,QVB
Used by QMS
Note!Afterrestartingthemachine,theWindowseventlogmaycontainamessagethattheQlikView
DistributionService(QDS)failedtostartinatimelymanner,eventhoughitstartedsuccessfully.Thisis
becausetheQDSinitializationphaseislongerthantheWindowstimeoutperiod(30secondsbydefault).
Toavoidtheeventlogmessage,eitherchangetheWindowstimeoutperiodorconfigureQDStodependon
anotherlatestartingservicetomakeQDSstartupduringalessbusyperiod.
Files
TheQlikViewDistributionService(QDS)filescanbedividedintothreegroupsbasedonmainpurpose.All
filesarestoredintheQDSDatafolder(see Overview (page 56)).Inaclusteredsetup,allQDSsmustshare
thesameprogramfolder.Thisissolvedbythefile config_<computer_name>.xml,whichcontainsthe
programdatapathtouse.

ThefileslistedbelowarelocalcopiesoftheinformationstoredinQVPR.
File Description
Configuration.xml Configurationfilefortheservice.
Tasks\Task_ Theactualtasks.Notethatdeletedtasksarenotautomaticallyremoved(due
<GUID>.xml tosupportissueanalysis).
Triggers\Triggers_ Theactualtriggers.Notethatdeletedtriggersarenotautomaticallyremoved
<GUID>.xml (duetosupportissueanalysis).
Notification.xml Usedtosynchronize Configuration.xml, TaskDetails.xm,and

TriggerDetails.xmlwithQVPR.
TaskDetails.xml Alistoftheavailabletasksinthe Tasksfolder.Inaddition,usedto

synchronizethefilesinthatfolderwithQVPR.
TriggerDetails.xml Alistoftheavailabletriggersinthe Triggersfolder.Inaddition,usedto

synchronizethefilesinthatfolderwithQVPR.

SR13
Cluster
File Description
LoadBalancer.xml UsedtoselectwhichQDS(inacluster)todothejob.
Logs
File Description
TaskResults\TaskResult_ LatestresultofthetaskidentifiedbytheGUID.
<GUID>.xml
TaskLogIndex\TaskLogIndex_ Thisisjustforlookup(onefilepertask),pointingtotheactual
<GUID>.xml log.
EdxResults\EdxResult_ Untilthetaskiscompleted,thisfilecontainsthecurrentstatus
<GUID>.xml oftheEDXtask.Whentheexecutionisfinished,itcontainsthe
result(success/fail)andthetaskstartedasaresult(ifany).
<node-nr>\Log\<Date>.txt GeneralQDSeventanderrorlog.
<node-nr>\Log\Cluster_ Synchronizationlog.
<Date>.txt
<node-nr>\Log\LoadBalancer_ Loadbalancinglog.
<Date>.txt
<node-nr>\Log\Root_ QDSeventlog.
<Date>.txt
<node-nr>\Log\WebService_ QDSeventlog.
<Date>.txt
<node-nr>\Log\Workorder_ QDSeventlog.
<Date>.txt
<node-nr>\Log\<date>\<time> QDStaskeventlog.
- <task name>\Tasklog.txt
<node-nr>\Log\<date>\<time> Thedistributionrelatedtothetask(onlyexistsfordistribution
- <task tasks).
name>\DistributionReport.xml

SR13
QlikView Batch
Overview
Executable %ProgramFiles%\QlikView\Distribution Service\qvb.exe
Data -
Listens to COM
Uses/Controls -
Used by QDS
Note!QlikViewBatch(QVB)doesnotsupportgraphicaloruserinputobjects.ThismeansthatQVB
cannotreloaddocumentsthat,forexample,containscriptsthatrequireuserinput.
Files
File Description
Settings.ini Usedtostoresettings.
Logs
File Description
<document_name>.log Reloadlogthatisplacedtogetherwiththereloadeddocument.
9.3 QlikView Publisher Repository

Overview
Executable -
Data %ProgramData%\QlikTech\ManagementService\QVPR
Listens to -
Uses/Controls -
Used by QMS
Files
Bydefault,QlikViewPublisherRepository(QVPR)isasetofXMLfiles.Thesefilesarebackedupas .zip
filesin %ProgramData%\QlikTech\ManagementService\QVPR\Backups.
Security Groups
WheninstallingQlikViewServer/Publisher,acoupleofsecuritygroupsarecreated.
TheQlikViewServer/Publisherservicesmustrununderanaccountthatismemberofthesecuritygroup
QlikViewAdministrators.UsersconnectingtoQMCmustbepartofthisgroup.Anyoneconnectingtoa
remoteservicemustalsobememberofQlikViewAdministrators.

SR13
TheusersconnectingthroughtheAPImustbemembersoftheQlikViewManagementAPIsecuritygroup.
Thegroupisnotcreatedduringtheinstallationandhastobeadded(andpopulated,forexample,withthe
membersoftheQlikViewAdministratorsgroup)manually.Amembershipinthisgroupisrequiredtoimport
tasksfromanotherQlikViewServer/Publisher.
TheQlikViewEDXsecuritygroupisnotcreatedduringtheinstallationandhastobeadded(and
populated)manuallyinorderforuserstorunEDXtasks.
Document Administrators
TodelegatetheresponsibilityofcreatingtaskstopeoplenotpartoftheQlikViewAdministratorsgroup,
userscanbeappointeddocumentadministrators.Thedocumentadministratorsareonlyallowedtoaccessthe
tabsinQMCthatarerelatedtoeitheruserdocumentsorsourcedocuments.
Note!TheuseofdocumentadministratorsrequiresaQlikViewPublisherlicense.
Formoreinformationonhowtoappointdocumentadministrators,seetheQMConlinehelp.
9.4 Configuration Files

Note!UseQMCtosettheparametersdescribedinthissection,sincemodifyingtheconfigurationfiles
directlymaycauseproblems.
Management Service QVManagementService.exe.config

Inadefaultinstallation,thisfileislocatedin %ProgramFiles%\QlikView\Management Service.
Thefilehasanumberofautomaticallygeneratedtagsthatshouldnotbemodified,butthesettingslisted
belowcanbemodified.
Setting Description
ApplicationDataFolder Folderwherethelogfolderandallotherfiles/foldersarecreated.The
defaultvalueis %ProgramData%\QlikTech\ManagementService.
ThisfolderiswheretheXMLversionofQVPRandtheLEFinformation
arestored.
UseHTTPS True=Communicationrunsoverhttps.Acertificateforthewebsiteis
neededtoenablethissetting.
Trace Usedfordebuglogging.
QMSBackendWebServicePort Portthatthebackendmanagementservicelistensto.Thedefaultvalueis
4799.
QMSFrontendWebServicePort Portthatthefrontendmanagementservicelistensto.Thedefaultvalueis
4780.
MaxLogRecords Maximumnumberoflogrecordsthatshouldberetrievedforatask.
EnableAuditLogging True=Tracka)changesontasksandsettingsmadeinthesystem,b)who
madethechanges,andc)whenthechangesweremade.
AuditLogFolder Pathtothefolderwheretheauditlogsaresaved.
AuditLogKeepMaxDays Maximumnumberofdayseachlogissaved.

SR13
Foradditionalinformation,see SNMP (page 125).
Distribution Service QVDistributionService.exe.config

Inadefaultinstallation,thisfileislocatedin %ProgramFiles%\QlikView\Distribution
Service.Theappsettingstagisthepartthatcanbemodified.Someofthesettingsintheconfiguration
filearedescribedbelow.
Setting Description
ApplicationDataFolder Folderwherethelogfolderandallotherfiles/foldersarecreated.
Thedefaultvalueis
%ProgramData%\QlikTech\DistributionService.This
folderiswheretheXMLversionofQVPRandtheLEFinformation
arestored.
WebservicePort PortthattheQlikViewDistributionServiceusestocommunicate
with.Thedefaultvalueis4720.
UseHTTPS True=Communicationrunsoverhttps.
DSCAddress PortthattheDirectoryServiceConnectorserviceusesto
communicatewith.Thedefaultvalueis4730.Ifthevalueis
modified,thetagDSCAddressinthe
QVDirectoryServiceConnector.exe.configfilehastobe
modifiedtoo.
DSCTimeoutSeconds TimeoutforcallstotheDirectoryServiceConnector.
DSCCacheSeconds HowlongtheservicecachestheresponsesfromtheDirectory
ServiceConnector.
QlikViewEngineQuarantineTimeInms HowoftenaQlikViewengineisallowedtostart(inmilliseconds).
OpenDocumentAttempts Howmanytriesthatcanbemadetoopenadocumentbeforeitis
loggedasanerrorduringdistribution.
DebugLog True=EnableloggingofmemoryusageandstacktraceonError
logging.
Trace True=Enabledebuglogging.
EnableBatchMode EnablethissettingtomakebatchcallstotheQlikViewDistribution
Service(see QlikView Distribution Service (page 56)formore
information).

SR13

QVDirectorServiceConnector.exe.config
Thisfileisbydefaultlocatedin %ProgramFiles%\QlikView\Directory Service
Connector\QVDirectoryServiceConnector.exe.config.Thesettingsmostcommonlymodified
arelistedbelow.
Setting Description
ApplicationDataFolder Folderwherethelogfolderandallotherfiles/foldersarecreated.Thedefault
valueis %ProgramData%\QlikTech\DirectoryServiceConnector
(C:\Documents and Settings\All Users\Application
Data\QlikTech\DirectoryServiceConnectoronpre-WindowsVista
systems).
WebservicePort PortthattheDirectoryServiceConnectorserviceusestocommunicatewith.The
defaultvalueis4730.Ifthevalueismodified,thetagDSCAddressinthe
QVDistributionService.exe.configfilehastobemodifiedtoo.
UseHTTPS True=CommunicationrunsoverSSLinsteadofhttp.Acertificatefortheweb
siteisneededtoenablethissetting.
PluginPath PathwheretheDirectoryServiceConnectorlooksforavailableDSPplugins.The
defaultvalueis %ProgramFiles%\QlikView\Directory Service
Connector\DSPlugins.
Trace True=Enabledebuglogging.
DisableCompress Enablethissettingtodisablecompressionofthehttpcommunication.
9.5 Web Server

Thewebservercanbethebuilt-inQlikViewWebServer(QVWS)orMicrosoftIIS.QVWSisinstalledasa
Windowsserviceduringadefault,completeinstallationofQlikViewServer.WhenIISisused,thesame
functionalityisprovidedbyasetofASPXpagesandaspecialsupportservice,QlikViewSettingsService
(QSS).QSSactsasthemanagementinterfaceforsettingsusedbytheASPXpages.
Overview
QlikView Web Server
Executable %ProgramFiles%\QlikView\Server\Web Server\QVWebServer.exe
Data %ProgramData%\QlikTech\WebServer
Listens to HTTP:80;HTTP:4750;SNMP:4751
Uses/Controls DSC
Used by Webbrowserclientsandmobileclients

SR13
QlikView Settings Service
Executable %ProgramFiles%\QlikView\Server\Web Server

Settings\QVWebServerSettingsService.exe
Data %ProgramData%\QlikTech\WebServer
Listens to HTTP:4750
Used by QMS
Files
File Description
Config.xml Configurationfilefortheservice.
Logs
File Description
Log\<date>.txt Eventanderrorlog.
Load Balancing
QVWShostswebpages,preparesthefilelistforAccessPoint,andmanagestheloadbalancingofQlikView
Servers(QVSs).
AccessPointisawebportalfordocumentshostedonQVWS.ThepagesforAccessPointarebydefault
locatedinthefolder %ProgramFiles%\QlikView\Web.QVWSalsoactsaswebserverforanyAJAX
pagesaccessedbytheendusers.
TheloadbalancingperformedbyQVWSisdifferentfromloadbalancingawebserver,sincetheadditional
workandresourceconsumptionisalmostsimilarforeachuser,soitdoesnotmatteronwhichservertheuser
endsup.
Theloadbalancingschemesarelistedbelow.
Scheme Description
Random Thedefaultloadbalancingscheme.Theuserissenttoarandomserver,nomatterifthe
documenttheuserislookingforisloadedornot.
Loaded IfonlyoneQVShastheparticulardocumentloaded,theuserissenttothatQVS.Ifmore
Document thanoneQVSornoneoftheQVSshasthedocumentloaded,theuserissenttotheQVS
withthelargestamountoffreeRAM.
CPUwith TheuserissenttotheleastbusyQVS.
RAM
Overload
ThesettingsforloadbalancingareconfiguredinQMC.

SR13
QlikView AccessPoint
QlikViewAccessPointisawebportalthatliststhedocumentseachuserhasaccessto.AccessPointonly
linkstoeachdocumentitdoesnothostthedocuments.ThehostingisdonebyQlikViewServer.
Thedocumentscanbedisplayedasthumbnailsorinadetailedlist.
Thumbnails view in AccessPoint
Detailed view in AccessPoint
ThesettingsavailableinAccessPointarelistedbelow.
Setting Description
Category Categorygroupingforthedocument.CategoriesaremanagedinQMCunder
Documents>User Documents>Document Information.

SR13
Setting Description
Attribute Attributegroupingforthedocument.AttributesaremanagedinQMCunder
Documents>User Documents>Document Information.
Viewas Documentdisplaytype, Detailedviewor Thumbnailsview.

IntheDetailedview,thedocumentscanbesortedbyName,Category,andLastUpdate.
Clicka view detailslinkintheThumbnailsvieworaplussign(+ )totheleftofadocumentnameinthe
Detailedviewtodisplayadditionalinformationonadocument(seebelow).
Field/Button Description
LastUpdate Whenthedocumentwaslastupdated.
Note!ThisisonlydisplayedintheThumbnailsview.
NextUpdate Whenthedocumentwillbeupdatednexttime.
Note!Thisisonlydisplayedifthedocumentispartofataskthathasa
schema.
FileSize Sizeofthedocument.
AvailableClients Clickaclienttoopenthedocumentwiththatclient.
Removelastdocumentstate Clickthisbuttontoremovethelastdocumentstate.
ClickastariconnexttoadocumentnameintheThumbnailsorDetailedviewtosetthepreferencesforthe
document.
Setting Description
Openwith Selectaclienttomakeitthedefaultclienttoopenthedocumentwith.
Addto Clickthislinktoaddthedocumenttothefavoritedocuments.Select Category>Favorites

favorites inAccessPointtodisplaythefavorites.
Modifying the modal dialogs in the Ajax client

Themodaldialogs,suchas Print, Export,and Server Connection Lost,canbemodifiedinthefile
customTranslations.
Navigateto C:\Program
Files\QlikView\Server\QlikViewClients\QlikViewAjax\htc\customFiles.Thefiles
customConfigand customTranslationsareempty,butthefiles customConfigExampleand
customTranslationsExamplepresentexamplesonhowtoedit.
Inthefile customConfig,itisaprerequisitethat TranslationEventsissetto trueinorderforthe
editsin customTranslationstobevalid.
Forthechangestotakeeffect,theserverhastobestoppedandrestarted.
9.6 Directory Service Connector

ForinformationontheDirectoryServiceProvider(DSP)interface,see DSP Interface (page 123).

SR13
Overview
Executable %ProgramFiles%\QlikView\Directory Service
Connector\QVDirectoryServiceConnector.exe
Data %ProgramData%\QlikTech\DirectoryServiceConnector
Listens to HTTP:4730;SNMP:4731
Uses/Controls -
Used by QDS,QMS,QVWS
Files
ThesesettingsoriginatefromQVPR.
File Description
Resources/<id>.xml DSPconfigurations.
Logs
File Description
9.7 QlikView Management Service

Overview
Executable %ProgramFiles%\QlikView\Management
Service\QVManagementService.exe
Data %ProgramData%\QlikTech\ManagementService
Listens to HTTP:4780(Web);HTTP:4799(API);SNMP:4781
Uses/Controls DSC,QDS,QVS,QVWS
Used by Webbrowser/APIclient
Files
QlikViewManagementService(QMS)keepsaglobalviewofthesettingsinQVPR.
File Description

SR13
Logs
File Description

SR13
Part 4 Security
Part4Security

SR13
SR13
10 Security Overview
10 Security Overview
ThesecurityofQlikViewServer/Publisherconsistsofthefollowingparts:
l Protectionoftheplatform:Howtheplatformitselfisprotectedandhowitneedstocommunicateand
operate.
l Authentication:Whoistheuserandhowcantheuserproveit?QlikViewusesstandard
authenticationprotocols,suchasIntegratedWindowsAuthentication(IWA),HTTPheaders,and
ticketing,toauthenticateeveryuserrequestingaccesstodata.
l Documentlevelauthorization:Istheuserallowedtoaccessthedocumentornot?QlikViewuses
server-sidecapabilitiessuchasDocumentMetadataService(DMS)orWindowsNTFStodetermine
accessprivilegesatfilelevel.
l Datalevelauthorization:Istheuserallowedtoseeallofthedataorjustpartsofit?QlikView
implementsrowandfieldleveldatasecurity,usingacombinationofdocument-levelcapabilities
(SectionAccess)andserver-sidedatareductioncapabilities(QlikViewPublisher).

SR13
SR13
11 Protection of the Platform

11.1 Functionality
Thefunctionalityfordownloadingdocumentsand/orprintandexporttoMicrosoftExcelcanberestrictedat
theuserlevelforeachdocumentontheserver.
11.2 Special Accounts

Supervision Account
ThesupervisionaccountisgrantedaccesstoalldocumentsthatarecreatedbytasksinQlikViewPublisher.
Thecharacteristicsofthesupervisionaccountareasfollows:
l Providesaccessto allfilesontheQVS
l Does notprovideanyaccesstotheQlikViewManagementConsole(QMC)
l Respectsthetypesofclientsthatareallowedforeachdocument(forexample,asupervisionaccount
cannotopenaQlikViewdocumentusingtheAJAXclient,iftheAJAXclienthasbeenblockedby
theuserthatcreatedthetask)
Anonymous User Account

WhenQVSisstartedforthefirsttimeonamachine,aWindowsaccountiscreatedforanonymoususers.The
accountnameis IQVS_name,where nameisthenameofthemachineinthelocalnetwork.
Ifthemachineinquestionisadomainserver,theanonymousaccountiscreatedasadomainaccount.Ifnot,
itiscreatedasalocalmachineaccount.
Eachfolderandfilethatistobeavailableforanonymousclientsmustbegivenreadprivilegesforthe
anonymousaccount.
Note!StartQVSandletitcreatetheanonymousaccountbeforeattemptingtograntanyprivileges.Donot
trytocreatetheanonymousaccountmanually.
QlikView Administrators
TheQlikViewAdministratorsgroupisusedforgrantingaccesstotheQlikViewManagementConsole
(QMC)aswellasauthorizationofcommunicationbetweenservices,ifWindowsAuthenticationisused.
11.3 Communication
Protection of AJAX Client
TheAJAXclientusesHTTPorHTTPSastheprotocolforcommunicationbetweentheclientbrowserand
theQlikViewWebServer(QVWS)orMicrosoftIIS.Itisstronglyrecommendedtoprotectthe
communicationbetweenthebrowserandthewebserverusingSSL/TSLencryptionovertheHTTPprotocol
(thatis,HTTPS).Ifthecommunicationisnotencrypted,itissentascleartext.
ThecommunicationbetweenthewebserverandQVSusesQVPasdescribedbelow.
Protection of Plugin
TheQlikViewplugincancommunicatewithQVSintwoways.Ifthepluginhastheabilitytocommunicate
withQVSusingQVP(port4747),thesecuritydescribedin Server Communication (page 72)isapplied.

SR13
IfthecommunicationcannotuseQVPoriftheclientchoosesitintheplugin,thecommunicationis
tunneledusingHTTPtothewebserver.
IfHTTPSisenabledonthewebserver,thetunnelisencryptedusingSSL/TLS.
Server Communication
TheQVScommunicationusestheQVPprotocol,whichisencryptedbydefault.TheQVPprotocolcanbe
protectedusing1024-bitRSAforkeyexchangeand128-bitRC4fordataencryption,providedtheMicrosoft
EnhancedCryptographicProviderisinstalled.IftheMicrosoftBaseCryptographicProviderisused,the
protectionofthecommunicationis512-bitRSAforkeyexchangeand40-bitRC4fordataencryption.
Services Communication
TheservicesthatarepartoftheQlikViewplatform(thatis,QVS,DSC,QMC,QDS,andQVWS)all
communicateusingwebservices.ThewebservicesauthenticateusingIntegratedWindowsAuthentication
(IWA).

SR13
12 Authentication
12 Authentication
AlthoughQlikViewcanbeconfiguredtoallowanonymousaccess,themajorityofimplementationsrequire
userstobeauthenticated.Insuchenvironments,QlikViewalwaysrequiresthattheuserisauthenticated
whenestablishingasessionviaQlikViewServer(eitherthroughabrowserorwhendownloadingand
openingadocumentviatheQlikViewDesktopclient).
IntheQlikViewcontext,theauthenticationofauserisalmostalwaysdoneagainstanexternalentitythatis
thenusedtopasstheexternallyauthenticateduseridentitytoQlikViewServer.Insuchascenario,
QlikViewreliesontheauthenticationtobeperformedpriortoaccessingQlikView,andthatsometokenof
identityistransmittedto,andtrustedby,QlikView.
12.1 Authentication when Using QlikView Server in a

Windows User Environment
AuthenticationtoaQlikViewServerinanenvironmentbasedonWindowsusers(forexample,incorporating
ActiveDirectory)isstraightforward.Theprocessisasfollows:
1. TheusercredentialsarevalidatedwhentheuserlogsintotheWindowsoperatingsystemonthe
clientmachine.
2. LaterwhentheuserwantstoestablishasessionwithaQlikViewServer(QVS)(forexample,viaa
browseronthedesktop),QVScanusethebuilt-inIntegratedWindowsAuthentication(IWA).
3. Theidentityofthelogged-inuseriscommunicatedtoQlikViewServerusingeithertheKerberosor
theNTLMsecuritysolution.Thissolutionprovidessinglesign-oncapabilitiesrightoutofthebox.
Incasetheauthenticationexchangefailstoidentifytheuser,thebrowserpromptstheuserfora
Windowsuseraccountnameandpassword.
ThefigurebelowshowsthestandardauthenticationflowforIWA:
Authentication when using QlikView Server in a Windows user environment

SR13
12 Authentication
ThefigurebelowshowstheauthenticationflowforthecombinationofNTLMandalternatelogin,which
differsfromthestandardflowforIWA:
Authentication using NTLM and alternate form

Theauthenticationprocessdiffersbasedontheenvironment:
l LocalAreaNetwork(LAN):IWAismostcommonandmostsuitableforrecognizingWindowsusers
onaLAN.Theactofauthenticationisperformedwhenloggingintheworkstation,andthisidentity
isleveragedbyQlikView.
l Multi-domainenvironment:TheinternalcompanynetworkIWAshouldbeavoidedinarchitectures
wherethereisamulti-domainenvironmentwithnotrustrelationshipbetweenthedomainofthe
workstationandthedomainoftheserver,orwhenusedacrossareverseproxy.Insuchan
environment,configuretheQlikViewdeploymenttouseeitheranexistingexternalSSOserviceora
QlikViewcustomticketexchangetoexposeanauthenticatedidentitytoQlikView.
12.2 Authentication with a QlikView Server Using an
Existing Single Sign-on Software Package
InenvironmentswhereanSSOinfrastructurealreadyexists(forexample,CASiteMinder,IBMWebSeal,
orOracleOblix),QlikViewcanusetheHTTPheaderinjectionmethodofsinglesign-onprovidedbythe
SSOinfrastructure.Thismeanssinglesign-onisprovidedrightoutofthebox.TheSSOinfrastructure
softwarepackagescanbeconfiguredasfollows:
l Repeatusergetaccess:Thesoftwarepackagescanbeconfiguredtoprotectaresource.Whenauser
requestsaccesstoQlikView,theSSOpackagegrantsaccess,iftheuserhaspreviouslysignedinto
theSSOauthenticationpage.
l Newuserlogin:IftheuserdoesnothaveanexistingsessionwiththeSSOpackage,theuseris
redirectedtotheSSOpackageloginpage.Afterloggingin,theuserisredirectedtotheoriginalURL
thattheuserrequested.

SR13
12 Authentication
Inbothcases,iftheuserhasproperlyauthenticatedtotheSSOsoftware,theusernameisinjectedintoan
HTTPheaderandthevalueinthatheaderiswhattheQlikViewserveracceptsastheauthenticatedidentity
oftheuser.
Note!UnlessSSOsoftwareisinplace,theHTTPheadermethodofauthenticatingtoaQlikViewServer
mustnotbeused.HTTPheaderscaneasilybespoofed.AlloftheSSOsoftwarepackagesmentionedabove
provideprotectionagainstthistypeofspoofingattacks,ifthesoftwarepackageistheonlypathforusersto
accessthecontent.
QlikViewdoesnotrecommendorendorseanyspecifictoolorproductforprovidingidentityinHTTP
headers.Theapproachishighlysuitedtoextranetdeploymentswhereintheusersmaynotexistinthe
internalActiveDirectory.TheactofauthenticationisperformedbythereverseproxyorISAPIfilterthat
interceptstheattemptoftheendusertointeractwithQlikViewcontent.
12.3 Authentication Using neither IWA nor Single Sign-on

Software
QlikViewprovidesathirdmethodforsinglesign-on,CustomTicketExchange(CTE),whenneitherofthe
methodsdescribedaboveissuitable.
CTEreliesontheuserhavingauthenticatedpreviouslytoanothersystem:
1. Thethird-partysystemisgrantedtheprivilegeandresponsibilitytorequestanauthenticationtoken
(calledaticketinQlikView)fromQVSonbehalfoftheauthenticateduserofthethird-party
system.Itistheresponsibilityofthethird-partysystemtoonlyrequestticketsforusersthathave
beenproperlyauthenticated(forexample,QVShasnoknowledgeoftheauthenticationstatusofthe
user).
2. Thesystemthenpassestheauthenticationtokentotheuser,whousesitinarequesttoopena
sessionwithQVS.
3. QVSchecksthattheticketisvalidandthenopensasessionfortheauthenticateduser.
TicketedauthenticationismainlyapplicablewhenembeddingQlikViewcontentinthird-partyapplications
andportals,andisrarelyusedforprovidinggeneralaccesstoQlikView.Typicallyasmallamountofcustom
developmentisneededtoimplementtherequestandpassingoftheticketfortheCTEmethodtowork.

SR13
12 Authentication
Authentication using neither IWA nor single sign-on software
12.4 QlikView Server Authentication Using Custom Users

Thethreemethodsdescribedabovealluseasinglesign-onprinciple,wheretheuserIDandpasswordare
storedexternallytoQlikViewServerandanexternalentityisresponsiblefortheauthentication.Less
common,althoughpossible,istheabilitytostoretheusercredentialsintheQlikViewServerenvironment
usingtheCustomUsersfunctionalityinQlikViewPublisher.Inthiscase,usersandpasswordsaredefined
andstoredwithintheQlikViewenvironmentandthewebtieroftheQlikViewdeploymentisresponsible
forformsauthentication.Thissolutionissuitableforsmaller,standaloneQlikViewServerdeployments,and
mustnotbeusedinenvironmentswheretheuserdefinitionsaretobeavailabletomultiplesystems.Insuch
environments,itishighlyrecommendedtouseoneofthethreesinglesign-onsolutionsdescribedabove.
Eachcoexistentformofauthenticationmayrequireadistinctwebserverinstance.Severalwebserverscan
forwarduserrequeststothesameQVSinstance(s).

SR13
12 Authentication
QlikView Server authentication using Custom Users

SR13
SR13
13 Authorization
13 Authorization
Onceauserhasbeenauthenticated(thatis,thesystemknowswhotheuseris),thefirststepinassigningthe
securityprivilegeshasbeencompleted.Thesecondstepistounderstandtheauthorityoraccessrightsthat
theuserhastoapplications,data,orboth.ThisstepisreferredtoasAuthorization.Atafundamentallevel,
anadministratorpopulatesanAccessControlList(ACL)withalistofusersand/orgroupsandwhattheyare
tohaveaccessto.Whenthetimecomesforausertorequestaccess,thesystemlooksuptheauthenticated
identityoftheuserintheACLandverifiesiftheadministratorhasgrantedtheuserenoughprivilegestodo
so.
DirectaccesstoaQlikViewdocumentusingQlikViewDesktopisalwaysgovernedbytheWindowsNTFS
filesecurity.Accesstotheweb-basedQlikViewManagementConsole(QMC)isrestrictedtoWindowsusers
thataremembersofaparticularlocalWindowsgroup.
13.1 Document Level Authorization

Onceauserhasbeenauthenticated,QlikViewServertypicallyhandlesauthorizationonitsown.QlikView
ServerprovidesthechoicebetweenstoringtheACLinformationasWindowsNTFSprivileges(applicable
onlywhentheuserisauthenticatedusingaWindowsuseridentity)orbystoringtheACLinformationinthe
internalrepository,DocumentMetadataService(DMS),inQlikView.ThechoiceofNTFSorDMSaffects
theaccesstoalldocumentsinQlikViewServer.
NTFS vs. DMS

QlikViewServercanusetheNTFSprivilegesoftheWindowsfilesystemtostoreauthorizationinformation.
WheninNTFSauthorizationmode,QlikViewServercontrolsaccesstoagivenQlikViewdocumentby
determiningiftheauthenticateduserhasNTFSprivilegestotheunderlyingQlikViewdocumentfile(.qvw).
ThisisbasedontheoperatingsystemprivilegesandWindowsNTFSisusedfortheACL.Theprivilegesof
theauthenticateduserareconfiguredbyaserveradministratorusingstandardWindowsExplorer
functionalityviadirectorypropertiesoptions.
AsanalternativetoWindowsNTFS,QlikViewcanuseitsownACL,DMS.UnlikeNTFS,thisallowsnon-
Windowsusersandgroupstobeauthorizedtoaccessapplicationsanddata.DMSintegratesfullywiththe
existingDirectoryServiceProvider(forexample,ActiveDirectory,otherLDAP)whereGroupMembership
hasbeenrecordedthisisamechanismbywhichQlikViewServercanre-useexistingenterpriseaccounts
andgroupstructures.Thepermittedusersorgroupsarerecordedinametafilethatresidesnexttothe
QlikViewdocument,anditismanagedusingQMC.
NTFSisthedefaultdocumentauthorizationmodel,suitablewhenallusersandgroupsareidentifiedin
ActiveDirectoryorlocallyontheQlikViewServerhost.TheNTFSpermissionsmaybeinheritedfromthe
directorythattheQlikViewdocumentsarein,ormaybeassignedusingQlikViewPublisherdistribution
tasks.
DMSisrequiredwhentheauthenticateduseridentityisnotaWindowsuseraccount.TheDMSpermissions
areexplicitlyassignedusingQMC,ormaybeassignedusingQlikViewPublisherdistributiontasks.
Note!Whenauthenticatingauserviaawebticket,theuserisnotaproperWindowsuser,evenifsending
intheusernameinActiveDirectoryformat(forexample,QLIKVIEW\jsmith).Thismeansthat
DMSauthorizationshouldbeusedwhenusingwebtickets.
13.2 Data Level Authorization

Datalevelauthorizationallowsaccesstobegrantedordeniedonadocumentlevelandeventospecificdata
inadocument.

SR13
13 Authorization
Therearetwotypesofdatalevelauthorizations:
l Dynamicdatareduction:Determinesiftheuserisallowedtoviewthedatawhentheusertriesto
accessit.
l Staticdatareduction:PerformedbyQlikViewPublisher,determinesiftheuserisallowedtoviewthe
datawhenitispreparedfortheuser.
Staticanddynamicreductionofdatacanbeusedonitsown,butcanalsobecombinedtodeliverdatalevel
authorization.
Dynamic Data Reduction

DynamicdatareductionisdoneinQlikViewusingtheconceptofSectionAccess,whichispartofthe
QlikViewdocument.
SectionAccessManagementisconfiguredintheQlikViewManagementConsole(QMC).Forinformation,
seetheQMChelp.
Static Data Reduction

Forlargerdeploymentsand/orthoseinneedofcentralizedcontrolofauthorizationcapabilities,QlikView
Server/Publisherareused.Departmentsorfunctionsoftenhaveamasterapplicationthatcontainsall
relevantdatacoveringallanalysisneeds,andthismasterdocumentneedstobeseparated(reduced)
accordingtotheneedsandaccessprivilegesoftheintendedaudience.QlikViewPublisherreloadsthe
QlikViewdocumentwithavailabledata,refreshestheSectionAccesstables,andsplitsthelargeQlikView
documentintosmallerdocumentsbasedonvaluesinaparticularfield.
Thisreductionanddistributionallowsforafilecontainingmanydatafieldstobebrokenupbythe
contentsofafieldanddistributedtoauthorizedusersorgroupsaccordingtotheiraccessprivileges.
Oneofthebenefitsofreducinganddistributingsourcefilesinthismanneristhatthedocumentsthatare
createdinthisprocesscontainnoexplicitreferencetothesourcedata(forexample,adatabaseconnection
string)intheirscriptenvironments.Therefore,ifauserinteractswiththedocumentviaQlikViewDesktop,
theusercannotseethelocationofthesourcedata.Allofthedatapertinenttotheuserneedsiscontainedin
thedocument.
AnadministratorcanuseQMCtocreatetasksonsource .qvwor .qvdfilestoaccomplishthis.Atabasic
level,thestepsareasfollows:
1. Onthesourcedocument(either .qvwor .qvd),applythedatareductioncriteria(forexample,
choosethefieldnameonwhichtoreducethedata).
2. Applythedistributioncriteriatothenewlycreated(reduced)files:
a.AssigntheauthorizationprivilegesusingeitherDMSorNTFSACLs.
b.Choosethetypeofdistribution(forexample, .qvwfilesor .pdfreport).
c.Choosethelocationforthenewlycreatedfiles.
3. Applythenotificationcriteriaforthecompletionofthetask(forexample,e-mailnotification)
Thenewlycreatedfilesonlycontainthedatathattheuserorgroupisauthorizedtosee,sincethedatahas
beenreducedfromthemasterdocumentinaccordancetothereductioncriteria.Thisiswhytheprocessis
termedStaticDataReduction.Hence,thereisnoriskofanunauthorizedpersonviewingdata,sinceonly
authorizeddataexistsineachfile.

SR13
Part 5 Licensing
Part5Licensing

SR13
SR13
14 Client Access Licenses

ToconnecttoaQlikViewServer(QVS),eachclientneedsaClientAccessLicense(CAL).TheCALsare
purchasedwithQlikViewServerandtiedtotheserverserialnumber.ACALisnevertransferredtoaclient,
butaclientusestheCALwhenconnectingtotheserveror,ifaclusterlicenseisused,aspecificQlikView
Servercluster.CALscannotbetransferredbetweendifferentQlikViewServerclusters.Ifauserisrequiredto
workwithdocumentsresidingindifferentclusters,aseparateCALisneededforeachoftheclusters.
Note!TheCALsrequiretheQlikViewServerswithinaclustertobewithinthesamegeographicaland
physicallocationandwithinthesamenetworksub-net/segment.
14.1 CAL Types

TheCALsdescribedbelowareusedtoprovideusersaccesstothevariousQlikViewServersidentifiedin
Editions of QlikView Server (page 87).
Note!CALsareusedforlicensingonlyandtheyhavenothingtodowithuserauthenticationfordata
accesspurposes.
CAL Type Description

Named ANamedUserCALisassignedtoauniqueandidentifieduser(see Identification (page
UserCAL 84)forinformationonhowusersareidentified)whomayaccessasmanyQlikView
(an documentsasmayresideontheserverorserverclustertowhichtheNamedUserCALis
identified assigned.ANamedUserCALmaybetransferredtoanotheruserpursuanttothesoftware
userona licensingagreement,inwhichcasethereisa24-hourquarantinebeforetheNamedUser
server) CALcanbetransferredtoanotheruser.Thereisnotimelimitforhowlongauserassigneda
NamedUserCALcanaccessaQlikViewdocument.
Document ADocumentCALisassignedtoauniqueandidentifieduser(see Identification (page 84)

CAL(an forinformationonhowusersareidentified)whomayaccessonlytheoneQlikView
identified documenttowhichtheDocumentCALisassigned.MultipleDocumentCALscanbe
user assignedtoaparticularuser.Forexample,ifauserconnectstotwoQlikViewdocuments,
withina theuserwillhavebeenassignedtwoDocumentCALs.ADocumentCALmaybe
given transferredtoanotheruserpursuanttothesoftwarelicensingagreement,inwhichcasethere
document) isa24-hourquarantinebeforetheDocumentCALcanbetransferredtoanotheruser.There
isnotimelimitforhowlongauserassignedaDocumentCALcanaccesstheQlikView
documenttowhichtheCALisassigned.
Session ASessionCALallowsanyuser,identifiedoranonymous/unidentified,ononeQlikView
CAL clienttoaccessasmanyQlikViewdocumentsasmayresideontheserverorserverclusterto
whichtheSessionCALisassignedforaminimumperiodof15minutes.ForSessionCALs,
theQlikViewclientreferstoeachuniqueinstanceoftheQlikViewclient(forexample,the
AJAXclient,QlikViewDesktop,ortheInternetExplorerplugin)ontheusersmachine.The
minimumsessiontimeforaSessionCALis15minutes,whichmeansthatsessionsthatend
inlessthan15minuteswillstillconsumethesessionuntilthe15minutemarkispassed;
thosewhichterminateafter15minuteswillconsumetheiractualsessionlength.Bydefault,
thereisnomaximumsessionlength,butthiscanbeconfigured.

SR13
CAL Type Description

Usage AUsageCALallowsanyuser,identifiedoranonymous/unidentified,toaccessonlyone
CAL QlikViewdocument,residingontheserverorserverclustertowhichtheUsageCALis
assigned,fromoneclient(forexample,theAJAXclient,QlikViewDesktop,ortheInternet
Explorerplugin)foratimeperiodof60minutesper28-dayperiod.Ifauserexceedsthe60
minutetimelimitation,theuserwillhaveconsumedtwoUsageCALswithoutanywarning
beinggiventotheuser.Every28days,theUsageCALisrefreshedandtheusermayonce
againviewanewQlikViewdocumentfor60minutes,usingthesameUsageCAL.Usage
CALsarecontinuouslyrecharged(atapacecorrespondingto1/28ofthe totalnumberof
UsageCALsassignedtotheQlikViewServerperday).
14.2 Identification
TouseaNamedUserCALoraDocumentCAL,theclientusermustbeidentifiedviaanauthenticateduser
name(WindowsActiveDirectoryorthroughaticketexchangebetweenthewebserverandQlikView
Server).AnIPaddressisnotavalidformofidentificationforaNamedUserCAL.Thetwomethodsof
identificationcannotbemixedonthesameinstanceofQlikViewServer.Notethattheusername
identificationrequiresWindowsauthenticationonAJAXclients,sincemachinenameidentificationcannot
beusedfortheseclients.
AnyCALusedbyanidentifiedusermaynotbetransferredtoanotheruser,unlessthetransferisduetoa
changeintheemploymentstatusorworkdutiesoftheprioruser,inwhichcasethereisa24-hourquarantine
beforetheCALbetransferredtoanotheruser.
14.3 Document CAL Restrictions

ThepurposeoftheDocumentCAListoprovideamechanismbywhichlicenseescanlicensetheuseofa
singledocument.Topreventthecombinationofmanydatamodelsinasingledocument,thereare
restrictionsinthedocumentsthatcanbeusedwiththeDocumentCAL.However,theNamedUserCAL,the
SessionCAL,andtheUsageCALcanbeusedtoopenanyfunctionalQlikViewdocument.TheDocument
CALcanonlybeusedwithdocumentsthathaveasinglecontiguousdatamodelanddonotcontainany
chasmtrapsbetweentables.
MostcommondatamodelsusedinQlikViewdocumentscanbeusedforDocumentCALs.Forinstance,
properstarschemasandsnowflakeschemastypicallyhavethefieldwiththehighestcardinalityinthefact
tableandthekeysindimensionaltableshavealowercardinality.Forsnowflakeschemas,thecardinality
decreasesfurtherwhenmovingawayfromthefacttable.Documentscontainingsuchmodelstypicallyfulfill
theabovedemandsandarewell-suitedforDocumentCALs.
Documentswithmultiplelogicalislandsarenormallynotallowed.Multiplelogicalislandsareonly
allowed,iftheadditionaltablesareunconnectedandcontainonlyfewrecordsorasinglecolumn.
Inaddition,thedocumentmaynotcontainanylooselycoupledtables.
Finally,thecardinality(thatis,thenumberofdistinctvalues)ofthekeyfieldsmustdecreasewhenmoving
awayfromthefacttable.
14.4 Combining Different CALs

AgiveninstanceofQlikViewServercancarryanycombinationoftheCALtypeslistedin CAL Types
(page 83).WhendifferentCALtypesarecombinedonthesameserver,theorderofpriorityintheCAL
assignmentisdoneasfollows:
1. IfthereisadedicatedNamedUserCALfortheconnectingclient,itisused.
2. IfthereisadedicatedDocumentCALfortheconnectingclient,itisused.
3. IfanewNamedUserCALcanbeassignedtotheconnectingclient,itisused.

SR13
4. IfanewDocumentCALcanbeassignedtotheconnectingclient,itisused.
5. IfthereisanavailableSessionCAL,itisused.
6. IfthereisanavailableUsageCAL,itisused.
7. Ifnoneoftheabove,accessisdenied.
14.5 License Lease

AQlikViewclientthatdoesnothavearegisteredlicenseisallowedtoconnecttoQlikViewServerand
borrowalicense,sothattheusercanworkofflineforaperiodof30days.TheQlikViewclientmustthen
makeanauthenticatedlogon(notanonymous)andobtainaNamedUserCAL.EachtimeQlikViewis
started,QlikViewtriestocontactQlikViewServerandrenewthelicenselease.Iftheclientcannotreachthe
serverafter30days,thelicenseleaseexpires.
AlicenseleasecanonlybeusedwithQlikViewDesktopandtheInternetExplorerplugin.Thismeansa
licenseleasecannotbeobtainedwhenusinganAJAXclient.AlicenseleaseisnotsupportedbyOEM
ServersorTestServers.
14.6 Cluster Licensing

AspecialtypeoflicenseisavailabletoallowmultipleQlikViewServerinstallationstosharethesame
licenseserialnumberandsupportsharedCALs.Theserversareautomaticallyconsideredasclustered.Note
thatthisconfigurationaffectsnetworkswhereunauthorizedlicensesharingbetweentestandproduction
environmentshasbeenconfigured.
Note!TheCALsrequiretheQlikViewServerswithinaclustertobewithinthesamegeographicaland
physicallocationandwithinthesamenetworksub-net/segment.
14.7 Cold Standby Servers

QlikViewServerlicensekeyscanbeinstalledonasmanyserversasrequiredprovidedthatonlythelicensed
numberofQlikViewServersarerunningatanygiventime.Thus,acoldstandbyenvironmentcanbe
installedandready-to-run,butcannotbelive(thatis,theWindowsservicescannotbestarted)andinuse
priortotheliveenvironmentbeingshutdown.

SR13
SR13
15 Editions of QlikView Server

QlikViewServercomesinanumberofeditionsdesignedfordifferentorganizationsandpurposes.
Upgradingisdonethroughthelicensekey.
15.1 Editions
ThevariouseditionsofQlikViewServerarelistedbelow.
Edition Description
QlikView QlikViewEEServerisdesignedtobeusedinlargeandcomplexdeploymentsand
Enterprise providesfeaturessuchasunlimiteddocuments,server-basedcollaboration,integrationwith
Edition third-partysecuritysystems,serverclustering,andclusterlicensing.Theminimum
(EE)Server configurationofaQlikViewEEServerisfiveNamedUserClientAccessLicenses(CALs).
QlikView QlikViewSBEServerisdesignedtobeusedinsmallerdeployments.Theminimum
Small configurationofaQlikViewSBEServerisfiveNamedUserCALs.
Business
Edition
(SBE)
Server
QlikView QlikViewIASisaQlikViewServerthatislicensedforanuncappednumberofusersanda
Information singleQlikViewdocument.TheIASmaybelicensedwithmultipleQlikViewdocuments
Access foranadditionalfee.QlikViewIASrunsinanonymousmode,mustbepublically
Server accessiblewithoutauthentication(onthepublicInternet),andmustnotbeplacedbehinda
(IAS) firewall.TheAJAXclientoracustomizedAJAXclientcanbeusedviaQlikView
WorkBench,whichisincludedinIAS.
Note!ThereisnolicenseleasefromQlikViewIAS.
QlikView QESallowsenduserstodeployQlikViewsolutionstotheirextranet.QESisbasedon
Extranet QlikViewEEServer,butonlysupportsuptothreeQlikViewdocuments.Theservercanbe
Server deployedwithacombinationofSessionandUsageCALs.QESsupportsmobileclients
(QES) andcanbedeployedinclusteredenvironments.TheAJAXclientoracustomizedAJAX
clientcanbeusedviaQlikViewWorkBench,whichisincludedinQES.Theminimum
configurationofaQlikViewQESServerisfiveExtranetSessionCALs.
InadditiontotheeditionsofQlikViewServerdescribedabove,thereisalsoanumberofadditional,server-
relatedproducts,allofwhicharelistedbelow.
Product Description
QlikView QlikViewTestServerisalicensethatprovidesanenvironmentseparatefromproduction
TestServer tousefordatavalidation,applicationtesting,andpreparation/migrationofQlikView
documentstonewversionsand/orreleasesofQlikView.
QlikViewTestServercomesintwoeditions,QlikViewEETestServerandQlikViewSBE
TestServer,bothofwhichhavethesamefeaturesandlimitationsasthecorresponding
productionservers.Inaddition,thewatermarkTestissuperimposedonallchartsand
addedtoallobjectcaptions.
Note!ThereisnolicenseleasefromQlikViewTestServer.

SR13
Product Description
QlikView QlikViewPublisherisalicensethataddssignificantfunctionalitytothestandardreload
Publisher capabilityofQlikViewServer.QlikViewPublisherincludesfunctionalitytohandlefield
levelsecurityandaccesscontrolfromcentraladministrationsoftwarelikeWindowActive
DirectoryorNovellLDAP.QlikViewPublisherisalsoneededtosupportcomplex
distributionmodelsforQlikViewdocuments.Inaddition,eachlicenseofQlikView
Publisherallowsanadditionalnode/serverforreload,distribution,orsecuritymanagement
inamulti-node/serverdeployment.
WiththeadditionalcomponentQlikViewPublisherReportDistribution,anyQlikView
documentreportcanbedistributedasa .pdffiletoafolderorviaemailorSMTP.
QlikView QlikViewWorkBench(anadd-ontoQlikViewEEServer)isadevelopmenttoolfor
WorkBench creatingwebmash-upswithQlikView.Itfeaturesdraganddropeditingcapabilities
withintheMicrosoftVisualStudiodevelopmentenvironmentandallowsforcustom
webinterfacesandintegrationwiththird-partyservices.
Note!QlikViewWorkBenchisnotavailableforusewithQlikViewSBEServer.
QlikView QlikViewWebParts(anadd-ontoQlikViewEEServer)forMicrosoftSharePointallows
WebParts forrapiddeploymentofQlikViewobjectswithinMicrosoftSharePointportal
for environments.
Microsoft
Note!QlikViewWebPartsarenotavailableforusewithQlikViewSBEServer.
SharePoint
QlikView QlikViewLocalClientisaclientwithallfunctionalityusedtodevelopQlikView
LocalClient documents.QlikViewLocalClientisdeployed,iftheenduserdeployslocalclientsonly.
QlikView AnybodyregisteredonQlikView.comisallowedtodownloadQlikViewanddevelop
Personal QlikViewdocumentsforpersonaluse.TherearenorestrictionstoQlikViewPersonal
Edition EditionexceptthatitcannotopenQlikViewdocumentscreatedbyotherusersorperform
animportofanentirelayoutfromanXMLfile.

SR13
15.2 Features and Limitations

ThetablebelowliststhefeaturesandlimitationsofeacheditionofQlikViewServer(Yes=supported,No=
notsupported).
EE SBE IAS QES
Licensing
NamedUserCALs Yes Yes No No

(max
25)
SessionCALs Yes No Yes Yes

(unlimited)
UsageCALs Yes No No Yes
DocumentCALs Yes Yes No No

(max
100)
ExternalUsersAllowed? No No Yes Yes
Clients
AJAX(andmobiledevicesviaAJAX) Yes Yes Yes Yes

(WorkBench (WorkBench
included) included)
InternetExplorerPlugin Yes Yes No No
InstalledQlikViewClient Yes Yes No No
Scalability
Canbeclustered(additionalserverlicenserequired) Yes No Yes Yes
UnlimitedDocuments Yes Yes No No

(1document (3
only) documents
only)
Integration
ThirdPartySecurityIntegration Yes No No Yes
DynamicDataUpdate Yes Yes Yes Yes
Features
LicenseLease(offlineaccess,NamedUserCALs Yes Yes No No

required)
Annotations Yes Yes No Yes
Collaboration(sheets,sheetobjects,andinputfields) Yes Yes No No
SessionCollaboration Yes Yes No Yes

SR13
EE SBE IAS QES

QlikViewPublisherandPDFgeneration(additional Yes Yes No No
licenserequired)
QlikViewConnectorforusewithSAPNetWeaver Yes Yes Yes Yes

(additionallicenserequired)
TestServerOption Yes Yes Yes Yes
CanbeembeddedinMicrosoftSharePoint(QlikView Yes No Yes Yes

WebPartsforMicrosoftSharePoint)(additionallicense
required)
Buildbespokemashups/AJAXapplications(QlikView Yes No Yes Yes

WorkBench)(additionallicenserequired) (included) (included)
Security
SectionAccess Yes Yes No Yes
DocumentMetadataService(DMS) Yes No No Yes
ActiveDirectory/NTFS Yes Yes No Yes
AnonymousUser Yes No Yes No

(with (mandatory)
Session
CALs)

SR13
Part 6 Appendix
Part6Appendix

SR13
SR13
16 Silent Installation
Whenrunningasilentinstallation,QlikViewisinstalledwithalimitedsetofornodialogsatall.This
meansallfeatures,properties,anduserselectionshavetobeknownwhencreatingthesilentinstallation
package.TherearealsosomestandardpropertiesinWindowsInstallerServicethatmayberequired.
Toprepareasilentinstallation,theMSIfilehastobeextractedfromtheQlikView Setup.exefile.
Asilentinstallationcanberunwithdifferentinterfacelevels:
/qn Completelysilent.
/qb Basicuserinterface.
Adda +signatendoftheinterfacelevelscommandtogetamodaldialogattheendoftheinstallation
sayingFinishedandifitwassuccessfulornot.
ThefollowingsilentinstallationcommandlinesarerecommendedforQlikView:
msiexec /i QlikViewServerx64.msi Addlocal="all" IS_NET_API_LOGON_
USERNAME="Domain\username" IS_NET_API_LOGON_PASSWORD="password /qn+
Alternatively:
QlikViewServer_x64Setup.exe /s /v"/qn+ Addlocal="all" IS_NET_API_LOGON_
USERNAME="Domain\username" IS_NET_API_LOGON_PASSWORD="password"
Thecommandlineaboveinstallsallfeaturescompletelysilentlywithamodaldialogattheendofthe
installation.
Ifjustalimitedsetofthefeaturesaretobeinstalled,change alltothenameofthefeatureinstead.If
severalfeaturesaretobeinstalled,separatethemwithcommas.
Thefollowingfeaturescanbeinstalled:
l DirectoryServiceConnector
l ManagementService
l QVS
l QvsDocs
l WebServer
l DistributionService
l SupportTools
l QvsClientswiththesub-featuresPluginandAjaxZfc
l MsIISwiththesub-featuresQvTunnelandQlikViewSettingsService
Note!Forthesub-featurestobeincludedintheinstallation,theyhavetobeincludedinthelistoffeatures
tobeinstalled.
msiexec /i QlikViewServerx86.msi ADDLOCAL="all" DEFAULTWEBSITE="2" /qn+
Thiscommandlineinstallsallfeatures,includingthevirtualdirectoriestoanotherwebsitethanthedefault
one.ThisrequiresamachinewithMicrosoftInternetInformationServices(IIS)installedandmorethanone
websiteonit.Thesitenumberalsohastobeknown.Set DEFAULTWEBSITEtothesitenumberwherethe
virtualdirectoriesaretobeinstalled.Tofindthenumberofthewebsite,checkIIS.
Theinstallationprocedurecanbelogged,usingthefollowingcommand:
msiexec /i QlikViewServerx86.msi ADDLOCAL="all" DEFAULTWEBSITE="2"/L*v
log.txt /qn+

SR13
16.1 Settings
Thefollowingsettingsaregoodtoknowwhendesigningasilentinstallationpackage:
Prerequisites .NETFramework4.0
Default installation folder ProgramFilesFolder\QlikView

(INSTALLDIR)
Windows Installer Version 3.1Schema301
Default language English(UnitedStates)1033
Require Administrative Yes

Privileges
INSTALLEVEL 100,allfeaturesissetto101bydefault
Features See Silent Installation (page 93).Thereisahiddenfeaturecalled

Install.Donotremoveit.
IIS FourvirtualdirectoriesandanApplicationpoolareinstalled
Services Fiveservicesareinstalled
16.2 Dialogs
TheQlikViewinstallationhasanumberofdialogs,oneofwhichisaCustomSetupdialogandoneof
whichisaWebsitedialog.Alldialogssetimportantproperties.Tofindthevalueofaproperty,doatest
installationwithverboselogging.Notethatthepropertyvaluesmaydifferdependingonthelanguageand
operatingsystemused.
Region
Thisdialogisusedforspecifyingtheregion.
Property: REGION_LIST
Region dialog

SR13
License Agreement
Thisdialogdisplaysthelicenseagreementfortheselectedregion.
Radiobutton: AgreeToLicense = "Yes"
License dialog
Customer Information
Thisdialogisusedforenteringthecustomerinformation.
Properties:
l USERNAME
l COMPANYNAME
Customer information dialog
Destination Folder
Thisdialogisusedtosetthedefaultfolderfortheinstallation.

SR13
Property: INSTALLDIR
Destination folder dialog
Profiles
Thisdialoghasseveralpropertiesconnectedtoit,sincetherearemultipleprofilestochoosefrom.
Select Full Installation, Single machine with QlikView Webservertoinstalleverything,including
QlikViewWebServer,neededtorunQlikViewonasinglemachine.TouseIISinstead,select Full
Installation, Single machine with IIS(thisoptionisonlyavailableifIISisinstalledonthetargetmachine).
Toperformacustominstallation,select Custom installation, select profilesandthenselecttheprofilesto
install.The WebserverprofileallowstheusertochoosebetweenQlikViewWebServerandIIS(ifIISis
installedonthetargetmachine).
Properties:
l PROPQVS:QlikViewServer
l PROPDS:Publisher
l PROPQMC:ManagementConsole
l PROPWEB, PROPIIS=1or2:Webserver
l PROPIIS(ifIISisinstalled)or PROPSTATE:SingleMachineInstall

SR13
Profiles dialog
Logon Information
Thisdialog,whichisoptionaltouse,isusedtospecifytheuserthatistoruntheservicesthatareinstalled.
Whenclicking Next,aCustomActionchecksthattheentereduserisvalid.TheCustomAction,whichis
implementedbyInstallShield,requiresthemachinetobepartofaDomaintoworkproperly.
Properties:
l LOCALSERVICE
l IS_NET_API_LOGON_USERNAME
l IS_NET_API_LOGON_PASSWORD
Logon information dialog
Service Authentication
Thisdialogisusedtoselectthetypeofserviceauthentication.QlikViewAdministratorsGroupisselected
bydefault.
Property: PROPCERT(1=Digitalcertificates,2=QlikViewAdministratorsGroup)

SR13
Service authentication dialog
Ready to Install
Thisisthelastdialog.Click Installtostarttheinstallation.
Ready to install dialog
16.3 Additional Dialogs

Custom Setup
Thisdialogisdisplayedwhenclicking ConfigintheProfilesdialog,see Profiles (page 96).

SR13
Custom setup dialog
Website
ThisdialogisdisplayedwhenselectingIISaswebserverintheProfilesdialog,see Profiles (page 96).
Property: DEFAULTWEBSITE
Website dialog
16.4 MST
WhencreatinganMSTfile,theMSIfileiscustomizedwithoutanychangesbeingmadedirectlyintheMSI.
TheMSTfileworksasafilterontopoftheMSIandallowschangestobemadetotheinstallation.For
example,thedefaultinstallationfolderforQlikViewServeris %ProgramFiles%\QlikView,butifthat
ischangedto C:\QlikViewintheMSTfile,thedefaultfolderischanged.Thesamethingcanbedone
withthedialogs,whichmeanspropertiescanbepreset,sothattheinstallationcanberunwithalimitedset
ofdialogs.
TocreateanMSTfile,anMSIrepackagingstudio(forexample,InstallShieldAdminStudio)isneeded.

SR13
Note!QlikTechdoesnotsupplyanyMSTfilesanddoesnottakeanyresponsibilityforMSTfilescreated
bycustomersorpartners.
16.5 Additional Information

Foradditionalinformationonsilentinstallation,see Deploying MSI Packages with Group Policies (page
129).

SR13
17 Clustering QlikView Servers

Thischapterdiscussesthearchitecturalandinstallationrequirementsandoptionsforbuildingaclusteredand
resilientQlikViewServerdeployment.
Thefollowingfigureshowsaclustered,loadbalancedQlikViewServerdeploymentthatusesAccessPoint
(softwareloadbalanced).
Thefollowingfigureshowsaresilient,clustered,loadbalancedQlikViewServerdeploymentthatuses
AccessPointandnetworkloadbalancing.
TheQlikViewServerloadbalancingcapabilitiesareincludedintheQlikViewwebportal,AccessPoint.
Thischapteralsodiscusseshowtomakethiscomponentresilientusingnetworkloadbalancing(ifneeded).
17.1 Why Cluster QlikView Servers?

ByclusteringQlikViewServers,theobjectivesdescribedbelowcanbeachieved.
Horizontal User Scalability

IfmoreresourcesthancanbeprovidedbyasingleQlikViewServerareneeded,anadditionalservercanbe
added.Forexample,iftheservercansupport1,000concurrentusers,but2,000concurrentusershavetobe
supported,anadditionalservercanbeadded.Inthisscenario,thefirst1,000userscouldbeallocatedto

SR13
serverAandthesecond1,000userstoserverB.Alternatively,theserverscouldbeclusteredsothat,tothe
endusers,thereisjustoneworld(inrealityitwouldbeasingleIPaddressorURL).
Resilience
Whenthenumberofusersincrease,sodoestheusersrelianceonQlikView.ByclusteringtheQlikView
Servers,resiliencecanbebuiltintothedeployment.Inthecaseabove,whereasingleservercansupport
1,000users,threeserverscouldbeusedtobuildresilienceintothedeployment.Thiswouldallowoneserver
tobelost(dueto,forexample,hardwarefailure)withthesystemstillcapableofsupporting2,000users.
Havingallthreeserversasactivenodeshelpsreducingtheresponsetimesbynotrunningallserversat100%
oftheircapacityandalsolimitsthenumberofusersaffectedifanodeislost.
However,QlikViewcurrentlydoesnotprovideanysessionrecoveryoptions.Inpractice,thismeansthatifa
nodeintheQlikViewclusterislost,theuserslosetheanalysistheyarecurrentlyperformingandthatthey
havetoreconnecttotheclustertoresumetheirwork.ThisdoesnotmeanthatthedatawithintheQlikView
applicationislostandneedstobereloaded,asthedataisstoredinthe .qvwfileontheNAS.
17.2 Requirements for Clustered QlikView Deployment

Therearefourhigh-levelrequirementsforbuildingaclusteredQlikViewdeployment:
1. ClusteredQlikViewServerlicensekey
2. Sharedstoragearea
3. AccessPointloadbalancingstrategies
4. Networkloadbalancerforprovidingfullresilience(optional)
Clustered QlikView Server License Key

Inaclusteredenvironment,theQlikViewServermachinesareinstalledwiththesamelicensekey,which
mustbeenabledforclustering.Thiscanbecheckedconfirmedbyexaminingthefollowingentryinthe
LicenseEnablerFile(LEF):
NUMBER_OF_CLUSTER_NODES; 2(numberofnodesinthecluster)
ClusteredQlikViewServersshareconfigurationandlicenseinformationbetweenthemselvesviatheshared
storage,sothatconfigurationandlicensemanagementonlyneedstobeperformedoncefromtheQlikView
ManagementConsole(QMC)forallnodes.
Theserversmustbeinstalledonthesamenetworksubnetandhaveasharedrootdocumentdirectory;hence
therequirementforasharednetworkstorage.TheconfigurationinformationisstoredinPersistentGlobal
Objects(.pgo)files.
Iftheserversfailtostartorresetaftertenminutes,checkfortheLEFentryabove.Thisisusuallyan
indicationofmultiplenon-clusteredserverswiththesamelicensekeybeingused.
Shared Network Storage

Sharednetworkstorageisrequirednotonlyforthe .pgofilesmentionedabove,butalsoforstorageof
QlikViewapplicationsthatarerequiredinthecluster.Thisalsoenablescollaborativeobjectstobeshared
acrossthenodesinthecluster(using .sharedfiles).
ThissharedstorageareaistheSharedDisklocatedonthelefthandsideofthefiguresin Clustering
QlikView Servers (page 101).AclusteredQlikViewdeploymentsusesaWindowsServer-basedsystem.
QlikViewrequiresthestorageofdocuments(.qvwfiles), .pgo, .meta,and .sharedfilestobehostedon
aWindows-basedfileshare.H ostingfilesonanyothertypeofsystemisunsupportedandmaycreatean
unstableQVSclusterwhereCALsdisappearandQVSsstall.QlikViewsupportstheuseofaSAN(NetApp,
EMC,etc)withaQlikViewServer,provideditismountedtoamachinerunningWindowsServer2003or
laterandthensharedfromthatserver.

SR13
AccessPoint Load Balancing Strategies

QlikViewAccessPointsupportsthreeloadbalancingstrategies:
l Random(defaultsetting):Aroundrobintypestrategyidealformostusers,sincethesessionis
distributedacrossallnodesinthecluster.
l Loadeddocument:Usedwhensessionsforthesamedocumentaretoberoutedtothesameserver.
Thisstrategyisdesignedfordeploymentswheretherearemoredocumentsthanasinglenodeinthe
clustercanhandle.AccessPointmakesthedecisionbasedonifthedocumentisalreadyloadedand
ontheamountofRAMavailableontheserver.
l CPUwithRAMoverload(onlyavailableinQlikView11):AllowsQlikViewWebServer(QVWS)to
routetrafficbasedontwofactors,(1)RAMand(2)CPUuse.Thenodeischosenusingthefollowing
criteria:
l IfRAMisreadilyavailable(low)onallavailablenodes,choosethenodewiththelowestCPUuse.
l IfRAMismoderatelyusedonallavailablenodes,choosethenodewiththemostRAMavailable.
TheQlikViewloadbalancingstrategycanbesetintheQMCunder System>Setup>QlikView Web Servers.
Selectthewebserver(eitherIISorQVWS)onthe AccessPointtab:
Network Load Balancer (Optional)

ThenetworkloadbalancerprovidestheresilienceforAccessPoint,routingthesessionstoanavailable
AccessPointserver.
Thereareseveralrequirementsontheloadbalancer:
l Supportforstickysessions:Thisensuresauser'ssessionpersistsonthesamenodewithinthe
cluster,usuallybyusingacookie.
l Availability:TheloadbalancercheckstheavailabilityoftheAccessPointwebserverandthe
QlikViewservers.
l Someformofloadbalancingalgorithmtodeterminewhichserveristheleastloaded.

SR13
Sticky Sessions
Therequirementisfortheuserssessiontoberoutedconsistentlytothesameserver.Methodsfordoingthis
varyfromdevicetodevicerefertotheloadbalancerdocumentationforinformationontheoptions
available.
Availability Checking
AspecialwebpageontheAccessPointprovidesautomatedcheckingofthesystemstatus:
http://myAccessPoint/QvAjaxZfc/QvsStatus.aspx
Thispagereturnsanhttpstatuscodeof200,iftheAccessPointandatleastoneQlikViewServerinthe
clusterrespond.Anyotherstatuscodereturnedbythispageshouldbeconsideredanerror.Commonerrors
fromthispageinclude:
l 404:TheAccessPointisunabletorespond.Checkthewebserver.
l 503:NoQlikViewServersrespondedtotheAccessPointandthereforeitcannotserviceuserrequests.
ThestatusoftheQlikViewServerclusterisalsodisplayedonthewebpage:
Load Balancing Strategies

Thereareseveralstrategiesforhowtheloadbalancingrouterallocatessessionstothenodeswithinthe
cluster:
l Roundrobin:Theloadbalancersendseachsessiontothenextavailableserver.Thisisafairly
rudimentaryloadbalancingalgorithm.
l Sessioncounts:Theloadbalancerkeepsarunningcountofthenumberofsessionsoneach
AccessPointandensuresthatthereisanequalnumberofsessionsoneachnode.
17.3 Building and Installing a QlikView Cluster

ProceedasfollowstoconfigureandactivateaQlikViewServerclusterusingtheQMC:
1. InstallandlicensethefirstQlikViewServerinthecluster.ThiswillbethemasterQlikViewServer.

SR13
2. ConfigurethedocumentfoldertopointtoafolderontheNASthatallQlikViewServersinthe
clustercanaccess.

SR13
3. InstallthenextQlikViewServerinthecluster.
4. EnsurethatallQlikViewservicesarerunningaslocaladministratorsandthattheyaremembersofthe
QlikViewAdministratorslocalgroup.
5. Open System>SetupintheQMCandselecttheserver.Thengotothe Generaltabandenterthe
controlnumberforyourlicenseandtheaddresstothesecondQlikViewServerinthecluster.
6. Ifneededforusabilityreasons,gotothe GeneraltabfortheQlikViewServerintheQMCand
renamethecluster(inthisexample,theclusterisrenamedMyCluster).
7. Repeatsteps3-5fortheQlikViewServernodesinthecluster.

SR13
8. Makesurethattheclusterisselectedin Server ConnectionsinthesettingsfortheAccessPoint.
9. Theclusterisnowconfiguredandreadytouse.

SR13
SR13
18 Clustering QlikView Publisher

ThischapterprovidesanoverviewofQlikViewPublisherandhowtouseitinaclustereddeploymentfor
scalability,resilience,orboth.Thischapteralsoaddressesthearchitecturalandinstallationrequirementsand
theoptionsforbuildingaclusteredandresilientQlikViewPublisherdeployment.
18.1 Introduction
QlikViewPublisherisanoptionalmoduleforQlikViewServerthatenablesscheduling,administration,and
managementtoolsthatprovideasinglepointofcontrolforQlikViewanalyticsapplicationsandreports.
Administratorscanschedule,distribute,andmanagesecurityandaccessforQlikViewapplicationsand
reportsacrosstheenterprise.
QlikViewPublisherperformsthefollowingmainfunctions:
l Itloadsdatadirectlyfromdatasourcesdefinedinconnectionstringsinthesource .qvwfiles.
l Itisusedasadistributionservicetoreducedataandapplicationsfromsource .qvwfilesbasedon
variousrules(forexample,userauthorizationordataaccess)anddistributethesenewly-created
documentstotheappropriateQlikViewServersorasstaticreportsviaemail.
l WhenusingQlikViewPublisher,onlyPublisherhasaccesstothesourcedocumentsfolderandthe
datasourcesfordataloadanddistribution.Thesourcedocumentsanddataarenotaccessibleby
QlikViewusers.
Bydeployingaclusteredarchitecture,QlikViewPublisherachievesscalabilityand/orresilienceusingweb
servicestechnology.A dministratorscanclusterservicestogethertoprovideloadbalancing.Nativesupport
forSNMPenablesintegrationwithenterprisesystemmonitoringtools.Externalenterpriseschedulingtools
cantriggerPublishertasksusingwebservicecalls.Taskscanalsobescheduledandexecutedondemandby
QlikViewadministrators.
Thefigurebelowshowsatwo-server,clusteredQlikViewPublisherwhereeachserverisconfiguredfor
processingdifferenttasksandloadbalancing.Thefigurealsoincludesathree-server,clusteredQlikView
ServerthatusesQlikViewAccessPointforloadbalancing.DocumentscreatedbyQlikViewDeveloperare
storedinthesourcedocumentsfolder.QlikViewPublishertasksareusedtoretrievedataandstoretheresult
intheuserdocumentsfolder.

SR13
Source Documents
Thesourcedocumentscontaina)scriptswithin .qvwfilestoextractdatafromvariousdatasources(for
example,datawarehouses,MicrosoftExcelfiles,SAP,andSalesforce.com),b)theactualbinarydataextracts
themselveswithin .qvdfiles,orc)abinaryloadfromanother .qvwfile,inheritingitsdatamodelinone
lineofcode.
TheQlikViewsourcedocuments,createdusingQlikViewDeveloper,resideinthefollowingfolder:
l WindowsServer2008andlater: \ProgramData\QlikTech\SourceDocuments.Thisisthe
defaultQlikViewlocationforWindowsServer2008andlater.
l WindowsServer2003: \Documents and Settings\All Users\Application
Data\QlikTech\SourceDocuments.ThisisthedefaultQlikViewlocationforWindowsServer
2003.However,foraQlikViewPublishercluster,thisfolderhastoberelocatedtoasharedfolder
designatedintheQMCPublisherconfiguration.
User Documents
TheuserdocumentsfolderistherepositoryusedbyQlikViewServer.Thefolderislocatedat:
l WindowsServer2008andlater: \ProgramData\QlikTech\Documents.Thisisthedefault
QlikViewlocationforWindowsServer2008andlater.
l WindowsServer2003: \Documents and Settings\All Users\Application
Data\QlikTech\Documents.ThisisthedefaultQlikViewlocationforWindowsServer2003.
Tasks
Tasksarecreatedbyadministratorsfordatadistributionanddatareloads.TasksarestoredintheQlikView
PublisherrepositoryasacollectionofXMLfilesorinanSQLServerdatabase.Whenataskisexecuted,
QlikViewPublisherinvokesQlikViewBatch(QVB),whichiscomparabletoQlikViewDesktopwithout
theuserinterface.
Note!QlikViewBatch(QVB)doesnotsupportgraphicaloruserinputobjects.ThismeansthatQVB
cannotreloaddocumentsthat,forexample,containscriptsthatrequireuserinput.

SR13
QVBreloadsthedocuments,whicharestoredinthesourcedocumentsfolder(s)andcreatesanassociative
QlikViewdatabase,whichisstoredwithineachdocument.TheQVBperformsthereloadbyretrievingthe
datadescribedbytheloadscriptfromthedatasources.QlikViewPublisherdistributesthedocumentstothe
userdocumentsfolderforQlikViewServerusingtheencryptedQVPprotocol,toamailserver,and/orafile
folder.QlikViewPublishercanusetheDirectoryServiceConnector(DSC)todeterminewhereandtowhom
thedocumentsaretobedistributed.
18.2 Why Cluster QlikView Publisher?

TheroleofPublisherintheQlikViewsolutionistodistributeandrefreshdatabycriteriasetbythe
QlikViewadministrator.Toaccomplishthis,Publisherexecutesmanytasks,eitherscheduledorondemand.
APublishertaskisthesmallestentitythatcanbedistributedinacluster;asingletaskcannotbedivided
andexecutedinparallelonmultipleclusternodes.ClusteringthePublisherserviceonmorethanoneserver
enablestheadministratortodistributemultipletaskstomultipleserversoperatinginparallelusingthe
Publisherloadbalancingalgorithm.ThismeansPublisherclusterscanbeusedtoincreasethescalability,
availability,andserviceabilityofdatadistributionandreloading.
Inaddition,aPublisherclusterlicenseenablestheconfigurationofPublisherservicesinclustersand
standalonePublisherservices.Forexample,aPublisherclustercanbeusedinacorporateofficetohandle
largevolumesofdataandtasks,whereasasinglePublisherservicecanbeusedinanassociated
manufacturingplantwherethePublisheronlyneedstodistributedocumentsusingthemanufacturingdata
source.
ByclusteringQlikViewPublisher,thefollowingobjectivescanbemet:
l Horizontalscalability
l Resilience
Horizontal Scalability
HorizontalscalingofhardwareprovidestheabilitytoincreasetheresourcesoftheQlikViewdeployment.
Byaddingadditionalhardwareservers,theworkloadofQlikViewPublishercanbeincreased.Theclustered
PublisherserverscanthenbeconfiguredtoloadbalancetheQlikViewtasks.
Forexample,onacertainhardwareserver,QlikViewPublishercanprocesseightconcurrenttasks.Whenthe
resourceneedsincrease,theQlikViewPublisherservicecangrowasneeded.Byaddinganadditional
QlikViewPublisherserviceonanewhardwareserver,thedeploymentcanhandleuptosixteenconcurrent
tasksbyconfiguringtheadditionalserverinaPublisherclusterdeployment.Inthisscenario,thefirsteight
tasksareallocatedtoServerAandthesecondeighttaskstoServerB.Alternatively,iftheserversare
clustered,thetaskscanbeloadbalancedoverthetwoservers.
Resilience
Whenthenumberoftasksinthedeploymentincreases,thewindowforcompletingthetasksintime
becomesincreasinglyimportant.ClusteringtheQlikViewdistributionservicesprovidesforresilienceinthe
deployment.Inthecaseabove,whereasingleservercansupport100concurrenttasks,anadditionalserver
canbedeployed(foratotalofthreeservers)inordertobuildresilienceintothedeployment.Ifaserveris
lost(forexample,duetoahardwarefailureornetworkconnectionissues),theresilientclusterstillsupports
upto200tasks.Havingallthreeserversasactivenodeshelpsreduceresponsetimesbynotrunningall
serversat100%oftheircapacity.Italsolimitsthenumberoftasksandtaskchainsaffectedifanodeislost.
18.3 Requirements for a Clustered QlikView Publisher

Deployment
Thefollowinghigh-levelrequirementsmustbefulfilledforaclusteredQlikViewPublisherdeployment:

SR13
l ClusteredQlikViewPublisherlicensekey
l Sharednetworkstorage
l Loadbalancingstrategies
Clustered QlikView Publisher License Key

Inaclusteredenvironment,theQlikViewPublisherserversareinstalledwiththesamelicensekey.Thiscan
beverifiedbyexaminingthefollowingentryintheLicenseEnablerFile(LEF):
PRODUCTLEVEL;30;;(where 30isthecodeforQlikViewPublisher)
NUMBER_OF_XS;N;;(where NisthenumberofallowedQlikViewDistributionServices)
TheserversinaclusteredQlikViewPublisherdeploymentshareconfigurationandlicenseinformation
amongthemselvesviathesharedstorage,soconfigurationandlicensemanagementonlyneedstobe
performedonceintheQMCforallnodes.
Shared Network Storage

SharednetworkstorageisrequiredforstorageofQlikViewapplicationsthatareneededinthecluster.Itis
recommendedtohostthestorageofdocuments(.qvwfiles)and .metadataonaWindows-basedfileshare.
QlikViewPublishersupportsaSAN(NetApp,EMC,etc.)thatismountedtoaWindowsServer2003(or
later)andthensharedfromthatserver.StoragepresentedtoaserverviaaSANmustappearaslocally
attachedstorage.IfSANstorageisusedforPublisher,anydistributeddatathatisaccessedbyQlikView
ServershouldnotresideontheSANstorage.
TheQlikViewDistributionServices(QDSs)musthaveasharedapplicationdatadirectoryandpossiblya
sharedsourcedocumentdirectoryaswell(hencetherequirementforasharednetworkstorage).All
configuredPublisherservicesmusthavereliablenetworkaccesstothesharedstorage.
Load Balancing Strategies

Load Balancing
Theloadbalancingisdeterminedbyaninternalrankingsystembasedontheamountofmemoryavailable
andtheCPUuse.QlikTechrecommendsusingthedefaultsettings,sincetheyhavebeenextensivelytested.
Tochangethedefaultsettings,edittheconfiguationfile,
QlikViewDistributionService.exe.config.ThekeyiswritteninJavaScript:
<add key="LoadBalancingFormule" value="(AverageCPULoad*400) +
((MemoryUsage / TotalMemory) * 300) + ((NumberOfQlikViewEngines /
MaxQlikViewEngines)*200) + (NumberOfRunningTasks*100)"/>
where:
l AverageCPULoad:AverageCPUloadforallrunningQVBs.
l MemoryUsage:Totalmemoryusefortheentireapplication.
l TotalMemory:Totalamountofmemoryontheserver.
l NumberOfQlikViewEngines:NumberofQlikViewenginescurrentlyused.
l MaxQlikViewEngines:ConfiguredvalueforthemaximumnumberofQlikViewengines.
l NumberOfRunningTasks:Numberoftaskscurrentlyrunning.
Simultaneous Tasks
Bydefault,fourQlikViewtaskscanexecutesimultaneouslyonanode.Therecommendedmaximumiseight
simultaneoustaskspernode.Ifmorethantentaskshavetobeexecutedsimultaneouslyonanode,
modificationsarenecessaryintheWindowsregistrytochangethedesktopheapsizetoallowformore
simultaneoustasks.

SR13
Note!Alarge-scaleserverisrequiredforexecutingtenormoresimultaneoustasks.Alternatively,add
additionalserversforPublishertasks.
Proceedasfollowstochangethenumberoftasksallowedtoexecutesimultaneously:
1. BackuptheWindowsServerregistry.
2. LocatethefollowingWindowsServerregistrysetting:
HKEY_LOCAL_
MACHINE\System\CurrentControlSet\Control\Session\Manager\SubSystems\Windows
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,3072,512 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16
Thedefaultvaluefor SharedSectionis1024,3072,512for32-bit(x86)and1024,20480,768for64-bit
(x64),respectively.Foradditionalinformation,see
http://blogs.msdn.com/ntdebugging/archive/2007/07/05/desktop-heap-part-2.aspx.
3. Changethedesktopheapsizebysetting SharedSectionto1024,20480,2048:
HKEY_LOCAL_
MACHINE\System\CurrentControlSet\Control\Session\Manager\SubSystems\Windows
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,20480,2048 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16
4. Savetheregistrychangesandrestartthemachine.
5. Changethe Max number of simultaneous QlikView engines for distributionsettinginQMCtothe
numberofenginesneeded.
18.4 Security
QlikViewPublisherprovidesaccesstoQlikViewapplicationsanddata.Itisthereforeimportanttointegrate
QlikViewPublisherwiththeenterprisesecuritysolutionsinadditiontothestandardsecurityfeaturesof
QlikViewServer.
QlikViewPublisherisviewedasabackendprocesswithintheQlikViewsolution.Fromasecurity
perspective,itisimportanttounderstandthatthefrontenddoesnothaveanyopenportstothebackend.The
frontenddoesnotsendanyqueriestodatasourcesonthebackend,nordoanyoftheuserdocuments(.qvw
files)containanyconnectionstringstodatasourceslocatedonthebackend.Enduserscanonlyaccess
QlikViewdocumentsthatexistonthefrontend.Withinthebackend,theWindowsfilesystemisalwaysin
chargeofauthorization;QlikViewisnotresponsibleforaccessprivileges.

SR13
ThefigurebelowshowsasimplifiedviewofastandardQlikViewdeploymentcontainingthelocationofthe
QlikViewproductsandthedataandapplications.
Directory Services
ToprovidesecurityforQlikViewdocuments,QlikViewPublishercanconnecttoanexternaldirectory
service(forexample,ActiveDirectory,LDAP,adatabase,orothersign-onsolutions).Theexternaldirectory
serviceisanauthenticationsourcewithwhichQlikViewhasatrustrelationship.
QlikViewprovidesabuilt-inDirectoryServiceProvider(DSP)forActiveDirectorythatallowsQlikView
administratorstoassignActiveDirectoryuserprivilegestoQlikViewdocumentsorportionsthereof.
QlikViewPublisherleveragesthisbuilt-inprovidertoprovidedirectintegrationwith,andsupportfor,
ActiveDirectory.
QlikViewalsoprovidesameansofcreatingaConfigurableLDAPforotherdirectoryservices.A
ConfigurableLDAPenablesQlikViewadministratorstograntprivilegestousersauthenticatedbyany
authenticationsystemotherthanActiveDirectory.
QlikView Server Authorization Modes

QlikViewServerprovidestwomutuallyexclusiveoptionsforauthorizingaccesstoQlikViewdocuments.
DependingontheauthorizationmodeofQlikViewServer(NTFSorDMS),Publisherpopulatesthe
appropriateAccessControlList(ACL)whenassigningrightstoadocument.IncaseofNTFSauthorization,

SR13
PublisherpopulatesastandardNTFSACLwhensendingdocumentstoQlikViewServer.IncaseofDMS
authorization,PublisherpopulatesanACLcontainedwithina .metafileassociatedwiththeapplication.
Static Data Reduction

DatareductionisasecuritymechanismthatallowsapplicationdatatobepurgedfromaQlikView
applicationinaccordancewithrow-levelsecuritysettings.Q likViewPublishercanautomatedatareduction
independentlyoftheapplicablesecurityscenario.However,Publisherallowsanadministratortoconfigure
datareductionbasedonusersorgroupsdefinedwithinanyexternalauthenticationsourceavailablethrough
acustomorActiveDirectoryDSP.Publisherperformsthedatareductionusingtheloopandreduce
functionalityinQlikView.ThePublisherdatareductionshouldnotbeconfusedwiththedynamicdata
reductionassociatedwithSectionAccess.
18.5 Configuring QlikView Publisher Clustering

Note!TheinstructionsinthissectionarevalidforWindowsServer2008R2andlater.
Requirements
ThefollowingrequirementsmustbefulfilledbeforestartingtheQDSclusterconfiguration:
l AQlikViewPublisherlicensethatsupportsmorethanoneQDS.ThePublisherLEFmustcontainthe
entry NUMBER_OF_XS;N;;,where Nis2orhigher.
l QlikViewAccessPoint(basedonQlikViewWebServerorMicrosoftIIS),QlikViewManagement
Service(QMS),QlikViewServer(QVS),andDSCarealreadyinstalledintheQlikViewsysteminthe
network.
l AdomainusertoruntheQlikViewservicesoneverymachineisavailable.
l Asharedstoragedevice;QlikTechrecommendsashareddevicemountedasaWindows-basedfile
share.
AllQDSclusternodesneedreadandwriteaccesstothefollowing,centrallystoreddata:
l QlikViewPublisherstatus,configuration,andlogfiles
l QlikViewsourcedocuments
Step-by-step Instructions
Prepare the Shared Storage Device
CreatefoldersforthefilesaccessedbyeveryPublisherclusternode:
l \\<server1>\ProgramData\QlikTech\DistributionService(applicationfolder)
l \\<server1>\ProgramData\QlikTech\SourceDocuments(sourcedocumentsfolder)
Prepare the Cluster Nodes

ProceedasfollowsoneachplannedQDSclusternode:
1. Loginasadministrator.
2. ConfigurethefirewalltosecuretheQlikViewsolution.TheQlikViewservicesrequiretheports
listedinthetablebelowtobeopened.
Service Port
QDS(Publisher)(requiredforPublisher) 4720/TCP
DSC(requiredforPublisher) 4730/TCP
QMS(requiredforPublisher) 4780/TCP

SR13
Service Port
QlikViewWebServer/MicrosoftIISconfiguration 4750/TCP
QVSconfiguration 4749/TCP
QVPcommunication 4747/TCP
QMS(EDXcalls)(requiredforPublisher) 4799/TCP
3. DeactivatetheInternetExplorerEnhancedSecurityConfigurationforadministrators.Bydefault,
WindowsServer2003andlatershipwiththisconfigurationenabled,whichisbasicallyalocked
downversionthataddsabitofextrasecuritytotheserversforwebbrowsing.Whenthe
configurationisenabled,itmaycauseproblemsinviewingtheQMCandservicecontent.The
InternetExplorerEnhancedSecurityConfigurationcanbeleftturnedon,butifanyissuesarise,turn
offthefeaturefortheAdministratorsgroup.
4. AddthedomainuserthatisusedtoruntheQlikViewservicestotheLocalAdministratorsGroup.
5. StarttheQlikView64-bit(x64)serversetupandselect Custom installation, select profiles.Then
selectthe Reload/Distribution EnginefeatureandinstallitoneachnodewherePublisheristo
reside.

SR13
6. EntertheQlikViewserviceaccountcredentials.
7. Finishthesetupandrestartthesystemimmediately.
Configuring QDS Cluster in the QMC

ProceedasfollowstoconfigureaQDSclusterintheQMC:
1. OpenQMCandregistertheQlikViewPublisherlicensewiththeactivatedclusternodes.
2. Onthe System>Setuptab,addthefirstQDSclusternodeunder Distribution Services.

SR13
3. Switchthe Application Data Folderandthe Source Folderstotheshareddevicefolderpathsusing

UNCsyntax.
4. Click ApplyandrestarttheQDSmanually.
5. AddeachadditionalQDSclusternodeinURLformat.
6. Click ApplyandrestarttheQDSonallnodesmanually.
18.6 Troubleshooting
IfthelogmessageThenetworkBIOScommandlimithasbeenreachedoccursinthedebugclusterlog,the
limitforlong-termsessionsintheregistryhastobeincreased.Failuretodosomayresultintasksnotbeing
run.
Increasethefollowingparametersintheregistry:
HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\MaxCmds
and

SR13
HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\MaxMpxCt
Note!ThisissueonlyoccursonWindowsServer2000,WindowsXP,andWindowsServer2003.Formore
information,see http://blogs.msdn.com/b/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspxand
http://support.microsoft.com/kb/810886.
ForQlikView10and11,thesettingsareavailableinthe config.xmlfileontheserverwherethe
QlikViewPublisherserviceisinstalled:
l WindowsServer2003: C:\Documents and Settings\All Users\Application
Data\QlikTech\DistributionService
l WindowsServer2008andlater: C:\ProgramData\QlikTech\DistributionService on
Windows xxxx Server

SR13
SR13
19 OEM
19 OEM
19.1 General
TheOEMfeaturepreventsabuseofQlikViewServerssoldunderanOriginalEquipmentManufacturer
(OEM)licenseandprotectstherevenuestreamsofboththeOEMproductsandthefullQlikViewproduct.In
addition,thefeaturehelpsavoidchannelconflictsbetweenQlikViewOEMpartners,QlikViewreseller
partners,andQlikViewdirectaccountmanagers.
TheOEMfeatureincludesthefollowingrestrictions:
l AQlikViewServerdeliveredtoacustomerbyanOEMpartnercannotrunotherQlikView
applicationsthantheonesdeliveredbytheOEMpartner.
l AQlikViewapplicationdeliveredtoacustomerbyanOEMpartnercannotrunonanotherQlikView
ServerthantheonedeliveredbytheOEMpartner.
19.2 Detailed Function Description

ThefunctionsoftheOEMfeatureareasfollows:
AtagwithakeyisdefinedintheQlikViewServerLicenseEnablerFile(LEF)as OEM_PRODUCT_ID.This
LEFtagisissuedonceforeachOEMpartnerandtheirQlikViewDesktop,andQlikViewServerlicenses
withmatchingtagsaredeliveredforeachQlikViewServerdeploymentrequiringthisfeature.
TheUserPreferencesdialoginQlikViewDesktopallowsanOEMdevelopertoembedahashkeyinthe
.qvwfile.Thehashkey,whichisbasedonthe OEM_PRODUCT_IDkeypresentintheQlikViewDesktop
licenseoftheOEMpartner,isacapitalized40characterhexstringthatisstoredintheDocumentProperties
andDocumentmetadata.Inthedialog,thepartnercanlabelallkeysgeneratedforthe .qvwfiles.Thesame
keycanbeusedformultipledocumentsbelongingtothesamecustomer.
AQlikViewServerwiththe OEM_PRODUCT_IDtaginitsLEFonlypermitsthepublishingof .qvwfiles
withamatchingkeyonthatQlikViewServer.Astandard,non-OEMQlikViewServerbydefaultopensany
.qvwfile,withtheexceptionof .qvwfilescontainingaspecifickeythatsomeOEMpartnersareissued
withtopreventopeningwithanyotherQlikViewServerthantheonewithamatching OEM_PRODUCT_ID.
ThetablebelowprovidesafewexamplesoftheresultsoftheOEMfunctionality.
File
Normal.qvw OEM 1.qvw OEM 2.qvw
QlikView NormalQlikView Fileopened Filenot Filenot
Server Server opened opened
OEM1(Nolicense Filenot Fileopened Filenot

lease) opened opened
OEM2(Nolicense Filenot Filenot Fileopened

lease) opened opened
InQlikViewDesktop,a .qvwfilecontaininga PRODUCT_IDisopenedinusermode.

SR13
SR13
20 DSP Interface
20 DSP Interface
ThereasonfordevelopingaproprietaryDirectoryServiceProvider(DSP)istohaveQlikViewdistribute
documentstousersinadirectoryservicenotsupportedbydefault,andtoprovidegroupresolutiontothe
webserver.
20.1 DirectoryServiceProvider
DirectoryServiceProvideristheinterfaceoftheclassthatplugsintotheframework.Themembersofthe
interfacearelistedbelow.
Member Description
LogMessage LogMessageEvent { Directlyafterconstruction,thisfieldisinstantiatedwitha
set; get; } delegatethatprovidescrudeloggingfacilities.
string ProviderName { get; } Afree-form,preferablydescriptive,nameofthecomponentthat

issuitablefortheenduser.
string ProviderType { get; } Aninstallation-uniqueidentifierusedinternallybythe

frameworkandrelatedcomponents.Theidentifiersusedbythe
suppliedprovidersare AD, NT, Local,and Custom.
void SetupPath (string _path, Createsanodethatrepresentsthecorrespondingdirectory

string _username, string _ servicenodeonthespecifiedpath.Uponfailure,anexceptionis
password); thrown.
IList<string>GetKnownRootPaths Thereturnedlistshouldcontainoneormoreviablepathsfor
(); themethodslistedhere.
void ClearCache (); Clearsthecache(ifany).
string DomainName { get; } Adomainnameassociatedwiththepaththatissetup.Itis

usedasaqualifiertoseparatenodesfromdifferentproviders(for
example,theshippedActiveDirectoryprovideruses
NetBIOSNameasdomainname).
IDictionary<string, string> Thedictionaryofsupportedsettingshasthenameofthesetting

GetSettings (); as keyandthenameofthetypeas value.
void SetSetting (string _name, Theparsingresponsibilityisobviouslyputontheprovider.

string _value);
IList<IDSObject> Search Searchesfornodeswithattributesmatchinganyofthepatterns

(string [] _pattern, provided.Theattributesarespecifiedwiththe typeparameter,
eSearchType _type, string _ whichcanbeoneormorevaluesfromtheenumeration.If type
otherattribute); isother,thelastparameterspecifiesthenameoftheattribute.
Thesearchtypelegacyidisusedforbackwardscompatibility.
Searchshouldsupportpatternscontainingthewildcardsign
*,whichmatcheszeroormorecharactersofanykind.

SR13
20 DSP Interface
Member Description
void Dispose (); Calledwheneveraproviderobjectisreleased.
IDSObject Asimpleinterfaceforanytypeofnodewithinthedirectory
service.
string ID { get; } NodeID,uniquewithintheinstantiatedpathandconsistent

overallexecutions.
string DisplayName { get; } Commonnameofthenodeinthedirectoryservice.
string AccountName { get; } Accountnameassociatedwiththenode(ifpresent).
eDSObjectType ObjectType { Basictypeoftheobject.

get; }
IList<IContainer> MemberOf (); Alistofallgroupsthatthenodeismemberof.
string GetCustomProperty Anyotherpropertynotnativelysupportedbytheinterface.If

(string _name); notpresent,nullisreturned.
string Email { get; } Theprimarye-mailaddressassociatedwiththenode(ifany).

SR13
21 SNMP
21 SNMP
QlikViewprovidesSNMPagentsforallservices.ItispossibletouseaMIBbrowser(forexample,the
iReasoningMIBbrowser)topulldatafromtheagents.
TheSNMPsettingisoffbydefault,sincetheimplementationisinitsinitialstagesandsubjecttochange.At
thetimeofwriting,readingoperationsfromtheagentsareenabled.Thefollowingmessagesaresupported:
l GetRequest
l GetResponse
l GetNextRequest
AllservicesanswerthestandardSNMPqueries(seebelow).
Identifier Query Description
1.3.6.1.2.1.1.1 sysDescr Descriptionofservice/product.
Example:
sysDescr.0:Qlikview Publisher
Commandcenterservice version 8.50.600
1.3.6.1.2.1.1.2 sysObjectID Unittype.

Example:
sysObjectID.0:iso.org.dod.internet.private.
enterprises.qliktech
.products.publisher.Distributionservice
1.3.6.1.2.1.1.3 sysUpTime Systemuptime.

Example:
sysUpTime.0:0 hours, 12 minutes, 15 seconds
1.3.6.1.2.1.1.4 sysContact Canbesetintheconfigurationfile.

Example:
sysContact.0:Unspecified System contact
1.3.6.1.2.1.1.5 sysName Canbesetintheconfigurationfile.

Example:
sysName.0:Unspecified name
1.3.6.1.2.1.1.6 sysLocation Canbesetintheconfigurationfile.

Example:
sysLocation.0:Unspecified location
1.3.6.1.2.1.1.7 sysService Constant,72meansapplicationserver.

Example:
sysServices.0:72
TheQlikViewDistributionServicecanansweradditionalqueries.Thesearespecifiedinthe MIB File (page

126).
Eachservicehasaconfigurationfile,whichisstoredinthesubfolderfortheserviceintheinstallation
folder.Forexample,theconfigurationfilefortheQlikViewDistributionServiceis
QlikViewdistributionService.exe.config.

SR13
21 SNMP
TheSNMPsettingscanbeadjustedinthe SNMP SETTINGSpartoftheconfigurationfile.SNMPhastobe

enabledforallservices(thedefaultisoff).
Setting Description
EnableSNMP EnablestheSNMPlistener.Thedefaultvalueis false.
SNMPPort SetstheporttousefortheparticularPublisherservice.Seethedefaultsettingsfor
eachservicebelow.
SNMPsysContact Contactinformationforthepersonresponsibleforthemanagednode.Thedefault
valueis Unspecified System contact.
SNMPsysName Anadministrativelyassignednameforthemanagednode.Byconvention,thisisthe
fullyqualifieddomainnameofthenode.Ifthenameisunknown,thevalueisazero-
lengthstring.Ifleftempty,itdefaultstothecurrentmachinename.Thedefaultvalue
is Unspecified name.
SNMPsysLocation Physicallocationofthenode(forexample,telephonecloset,thirdfloor).The
defaultvalueis Unspecified location.
DebugSNMP EnablestheextendeddebuglogfortheSNMPlistener.Thedefaultvalueis false.
Thedefaultportsettingsfortheservicesarelistedbelow.
Service Default Port Setting
ManagementService 4781
DirectoryServiceConnector 4731
DistributionService 4721(defaultSNMPport)
QlikViewServer 161
QlikViewWebServer 4751
Allportscanbeconfigured.Iftheservicesareinstalledondifferentmachines,theycanallrunonthesame
port.TheportschangeastheimplementationmovesawayfromtheexperimentalSNMPrangeandintothe
rangeallottedbyQlikTech.
21.1 MIB File

AMIBfileisincludedintheQlikViewdelivery,sothatallSNMPmanagerscaninterprettheadditional
responsesfromtheQlikViewDistributionService.Note,however,thattheMIBfileissubjecttochange.
Thefileisinstalledin \QlikView\Support Tools.Thesupporttoolsrequireacustomizedinstallation.
TheQlikViewDistributionServicecananswerthequerieslistedbelow,inadditiontotheonespreviously
mentioned.
Identifier Query
1.3.6.1.4.1.30764.1.2.2.1.1.1 QDSTaskID(taskIDnumber)
1.3.6.1.4.1.30764.1.2.2.1.1.2 QDSTaskName(taskname)

SR13
21 SNMP
Identifier Query
1.3.6.1.4.1.30764.1.2.2.1.1.3 QDSTaskExecuteStatus(taskstatus):
l Waiting
l Running
l Aborting
l Failed
l Warning
1.3.6.1.4.1.30764.1.2.2.1.1.4 QDSTaskNextExecutionAt(whenthetaskwillbeexecutednext)
1.3.6.1.4.1.30764.1.2.2.1.1.5 QDSTaskLastExecutedAt(whenthetaskwasexecutedlast)
1.3.6.1.4.1.30764.1.2.2.1.1.6 QDSTaskCurrentWork(whatthetaskiscurrentlydoing)
1.3.6.1.4.1.30764.1.2.2.1.1.7 QDSTaskEnabled(ifthetaskhasbeenenabled)
Example: Query the Task IDs

l ThetreepathtotheTaskIDisasfollows:
.iso.org.dod.internet.private.enterprises.qliktech.products.publisher.distributionservice.
qDSTaskExecuteStatusTable.qDSTaskExecuteStatusEntry.qDSTaskID
l TheOIDisasfollows:.1.3.6.1.4.1.30764.1.2.2.1.1.1
AllvaluesdefinedunderqDSTaskExecuteStatusEntrycanbequeriedinthesameway.Proceedasfollows
togettheTaskIDs:
1. Send.1.3.6.1.4.1.30764.1.2.2.1.1.1.0togetthefirstTaskID.
Note!ThisistheOIDwith.0addedattheend.
2. Send.1.3.6.1.4.1.30764.1.2.2.1.1.1.1togetthesecondTaskID.
3. Send.1.3.6.1.4.1.30764.1.2.2.1.1.1.2togetthethirdTaskID.
4. KeepincreasingthelastvalueintheOIDby1tofetchmoreTaskIDs.
21.2 Additional Information

ForadditionalinformationonSNMP,see:
l RFCforSNMP: http://www.ietf.org/rfc/rfc1157.txt
l Wikipedia: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

SR13
SR13
22 Deploying MSI Packages with Group Policies
22 Deploying MSI Packages with Group

Policies
Note!ThischapterismainlyintendedfortheInternetExplorerplugin.
22.1 General
Acommonproblemtodayishowtodeployapplicationsinanetworkenvironmentwheretheusershave
limitedrights,andhowtodeployapplicationsforaspecificgroupofusers.Thissectionbrieflydescribes
howtodeployMicrosoftWindowsInstaller(.msi)packageswithgrouppoliciesinanActiveDirectory
environment.
Note!DeploymentofsoftwarewithgrouppoliciesisonlysupportedbyworkstationsrunningWindowsXP
Professional,WindowsVista,WindowsServer2003,andlater.
TheQlikView .msipackagesrequireversion2.0orhigheroftheWindowsInstallerservicetobeinstalled
onthedestinationworkstations.
22.2 Deploying the MSI Package

Whenthe .msifilehasbeenobtained,itmustbeplacedinasharedfolderonthenetwork.Makesurethat
allusersand/ormachinesthataretoinstalltheapplicationhavereadaccesstothefolder.Whenthepackage
hasbeenmadeavailabletotheusersand/ormachines,theGrouppolicyobjectthatwilladvertisethe
installationpackagecanbecreated.
Thepackagecanbeadvertisedtoeachuseroreachmachine.Usethe User Configuration>Software Settings
containertoadvertisethepackageperuser,andthe Computer Configuration>Software Settingscontainer
toadvertisepermachine.BothcontainersarelocatedintheGroupPolicyObjecteditor.
Ifthepackageisadvertisedperuser,itcanbeeitherassignedorpublished.Apackagethatisadvertisedper
machinecanonlybepublished.
Topublishapackageperusermeansthatitislisted(thatis,advertised)intheAddprogramsfromyour
networklistintheAdd/Removeprogramsdialog.
Add/Remove programs dialog

Eachusermustclickthe Addbuttontocompletetheinstallation.
Topublishapackagepermachinemeansthatthepackageisinstalledandaccessibletoallusersonthat
machinethenexttimethemachineisrebooted.

SR13
Anadvertisedpackagethatisassignedisalsolistedinthe Add programs from your networklistandcan

beaddedfromthere.Thisoptionalsooffersafewmorewaystoactivatetheinstallationpackage:
l Shortcuts(iftheinstallationpackageaddsany)onthedesktopand/orStartMenu:Theshortcutsare
addedandtheinstallationpackagecanbeexecutedbyclickingtheappropriateshortcut.
l Fileassociation:Theinstallationprogramisexecutedwhentheusertriestoopenafilethatis
associatedwiththeadvertisedapplication.
Thereareafewmorewaystoexecutetheinstallationwhenitisadvertisedasassigned,buttheyarenot
applicabletoanyQlikViewinstallationsandthereforebeyondthescopeofthisdocument.
Note!TheInternetExplorerplugininstallationpackagedoesnotaddanyshortcutsorfileassociations.Itis
thereforenotrecommendedtoadvertiseQlikViewinstallationpackageswiththeassignoption.
Advertising
Toadvertisemeansthattheadministratorgivestheinstallationpackagepermissiontoexecuteonanaccount
withlockeddownpermissions.
Whenthepackageisadvertised,therearesocalledentrypointsloadedontothedestinationsystem.Entry
pointsaretypicallyshortcuts,fileassociations,listingintheAdd/RemoveProgramsdialog,andsoon.
22.3 Step-by-step Guide

Thissectionprovidesastep-by-stepguideforcreatingagrouppolicyforadvertisingoftheQlikView
InternetExplorerplugin .msipackageonanumberofmachinesintheActiveDirectory.
Proceedasfollowstocreateagrouppolicy:
1. Browsetothefoldercontainingthe .msipackage.Sharethefolderwiththenetworkuserswith
permissiontoinstallthepackage.
Sharing the folder

SR13
2. Open Active Directory Users and Computersandhighlightthe Organizational Unit (OU)where

thepackageistobedeployed.
Highlighting the Organizational Unit where to deploy the package

3. Right-clickandselect Properties.
Selecting Properties

SR13
4. Gotothe Group Policytab,click New,andgivethegrouppolicyobjectanappropriatename.
Providing a name
5. Highlightthenewgrouppolicyobjectandclick Edit.
Highlighting the new group policy object

SR13
6. Expand Computer Configuration>Software Settingsor User Configuration>Software Settings,

dependingonhowthepackageistobedeployed.Inthiscase, Computer Configuration>Software
Settingsisselected.
Selecting Software Settings

7. Right-click Software installationandselect New>Package...Apop-upwindow,askingwhereto
locatetheinstallationpackage,isdisplayed.
Creating a new package

SR13
8. Browsetotheinstallationpackage(inthiscase, QvPluginSetup.msi),selectit,andclick Open.
Opening the installation package

9. Selectthedeploymentmethod Assignedandclick OK.Sincetheinstallationistobeappliedtothe
Computer Configuration,onlythe Assigneddeploymentmethodcanbeused.
Selecting deployment method

10. Thedeploymentruleisnowreadyforuse.AllmachinesintheOUgetthisdeployment
automatically.Whatactuallyhappensisthatwhenamachineisrebooted,theinstallationprogramis
executed,sothatanyuserthatlogsontoamachineinthatOUcanruntheinstalledprogram.The
rulecanbeappliedtomanydifferentOUs.
Deployment rule is ready for use

SR13
23 Certificate Trust
QlikView11Serverusescertificatesforauthenticationandauthorization.Acertificateprovidestrust
betweenservers(thatis,machines).
Thischapterdescribeshowtodeploycertificatesonmultipleservers.
23.1 Architecture
CertificatesareusedinaQlikViewinstallationtoauthenticateandauthorizecommunicationbetween
servicesthatresideonmultipleservers.Configuringcertificatesinamultipleserverdeploymentwithin
QlikViewremovesthedependencyonaQlikViewAdministrationGroupfortheestablishmentoftrust
betweentheQlikViewservices.Italsoallowstheuseofcertificatestobuildatrustdomainbetween
QlikViewservicesthatarelocatedindifferentdomainswithouthavingtoshareanActiveDirectory(AD)or
otheruserdirectories.
Note!TheconfigurationstepsdescribedinthischapteronlyprovideatrustdomainbetweentheQlikview
services.TheuseofSSLandcertificatesforsecuringend-usercommunicationhastobeconfigured
separately.
ThearchitectureisbasedontheQlikViewManagementService(QMS)actingasthecertificatemanageror
CertificateAuthority(CA).TheQMScancreateanddistributecertificatestoallservicesintheQlikView
installation.
QMSisthereforeanimportantpartofthesecuritysolutionandhastobemanagedfromasecurelocationto
keepthecertificatesolutionsecure.
TherootcertificatefortheinstallationisstoredontheQMSserver.AllserverswithQlikViewservicesthat
aretoparticipateintheinstallationreceivecertificatessignedusingtherootcertificatewhenaddedtothe

SR13
QMS.TheQMS(thatis,theCA)issuesdigitalcertificatesthatcontainkeysandtheidentityoftheowner.
TheprivatekeyisnotmadepubliclyavailableitiskeptsecretbytheQlikViewservices.Thecertificate
enablestheQMStovalidatetheauthenticityoftheservice.ThismeansthattheQMSisresponsiblefor
sayingyes,thisservicedeployedonthisserverisaserviceinmyinstallation.
Aftertheservershavereceivedcertificates,thecommunicationbetweentheQlikViewservicesisencrypted
usingHTTPS(SSLencryption).Thecertificatesonlysecurethecommunicationbetweentheservicesonthe
servers.Thecertificatesdonotsecurethecommunicationwiththeenduser(thatis,thecertificatesarenot
usedforQlikViewplugin,client,orwebservercommunicationwiththeQVS).
23.2 Requirements
General
Thefollowingrequirementsmustbefulfilledforthecertificatetrusttofunctionproperly:
l Certificatetrustcannotbepartiallyimplemented.ItiseitherusedbyallservicesintheQlikView
installationornotatall.
l CertificatetrustisonlysupportedbyWindowsServer2008andlater.
l IfrunningQlikView9/10Server,upgradetoQlikView11Server.
l IfitisaninitialinstallofQlikView11Server,installandconfiguretheQlikViewserviceswithout
anymodification.Priortoconfiguringtheuseofcertificates,startandstoptheservicesontheservers
(thatis,machines)wheretheQlikViewservicesaredeployed.
l SectionAccessmanagementmustnotbeconfiguredinenvironmentswherecertificatetrustis
configured.
Inaddition,thetechnicalrequirementsdescribedinthefollowingsectionsalsohavetobefulfilled.
Communication Ports
Thissectiondescribestheportsthatareneededwhenusingcertificatetrust.
Theportsthatarelistedinthefollowingtableareneededforthecertificateinstallationprocedureonthe
localserver.
Note!Theportsarenotusedforservicetoservicecommunication.
Service Ports
QlikViewDistributionService 14720

SR13
Service Ports
DirectoryServiceConnector 14730
QlikViewWebServer 14750
Theportsthatarelistedinthefollowingtableareneededforservicetoservicecommunication.
Note!Firewallconfigurationchangesmightbenecessary,dependingonthelocationoftheQlikView
serverswithintheresultingnetworkandtheroutingoftheQVScommunication.
Service Ports SSL-enabled Ports

QlikViewServer 4747,4749 4749
QlikViewDistributionService 4720 4720
QlikViewWebServer 4750,80,443 4750,443
QlikViewManagementService 4780,4799 4780,4799
DirectoryServiceConnector 4730 4730
Thefollowingtableliststheprotocolsthatareusedforcommunicationontheportsthatarespecifiedinthis
section.
Service Protocol
QlikViewServer QVPXoverSSL
Allotherservices SOAPoverSSL
Access
Toinstallthedistributedcertificatesfortherespectiveservices,physicalaccesstotheconsoleorremote
accesstotheconsole(forexample,usingremotedesktopfunctionality)isneeded.
23.3 Installation
OnlyinstalltheQlikViewservices(components)neededoneachserver.Donotperformafullinstallonall
serversusecustominstallandselectonlytheservicesthatwillbeactiveandexecutingoneachserverin
theQlikViewconfiguration.Tosimplifytheprocedure,itisrecommendedtohavethesameWindows
AdministratoronallserversintheQlikViewconfiguration.
Enabling Certificate Service Authentication

ProceedasfollowstoenablecertificateserviceauthenticationforDSC,QVWS,QMC,QDS,andQVS:
1. StoptheQMSservice.
2. RunNotepadasadministrator.
3. Openthe C:\Program Files\QlikView\Management
Service\QVManagementService.exe.configfileinNotepad.
4. ChangetheUseWinAuthenticationentryfromtruetofalse.
5. Savethefile.
6. StarttheQMSservice.

SR13
Atthispoint,youcancheckifthecertificatesareproperlysetontheserverthatexecutestheQMSservice
byrunningtheMicrosoftManagementConsole(MMC)fromtheStartmenu.SeeUsingMicrosoft
ManagementConsolefordetails.
Configuring Certificates
Proceedasfollowstoconfigurethecertificatesfortheremainingservers:
1. StoptheDSC,QDS,QVWS,andIISservicesontheserverswheretheyarelocated.
2. RunNotepadasadministrator.
3. Openthe <service>.exe.configfileforeachserviceinNotepad.
Service Default Path
DSC C:\Program Files\QlikView\Directory
ServiceConnector\QVDirectoryServiceConnector.exe.config
QDS C:\Program Files\QlikView\Distribution

Service\QVDistributionService.exe.config
QVWS C:\Program Files\QlikView\Server\Web Server\

QVWebServer.exe.config
IIS C:\Program Files\QlikView\Server\Web Server

Settings\QVWebServerSettingsService.exe.config
C:\Program
Files\QlikView\Server\QlikViewClients\QlikViewAjax\web.config
4. ChangetheUseWinAuthenticationentryfromtruetofalseineachfile.
5. Savethefiles.
6. StarttheDSC,QDS,QVWS,andIISservicesontheserverswheretheyarelocated.
CertificatetrustwithIISandQlikView11Serverisconfiguredusingport4750(thatis,thesameportasthe
QVWSuses).The.aspxpage,whichrequiredport80or443inQlikView10Server,islongerused.
However,thecertificatetrustusedtoenableHTTPSaccessforusersofthewebserverremainsunchanged.
Editing the Settings.ini File

ProceedasfollowstoedittheSettings.inifilefortheQVSservice:
1. StoptheQVSservice.
2. Openthe C:\ProgramData\QlikTech\QlikViewServer\Settings.inifileinNotepad.
3. Add EnableSSL=1inthe [Settings 7]section.

SR13
4. Savethefile.
5. Right-clickthefileandselect Run as administrator.
6. StarttheQVSservice.
Adding Services to Issue the Certificates

Proceedasfollowstoaddtheservicestoissuethecertificates:
1. OpentheQlikViewManagementConsole(QMC).
2. Addeachserviceasanewserviceandthendeletetheexistingservice.
3. Whenaddingaservice,apopupwindowappears.
4. Accesstheserverwherethenewserviceresides,eitherphysicallyorbyusingaremotedesktop
connection.ThenopenawebbrowserandentertheURLandportprovidedbytheQMCpopup
window.
5. Ontheresultingwebpage,enterthepasswordprovidedtheQMCpopupwindow.

SR13
6. Ifsuccessful,youreceivethemessagebelow.
Atthispoint,youcanchecktoseeifthecertificatesareproperlysetupontheserversthatexecutethe
additionalQlikViewservicesbyrunningtheMMCfromtheStartmenu.SeeUsingMicrosoftManagement
Console.
Using Multiple Services on a Single Server

Acertificateprovidestrustbetweenservers(thatis,machines).IfyouhaveinstalledmultipleQlikView
servicesonthesameserver,proceedasfollows:
1. StoptheadditionalQlikViewservices.
2. Openthe .configfileforeachservice.
3. ChangetheUseWinAuthenticationentryfromtruetofalseineachfile.
4. Savethefiles.
5. Starttheservice.Noadditionalpopupwindowisdisplayedandyoudonothavetoenterapassword
foranyadditionalQlikViewservices.
Note!AllTCPports(4720,4730,4747,4749,4750,4780,and4799)mustbeconfiguredasopen.
23.4 Using Microsoft Management Console

CertificatescanbevisuallyconfirmedintheMMCwiththecertificatesnap-inadded.TheQlikView
certificatesarelocatedinthe Personal>Certificates and Trusted Root Certification
Authorities>Certificates folders:

SR13
ThefiguresaboveshowproperlyinstalledcertificatesinaQlikView11Serverconfiguration.Withinthe
MMC,allQlikViewservicesonservershavecertificatesdeployedasshowninthefigures.
Theuninstallerdoesnotremovethecertificates.Thismeansthecertificateshavetobedeletedmanually,if
needed.

SR13
SR13
24 QlikView Server Extensions
24 QlikView Server Extensions

24.1 Adding Extensions to QlikView Server
TorunQlikViewExtensionsonaQlikViewServer,thecontentsofthe Extensionsfolderhavetobe
copiedfrom %UserProfile%\AppData\Local\QlikTech\QlikView\Extensions\Objectsto
the %ProgramData%\QlikTech\QlikViewServer\Extensions\Objectsfolderontheserver.
Ifthepathtotheextensionsischanged(forexample,toacommonplaceforallserversinacluster),that
pathmustbeusedinstead.Notethatthepathsetcorrespondsto
%UserProfile%\AppData\Local\QlikTech\QlikView\Extensions(thatis,itdoesnotinclude
\Objects).

SR13
SR13
25 Configuring Microsoft IIS for Custom Users
25 Configuring Microsoft IIS for Custom

Users
WhenusingMicrosoftIISaswebserverforCustomUsers,configurationisneeded.
ProceedasfollowstoconfigureIISforCustomUsers:
1. InQlikViewManagementConsole,changetheparametersonthe System>Setup>Authenticationtab
inaccordancetothefollowing:
Authentication Always
Type CustomUser
Parameters CUSTOM\
Login Address Alternateloginpage(webform)
Authentication tab

SR13
2. Selectthe QlikViewvirtualfolderandthen Authentication.
Selecting Authentication
3. Disable Windows Authenticationandenable Anonymous Authentication.
Enabling Anonymous Authentication for the QlikView virtual folder

SR13
4. Selectthe QvAjaxZfcfolderandthen Authentication.

5. Disable Windows Authenticationandenable Anonymous Authentication.
Enabling Anonymous Authentication for the QvAjaxZfc folder

6. Right-click QvAjaxZfcandselect Switch to Content View.
Selecting Switch to Content View

7. TheconfigurationofIISfortheCustomUseriscomplete.

SR13
SR13
26 Triggering EDX Enabled Tasks

Tostarttasksthathaveanexternaleventastrigger,theQlikViewManagementServiceAPI(QMSAPI)must
beused.TheusermakingtherequestcallsmustbeamemberoftheQlikViewAdministratorslocalgroupor
theQlikViewEDXlocalgroup.TheQlikViewAdministratorsgroupissetupduringtheinstallationof
QlikViewServer,buttheQlikViewEDXgroupmustbecreatedmanuallyin Computer Management.
MembersoftheQlikViewEDXgrouponlyhavetherighttotriggerEDX-enabledtasks.
Themethodtousehasthefollowingsignature:
Parameter Purpose
guid IDoftheQlikViewDistributionService(QDS)wherethetaskisdefined.
taskNameOrId TasknameorIDofthetaskinstringformat.
password Password(ifrequiredbythetask).
variableName Variablename(ifrequiredbythetask).
variableValues Listofvaluesforthevariable.
Thereturnedresultcontainsinformationonwhetherthetaskwassuccessfullystartedornot.

SR13
Theexamplebelowshowshowtotriggerataskandwaituntilithasfinishedoruntilacertainamountof
timehaspassed.
TheexamplecomesfromtheQMSAPIdocumentation,whichisinstalledaspartoftheQlikView
ManagementConsole(QMC).Itcontainsdetailedinformationontheavailablemethodsandhowtoget
startedwiththeQMSAPI.

SR13

QlikView Server Reference Manual - ENG

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

QlikView Server Reference Manual - ENG

Încărcat de

Drepturi de autor:

Formate disponibile

Server/Publisher

Version 11.20 SR13 for Microsoft Windows

2 QlikView Server/Publisher - QlikView 11.20

QlikView Server/Publisher - QlikView 11.20 3

4 QlikView Server/Publisher - QlikView 11.20

18 Clustering QlikView Publisher 109

QlikView Server/Publisher - QlikView 11.20 5

6 QlikView Server/Publisher - QlikView 11.20

QlikView Server/Publisher - QlikView 11.20 7

1.2 QlikTech Support Services

QlikView Server/Publisher - QlikView 11.20 9

%ProgramFiles% C:\Program Files C:\Program Files

%UserProfile% C:\Users\[username] C:\Documents and Settings\[username]

1.4 About this Document

10 QlikView Server/Publisher - QlikView 11.20

2 Whats New in QlikView 11 Server?

Context Sensitive Help

Audit Logging by Document

QlikView Server/Publisher - QlikView 11.20 11

Enable/Disable Document Download, Exporting, and Printing

Supporting Task for .qvd Creation

Distribution to Email within a .qvw Document

Alert Email to Document Administrators

12 QlikView Server/Publisher - QlikView 11.20

Distribution and Reload Performance

Loop and Reduce

QlikView Server/Publisher - QlikView 11.20 13

QlikView Management Console User Interface

Reduction with Lock Fields

QMC and QMEC are Merged into QMC

Load Balancing Improvements

MSI Installation of QlikView Server

14 QlikView Server/Publisher - QlikView 11.20

QlikView Settings Service

QlikView Server/Publisher - QlikView 11.20 15

QlikView Server/Publisher - QlikView 11.20 17

Upgrading from Version 8 to 11

Upgrading from Version 9 or 10 to 11

3.2 Upgrade Procedure

QlikView Server/Publisher - QlikView 11.20 19

QvPlugin Updateto %ProgramFiles%\QlikView\Server\QlikViewClients\

QvClients Updateto %ProgramFiles%\QlikView\Server\QlikViewClients.

3.3 Multi-machine Preparation

20 QlikView Server/Publisher - QlikView 11.20

Migration to a New Machine

QlikView Server/Publisher - QlikView 11.20 21

4 Installing QlikView Server

QlikView Server/Publisher - QlikView 11.20 23

l Use QlikView Administrators Group:AuthenticatecommunicationbetweenQlikViewservicesbasedon

4.1 Logging the Installation

4.2 Obtaining the MSI package

4.3 Completing the Installation

Running Microsoft IIS

24 QlikView Server/Publisher - QlikView 11.20

Optimizing the Performance

QlikView Server/Publisher License tab in QMC

QlikView Server/Publisher - QlikView 11.20 25

26 QlikView Server/Publisher - QlikView 11.20

Account to Run the Services Under

QlikView Server/Publisher - QlikView 11.20 27

5.2 Root/First Install

5.3 Adding Services on Other Machines

28 QlikView Server/Publisher - QlikView 11.20