Documente Academic
Documente Profesional
Documente Cultură
Copyright1994-2015QlikTechInternationalAB,Sweden.
Underinternationalcopyrightlaws,neitherthedocumentationnorthesoftwaremaybecopied,photocopied,
reproduced,translatedorreducedtoanyelectronicmediumormachine-readableform,inwholeorinpart,
withoutthepriorwrittenpermissionofQlikTechInternationalAB,exceptinthemannerdescribedinthe
softwareagreement.
QlikTechandQlikViewareregisteredtrademarksofQlikTechInternationalAB.
ActiveDirectory,Excel,InternetExplorer,Microsoft,.NET,SharePoint,SQLServer,Visual
Studio,Windows,Windows7,Windows2000,WindowsNT,WindowsServer,WindowsVista,
andWindowsXParetrademarksofMicrosoftCorporationintheUnitedStates,othercountries,orboth.
CASiteMinderisaregisteredtrademarkofComputerAssociates.
ChromeisatrademarkofGoogleInc.
FirefoxisaregisteredtrademarkoftheMozillaFoundation.
IBMisatrademarkofInternationalBusinessMachinesCorporation,registeredinmanyjurisdictions
worldwide.
IntelandCoreDuoaretrademarksofIntelCorporationintheU.S.and/orothercountries.
NetWeaverandSAParetrademarksorregisteredtrademarksofSAPAGinGermanyandinseveralother
countries.
NovellisaregisteredtrademarkofNovell,Inc.,intheUnitedStatesandothercountries.
OracleisaregisteredtrademarkofOracleand/oritsaffiliates.
SafariisatrademarkofAppleInc.,registeredintheU.S.andothercountries.
Salesforce.comisatrademarkorregisteredtrademarkofSalesforce.com,Inc.
WikipediaisaregisteredtrademarkoftheWikimediaFoundation.
Othertrademarksarethepropertyoftheirrespectiveownersandareherebyacknowledged.
Contents
Part 1 Introduction 7
1 Overview 9
1.1QlikView 9
1.2QlikTechSupportServices 9
1.3Conventions 9
1.4AboutthisDocument 10
2 Whats New in QlikView 11 Server? 11
Part 2 Installation 17
3 Upgrading QlikView 19
3.1UpgradeConsiderations 19
3.2UpgradeProcedure 19
3.3Multi-machinePreparation 20
4 Installing QlikView Server 23
4.1LoggingtheInstallation 24
4.2ObtainingtheMSIpackage 24
4.3CompletingtheInstallation 24
5 Building a Farm 27
5.1Planning 27
5.2Root/FirstInstall 28
5.3AddingServicesonOtherMachines 28
5.4Clustering 28
Part 3 Architecture 31
6 Roles 33
6.1QlikViewwithPublisher 33
6.2QlikViewwithoutPublisher 34
6.3QlikViewServer 35
6.4WebServer 36
6.5DirectoryServiceConnector 37
6.6ManagementService 38
6.7DistributionService 39
6.8ReloadEngine 39
7 Logging 41
7.1LoggingfromQlikViewServer 41
7.2SessionLog 41
7.3PerformanceLog 43
7.4EventLog 44
7.5End-userAuditLog 45
7.6ManagerAuditLog 47
7.7TaskPerformanceSummary 48
8 Documents, Data, and Tasks 49
8.1UserDocuments 49
8.2SourceData 50
8.3SourceDocuments 50
8.4Tasks 50
9 Service by Service 53
9.1QlikViewServer 53
9.2QlikViewDistributionService 56
9.3QlikViewPublisherRepository 58
9.4ConfigurationFiles 59
9.5WebServer 61
9.6DirectoryServiceConnector 64
9.7QlikViewManagementService 65
Part 4 Security 67
10 Security Overview 69
11 Protection of the Platform 71
11.1Functionality 71
11.2SpecialAccounts 71
11.3Communication 71
12 Authentication 73
12.1AuthenticationwhenUsingQlikViewServerinaWindowsUserEnvironment 73
12.2AuthenticationwithaQlikViewServerUsinganExistingSingleSign-onSoftwarePackage 74
12.3AuthenticationUsingneitherIWAnorSingleSign-onSoftware 75
12.4QlikViewServerAuthenticationUsingCustomUsers 76
13 Authorization 79
13.1DocumentLevelAuthorization 79
13.2DataLevelAuthorization 79
Part 5 Licensing 81
14 Client Access Licenses 83
14.1CALTypes 83
14.2Identification 84
14.3DocumentCALRestrictions 84
14.4CombiningDifferentCALs 84
14.5LicenseLease 85
14.6ClusterLicensing 85
14.7ColdStandbyServers 85
15 Editions of QlikView Server 87
15.1Editions 87
15.2FeaturesandLimitations 89
Part 6 Appendix 91
16 Silent Installation 93
16.1Settings 94
16.2Dialogs 94
16.3AdditionalDialogs 98
16.4MST 99
16.5AdditionalInformation 100
17 Clustering QlikView Servers 101
17.1WhyClusterQlikViewServers? 101
17.2RequirementsforClusteredQlikViewDeployment 102
17.3BuildingandInstallingaQlikViewCluster 104
Part1Introduction
1 Overview
ThisdocumentdescribesQlikViewServerandcontainsinformationoninstallation,architecture,security,
andlicensing.Thedocumentalsoincludesanumberofappendixesthatprovideadditionalin-depth
information.
1.1 QlikView
QlikView Server
QlikViewServerisaplatformforhostingandsharingQlikViewinformationoveranintranetortheInternet.
QlikViewServerconnectsusers,clienttypes,documents,andobjectswithinasecureenvironment.
QlikView Publisher
QlikViewPublishermanagescontent,access,anddistribution.Byreducingdata,eachusercanbepresented
withtailoredinformation.TheQlikViewPublisherserviceanduserinterfacearefullyintegratedinto
QlikViewServerandQlikViewManagementConsole(QMC).
QlikTech International
150 N. Radnor Chester Road
Suite E220
Radnor, PA 19087
USA
Phone: +1 (888)-828-9768
Fax: 610-975-5987
Forotherlocations,visittheQlikTechhomepage(seeabove).
1.3 Conventions
Style Coding
Menucommandsanddialogoptionsarewrittenin bold.Filenames,paths,andsamplecodearewrittenin
Courier.
Environment Variables
Thepathsdescribedinthisdocumentuseenvironmentvariables.Thevariablesandtheequivalentpathsin
WindowsVista(andlater)andWindowsXParepresentedbelow.
Environment
Windows Vista and later Windows XP
Variable
%ProgramData% C:\ProgramData C:\Documents and Settings\All
Users\Application Data
LDAPs
ConfigurableLDAPDSPforLDAPs(LDAPviaSSL)supporthasbeenadded.
License Tracking
TheuseoflicenseshasbeenaddedtotheQlikViewEventServerlogs.Thefollowingeventsarenowlogged
(whenusinglowverbositylogging):
l PGO,Recreating[filename]frombackup
l PGO,Recreatingcorruptfile[filename]
l PGO,Creatingfile[filename]
l License,Licenseleasedtouser[username]onmachine[machinename]
l CALusage,UsingCALoftype[CALtype]foruser[username]onmachine[machinename].
Sessionsonthiscaltype:X
l CALusage,ReleasingsessionCALforuser[username]onmachine[machinename]
l CALusage,UsageCALsessionforuser[username]onmachine[machinename]stopped
l CALusage,NamedUserCALsessionforuser[username]onmachine[machinename]stopped
l CALusage,DocumentCALsessionforuser[username]onmachine[machinename]stopped
l CALallocation,Unused(Document)NamedUserCAL[username]deletedok
l CALallocation,(Document)NamedUserCAL(notusedfor24hours)[username]deletedok
l CALallocation,Unused(Document)NamedUserCAL[username]markedfordeletionok
l CALallocation,(Document)NamedUserCAL[username]addedok
l CALallocation,NamedUserCAL(notusedfor24hours)[username]deletedok
l CALdeallocation,(Document)NamedUserCAL[username]nolongermarkedfordeletionok
l CALdeallocation,(Document)NamedUserCAL[username]notmarkedfordeletiondenied
l CALdeallocation,(Document)NamedUserCAL[username]notfounddenied
Reloads
PriortoQlikView11Server,areloadisperformedinthefollowingwaywithPublisher:
1. Theentiredocument(.qvw)isloadedtomemoryfromdisk.
2. Areloadiscompleted.
InQlikView11Server,areloadisperformedinthefollowingway:
1. Thedocument(.qvw)withoutthedataisloadedtomemoryfromdisk.
2. Areloadiscompleted.
Theperformanceenhancementisthereductionintimetoloadthedocumenttomemoryfromdisk,since
thereisnodata.QlikView11Publishercanopensourcedocumentswithoutdatapriortoexecutingareload
task.Thereisnoneedtoloadthedocumentdatatomemoryandthenperformareloadofthedocument.
Improved Logging
ChangestothesettingsinQlikViewServerandQlikViewWebServerarestoredintheauditlog.
ThelogginganderrorhandlinghavebeenimprovedforQlikViewDistributionService.
AccessPoint Remake
AccessPointhasbeengivenanewlookandfeel:
l Newsearchcapabilitieshavebeenadded.
l Thedocumentattributeshavebeenleveragedtoimprovethecategorizationofdocuments.
l Documentdescriptionscanbeadded.
l GlobalmessagescanbeshownontheAccessPointbyaddingmessagesinQMC.
EDX Enhancements
StartinganEDXreturnsasessionIDtoallowinterrogationofthestatusofthesessionratherthanonthe
task.Whenthesessionisdone,thestatuscontainsalistofallthetasks(andsessionIDs)thathavebeen
triggered,allowingforcontinuoustrackingofthestatus.ThisfunctionalityisavailablethroughtheAPI.
Retries
Ifataskthatcontainsaloopfails,itrestartsfromthepointoffailure,ratherthanfromthebeginningofthe
loop.
Part2Installation
3 Upgrading QlikView
3.1 Upgrade Considerations
Migrating from 32-bit (x86) to 64-bit (x64) Version
Whenmigratingfrom32-bit(x86)to64-bit(x64)orfrom64-bit(x64)to32-bit(x86),therunningversion
mustbemanuallyremovedpriortoinstallingthenewversion.
ToinstallQlikViewServer,proceedasfollows:
1. VerifythatbackupmediaexistsforthecurrentreleaseofQlikViewServerandbackupallcurrent
filesassociatedwithQlikViewServer(HTMLpages,QlikViewdocuments,licensingfile,QlikView
Server .sharedfiles,andsoon).
2. WhenrunningQlikViewServerversion8,usethe UserstabinQMCtodetermineifthereareany
activeuserslinkedtoQlikViewServer.Itmaybeagoodideatosendoutabroadcastmessageto
notifytheusersthattheservicewillbestopped.
3. UninstallQlikViewServerfrom Start Menu>Control Panel.
4. InstallQlikView11Server.
Note!WhenupgradingfromapreviousversionandusingMicrosoftIIS,thevirtualfoldersinIISmustbe
updated(seethetablebelow).
Microsoft IIS
Update Required
Virtual Folder
QVAJAXZfc Updateto %ProgramFiles%\QlikView\Server\QlikViewClients\
QlikViewAjax.
QvAnalyzer Removed
QvJava Removed
QvPrint Removed
Simple Upgrade
Thisprocedurerequiresnospecialplanningandinvolvesthesmallestrisk,butcausesthesystemtobedown
forsometime.
Proceedasfollowstoperformastraight-forwardupgrade:
1. Performabackupasdescribedin Upgrade Procedure (page 19).
2. Stopallservicesrunningonallmachines.
3. Upgradetheservicesoneachmachine(inanyorder).
4. Startallservicesonallmachines.
Maximize Uptime
Thisprocedurerequiresmoreplanning,butthesystemuptime(fromanenduserpointofview)ismaximized.
Proceedasfollowstoperformtheupgrade:
1. Performabackupasdescribedin Upgrade Procedure (page 19).
2. StopQMS(whichmeansQMCbecomesunavailable).
3. Upgradeinthefollowingorder(lettheinstallerrestarttheservices):
a)Webservers
b)DirectoryServiceConnector(DSC)
c)QlikViewServer(QVS)
d)QlikViewDistributionService(QDS)
e)QMS
4. StartQMS(whichmeansQMCbecomesavailableagain).
Note!IPv4isrequiredforinstallationofQlikViewServer.IPv6iscurrentlyunsupported.
ItisrecommendednottomovefolderlocationsaftertheQlikViewServerinstallationiscomplete,since
manysettingsdependontheinitialfilelocations.IfthelocationofQlikViewServerhastobechangedafter
theinstallation,proceedasfollows:
1. RuntheQlikViewServerinstallationexecutable:
l MicrosoftWindowsx86version:QlikViewServer_x86Setup.exe
l MicrosoftWindowsx64version:QlikViewServer_x64Setup.exe
l MicrosoftWindowsServer2012/Windows8(andlater):QlikViewServer_Win2012andUp.exe
2. IftheUserAccountControldialogisdisplayed,click Yestoallowtheprogramtomakechangeson
thiscomputer.
3. Click NextintheWelcomedialog.
4. Selecttheregionforthelocationoftheserver.Click Nexttocontinue.
5. Readthelicenseagreement,select I accept the terms in the license agreement,andclick Nextto
continue.
6. EnterthecustomerinformationforQlikViewServer.Click Nexttocontinue.
7. Allfilesareinstalledinthespecifiedfolder.Tochangetherootfolderfortheinstalledfiles,click
Changetospecifythepreferredlocation.Finally,click Nexttocontinue.
8. Selectthetypeofinstallationyouwanttoperform:
l Full installation, Single machine with QlikView Webserver:Usedtorunallcomponentsonasingle
machinewithQlikViewWebServeraswebserver.
l Full installation, Single machine with Microsoft IIS:Usedtorunallcomponentsonasinglemachinewith
MicrosoftIISaswebserver.ThisoptionisonlyavailableifIISisinstalledonthetargetmachine.
l Custom installation, select profiles:Ifthisoptionisselectedyouselecttheprofilesyouwanttobeincluded
intheinstallationfromtheProfilessectioninthedialog:
l QlikView Server:InstallsQlikViewServer,DirectoryServiceConnector,andtheQlikViewServerexample
documents.
l Reload/ Distribute Engine:InstallstheReloadEngineandtheQlikViewDistributionService.
l Management Console:InstallstheQlikViewManagementServicetogetherwiththeQlikView
ManagementConsole(QMC).
l Webserver:InstallstheQlikViewWebServer.
Tomakefurtherconfigurationoffeaturestobeinstalled,clickConfig.Whendone,clickNext.
Tousepre-definedconfigurationoffeatures,clickNext.
9. SettheaccountthattheQlikViewServerandPublisherservicesaretorununder.ClickNext tocontinue.
Note!TheaccountthatisusedtoruntheQlikViewservicesmusthavelocaladministratorprivileges.
Note!IfusingalocaladministratoraccountonWindowsXPProfessionalx64SP2thatisnotpartofadomain,the
installationprogramcannotresolvetheaccount.ThismeansthattheaccountfortheservicesinComputer Manager
hastobesetmanually.
YoucanalsoselectI want to specify the account to be used for the services later.
10. SelecttheIISWebsitefromthedrop-downlistandclickNext.
Note!ThisstepisonlyapplicableifFull installation, Single machine with Microsoft IISwasselectedinStep 8.If
not,proceeddirectlytothenextstep.
11. SelecttheServiceAuthenticationmethod:
l Use digital certificates:AuthenticatecommunicationbetweenQlikViewserversusingdigitalcertificatesand
SSL.Thisalternativeisrecommendedinenvironmentswherenotallservershaveaccesstoacommon
WindowsActiveDirectoryorwhenthesecurityprovidedbycertificateauthenticationisrequired.Notethat
digitalcertificatesareonlysupportedbyWindowsServer2008R2andlater.
Note!Runningreal-timeanti-virusprotectionontheserverdegradestheperformanceofQlikViewServer.It
isrecommendedthattheuserdocuments,sourcedocuments,logdirectories,and .pgofilesareexcluded
fromtheanti-virusscanning.
Proceedasfollowstohandletimeouts:
1. Openthe %ProgramFiles%\QlikView\Server\QlikViewClients\QlikViewAjax\web.configfileinatext
editor(forexample,Notepad).
2. Searchforthefollowingtext:
<httpRuntime requestValidationMode="2.0" />
3. Editthetextsothatitbecomes:
<httpRuntime requestValidationMode="2.0" executionTimeout="900"/>
4. Savethefile.
Enabling ASP.NET
IfMicrosoftIISisusedaswebserverinaWindowsServer2003(orlater)environment,enableASP.NETto
ensureproperoperationoftheQlikViewServersamplepagesandtheextendedfunctions(forexample,
QlikViewServertunnel).
Licensing
ThelicensingisusedtoauthenticateQlikViewServerandallowittorunonaspecificmachine.
ProceedasfollowstoenterthelicenseforQlikViewServer:
1. Goto System>LicensesintheQMC.
2. SelectaQlikViewServerorPublisher.
3. Fillinthe Serial numberand Controlfieldsonthe QlikView Server Licenseor QlikView
Publisher Licensetab(dependingonwhetherQlikViewServerorPublisherwaschosen).
Note!AnypreviouslydefinedtasksaredeletedwhentheQlikViewPublisherlicenseisactivated.
The PubLef.txtfileforQlikViewPublisherissavedin
%ProgramData%\QlikTech\ManagementService\Publisher LEF(C:\Documents and
Settings\All Users\Application Data\QlikTech\ManagementService\Publisher
LEFonpre-WindowsVistasystems).
Click Update License from Servertodownloadanew lef.txtfilefromtheQlikViewLEFserver.Thisis
primarilyusedwhenupdatingthenumberofClientAccessLicenses(CALs).
IftheLEFinformationcannotbeaccessedthroughtheInternet,itcanbeobtainedfromthelocalvendor.In
thatcase,copytheentire lef.txtfiletothelocationmentionedabove,orpastetheLEFdatausingthe
correspondingfieldontheQlikViewServer/PublisherLicensetabinQMC.Contactthelocalvendorfor
specificinstructions.
5 Building a Farm
Serverfarmscanbeusedtoprovideadditionalperformance,redundancy,andsecurityinplaceofasingle
serversolution.
5.1 Planning
Beforestartingtheactualinstallation,planningisneeded.Thefollowingitemshavetobeconsidered:
l Trustmechanism
l Webserver(QlikViewWebServerorMicrosoftIIS)
l Redundancylevel
l Accounttoruntheservicesunder
l QVPRformat(XMLorSQL)
l Userdirectory
l Userauthentication
l Firewalls
Trust Mechanism
TrustmechanismsareprovidedwithWindowsgroupsorcertificates.
Windowsgroupscaneasilybedeployed,ifallservicesresideinasingleActiveDirectory(AD).Ifencrypted
communicationisneeded,itcanbeaddedmanually.
Certificatesprovidefortrustmechanismsincross-domainenvironmentsandcanalsoprovideSSLencryption.
Web Server
QlikViewWebServerisintendedforusewhenthewebserverisnotneededforotherpurposes.Itis
lightweightandeasytomanage,butatthesametimelimitedtosupportthetasksneededbyaQlikView
installation.
AMicrosoftIIS-hostedwebserverisrecommended,if:
l Moreflexibilityormoreadvancedtuningisrequired
l ThewebserveristobeusedforothertasksthanQlikView
l Anauthorizationschemenotavailableout-of-the-boxisrequired
Redundancy Level
Theredundancylevelismainlyaquestionofclusteringand/orhavingmultiplemachinesrunningthesame
service.AllservicesexceptQlikViewManagementService(QMS)canbeinstalledonmultiplemachines.In
addition,QlikViewServer(QVS),QlikViewDistributionService(QDS),andDirectoryServiceConnector
(DSC)canbeclustered.
QVPR Format
ThechoiceofQVPRformatisbasedonreasonsoutsidetheQlikViewproduct(forexample,backupand
availability).TheinstallationalwaysstartsinXMLmode.
User Directory
QlikViewdefaultstoWindowsusers(thatis,NTFSmode).Ifnon-Windowsusersaretobegivenaccess
(otherthananonymously),QlikViewServermustruninDocumentMetadataService(DMS)mode.
DMSmodemayalsobepreferableforotherreasons,see Document Level Authorization (page 79).
User Authentication
QlikViewsupportsmultipleauthenticationschemes.AdditionalschemesmayrequireASPXdevelopment
andthepossibleuseofMicrosoftIISforwebservices.
Forinformationontheavailableauthenticationschemes,see Authentication (page 73).
Firewalls
Makesurethattheservicesareabletocommunicate(forexample,byopeningtheappropriateportsinthe
firewalls).Forinformationontheports,see Service by Service (page 53).
5.4 Clustering
ThissectionprovidesanoverviewofhowcreateaQlikViewServercluster.Foradditionalinformation,see
Clustering QlikView Servers (page 101)and Clustering QlikView Publisher (page 109).
Note!Do notmixarchitecturesthatis,32-bit(x86)and64-bit(x64)withinacluster.
QlikView Server
FortheQlikViewServerclustertoworkproperly,itisimportanttoset System>Setup>QVS
resource>Folders>Root Foldertoacommonsharedfolder.Inaddition, Alternate Temporary Files Folder
Pathmustbesettoacommonsharedfolder(separatefromtherootfolder).
Ifextensionsareused,itsimplifiesmanagementif Alternate Extension Pathissettoacommonshared
folder.
Itisalsocommonpracticetoset System>Setup>QVS resource>Logging>Log Foldertoacommonplace,
butthisisnotstrictlynecessary.
Note!Therootfoldermust notbeusedforanythingelsethanclusterfiles(thatis, .pgofiles)anduser
documents.
Note!Iftheentriesdonotalreadyexistintheregistry,theyhavetobeaddedmanually.
TesttheQlikViewServertunnelbyenteringthefollowingURLinaclientbrowserwindow:
http://<Servername>/scripts/qvstunnel.dll?test
Servernameisthewebserver.Ifthetunneliscorrectlysetup,thewebpagereturnsamessage(that
tunnelingisavailable)andtheQlikViewServerversionnumber.
Part3Architecture
6 Roles
TheoverallarchitectureofaQlikViewinstallationreflectstheseparationofroles.
QlikView deployment with Publisher containing the location of the QlikView components
Front End
Thefrontendiswhereendusersinteractwiththedocumentsanddatathattheyareauthorizedtoseevia
QlikViewServer.ThefrontendcontainstheQlikViewuserdocumentsthattypicallyhavebeencreatedvia
QlikViewPublisheratthebackend.Allcommunicationbetweentheclientandservertakesplacehereand
QlikViewServerisfullyresponsiblefortheclientauthorization.
Thefrontendreliesoninfrastructureresources(forexample,Windows-basedFileShareforclustering).
Note!QlikViewServercurrentlyonlyconformswithWindowsFileShareoraWindows-basedNAS.This
meansthatstoragemustbeowned,governed,andsharedbyaWindowsoperatingsysteminstance(typically
accessedusingapathlike \\<servername>\<share>).
Note!QlikViewdoesnotsupportWindowsDistributedFileSystem(DFS).
Authenticationofendusersis(withexceptionofthebuilt-inCustomUsers)handledoutsideQlikView.
Back End
ThebackendiswheretheQlikViewsourcedocuments,createdusingQlikViewDeveloper,reside.These
sourcefilescontainscriptstoextractdatafromvariousdatasources(forexample,datawarehouses,Microsoft
Excelfiles,SAP,andSalesforce.com).Thisextractionsometimesinvolvesintermediatefiles(QVD
files).ThemainQlikViewcomponentthatperformstheloadinganddistributionatthebackendisthe
DistributionService.Withinthebackend,theWindowsfilesystemisalwaysinchargeofauthorization(that
is,QlikViewisnotresponsibleforanyaccessprivileges).
Thebackendusestheinfrastructureresourcesforclustering(forexample,Windows-basedFileShare)and
mayalsouseresourceslikeSMTPserversanddirectorycatalogs.
Note!QlikViewServercurrentlyonlyconformswithWindowsFileShareoraWindows-basedNAS.This
meansthatstoragemustbeowned,governed,andsharedbyaWindowsoperatingsysteminstance(typically
accessedusingapathlike \\<servername>\<share>).
Note!QlikViewdoesnotsupportWindowsDistributedFileSystem(DFS).
Asdepictedhere,boththebackendandfrontendaresuitablefordevelopment,testing,anddeployment.
Client Runsinawebbrowseroranapplicationshellthatprovidesacontainerfortheclientcode.The
clientcommunicateswithQVSeitherdirectlyorthroughthewebservertoprovidethe
QlikViewinterfaceandfunctionalitytotheenduser.
Web Runsanhttpserver,whichcanbeusedtoservehtmlwebpagestotheclient,assistswith
server authenticationoftheuser,andenablescommunicationbetweentheclientandQVS.
WiththeexceptionofCustomUsers,theauthenticationofclientusersisdoneoutsideQlikViewusing,for
example,Windowsauthentication.See QlikView Server Authentication Using Custom Users (page 76)for
informationonauthenticationofCustomUsers.
TheprotocolsdefinedforclientcommunicationwithQVSarelistedbelow.
Protocol Description
QlikViewProtocol Encrypted,binary,andTCP-based;communicatesdirectlywithQVSonport
(QVP) 4747.
QVPX XML-based;communicateswiththeQVSusinghttp/httpsthroughaweb
server.
Windowsclients(.exe/.ocx)communicatedirectlywithQVSusingQVPonport4747.Theseclientsdo
notrequireawebservertoestablishandmaintainaconnectionwithQVS.
TheAJAXclientandmobileclientsdonotcommunicatedirectlywithQVS.Theyestablishandmaintaina
connectionusingtheQVPXprotocolthroughawebserver,QlikViewWebServer(QVWS)orMicrosoftIIS.
Thisisnormallydoneusingport80(http).Thewebserver,inturn,communicateswithQVSusingthe
QVPX2protocolonport4747.
ThedefaultinstallationsettingsforQVSuseQVWS,notIIS.QVWSsharesport80withIISonWindows
Vista(andlater)andWindowsServer2003(andlater).OnWindowsXP,onlyoneofthetwowebservers
canuseport80.Ifbothareconfiguredtorun,theymustbeassigneddifferentports.
Management Service
TheQlikViewManagementService(QMS)keepssettingsinadatabaseofitsown,theQVPR.TheQVPRis
bydefaultstoredasXMLfilesanalternativeisstoringthesettingsinanSQLdatabase.Aninstallation
canonlyhaveasingleinstanceofQMSactive.Active/passivefailovershouldbeusedforredundancy.Note
thatnootherserviceneedsQMStoberunning.
Distribution Service
TheDistributionServiceworkswiththesourcedocumentstoproduce:
l Userdocuments
l .qvwfilesfordistributiontoafolderorviae-mail
l .pdfdocumentsfordistributiontoafolderorviae-mail
Thechainofeventsuptothefinaldistributioninvolvesoneormanyofthefollowingtasks:
1. Dataisloadedfromoneormoredatasources(includingQVD)intooneormore .qvwor .qvdfiles.
2. Adocumentisreducedintooneormoresmallerdocuments.
3. Attributesandusagerulesareadded(applicableonlywhendistributedtoaQVS).
TheDistributionServiceperformsthetasksaccordingtodefinedschedulesand/orasresponsestoevents.
7 Logging
AllalertsfromtheQlikViewservicesappearintheWindowseventlog.
ExeVersion FullversionnumberofQVS.
Example:11.00.11076.0409.10
ServerStarted DateandtimewhenQVSwasstarted.
Timestamp Dateandtimewhenthelogentrywascreated.
Document QlikViewdocumentthatwasaccessed.
Document Filetimestampofthedocumentthatwasaccessed.
Timestamp
QlikViewUser QlikViewsectionaccessuserID(ifused).
ExitReason Reasonforsessiontermination:
l Socketclosed=Client-inducedtermination
l LRU=TerminatedasLeastRecentlyUsedinfavorofnewuser
l Shutdown=Server-inducedterminationforotherreasons
Note!Thisisnotacompletelist,astheexitvalueinsomecasescomesfromtheoperating
system.
SessionStart Timewhenthesessionwasstarted.
Field Description
SessionDuration Durationofsessioninhours:minutes:seconds.
CPUSpent(s) CPUsecondsspentbythesession.
BytesReceived Bytesreceivedbytheserverduringthesession.
BytesSent Bytessentbytheserverduringthesession.
Calls NumberofQlikViewcallsduringthesession(bidirectional).
Selections NumberofQlikViewselectionsmadeduringthesession.
AuthenticatedUser AuthenticatedWindowsNTuserID(ifany).
IdentifyingUser Clientuseridentification.
ClientMachine Clientmachineidentification.
Identification
SerialNumber SerialnumberoftheQlikViewclient(installedclientsonly,thatis,QlikView
DesktopandInternetExplorerplugin).
ClientType Clienttypeused:
l WindowsExe=QlikViewDesktopandInternetExplorerplugin
l Ajax=allclientsthatusetheQVPXprotocol
l Unknown
ClientBuild BuildversionoftheQlikViewclient.
Version
SecureProtocol Secureprotocolused:
l Onwhenencryptedcommunicationisused(typicallyWindowsclients).
l Offwhennon-encryptedcommunicationisused.
TunnelProtocol TunnelwhenQVStunnelcommunicationisused.
ServerPort Portusedbytheserver.
ClientAddress ClientIPnumberfortheclientthatisconnectedtotheserver(throughtheport
specifiedintheServerPortfieldabove).
ClientPort Clientport.
CALType ClientAccessLicense(CAL)type:
l User=NamedUserCAL
l Session=SessionCAL
l Usage=UsageCAL
l Document=DocumentCAL
CALUsageCount NumberofUsageCALs.
Session SessionID.
ExeVersion FullversionnumberofQVS.
Example:11.00.11076.0409.10
ServerStarted DateandtimewhenQVSwasstarted.
Timestamp Dateandtimewhenthelogentrywascreated.
EntryType Entrytype:
l Serverstarting=Startup
l Normal=Normalintervallogentry
l Servershuttingdown=Shutdown
ActiveDocSessions Numberofdocumentsessions*thathasshownactivityduringtheinterval
andstillexistsattheendoftheinterval.
DocSessions Totalnumberofdocumentsessions*thatexistsattheendoftheinterval.
ActiveAnonymousDocSessions Numberofdocumentsessions*withanonymoususerthathasshown
activityduringtheintervalandstillexistsattheendoftheinterval.
AnonymousDocSessions Totalnumberofdocumentsessions*withanonymoususerthatexistsat
theendoftheinterval.
ActiveTunneledDocSessions Numberofdocumentsessions*withtunneledconnectionthathasshown
activityduringtheintervalandstillexistsattheendoftheinterval.
TunneledDocSessions Totalnumberofdocumentsessions*withtunneledconnectionthatexists
attheendoftheinterval.
DocSessionStarts Numberofdocumentsessions*thathasbeeninitiatedduringtheinterval.
ActiveDocs Numberofdocumentsloadedattheendoftheintervalinwhichtherehas
beenuseractivityduringtheinterval.
RefDocs Numberofdocumentsloadedattheendoftheintervalforwhichthereis
asessionattheendoftheinterval.
LoadedDocs Totalnumberofdocumentsloadedattheendoftheinterval.
DocLoads Numberofnewdocumentsloadedduringtheinterval.
Field Description
DocLoadFails Numberofdocumentsthathasfailedtoloadduringtheinterval.
Calls TotalnumberofcallstoQVSduringtheinterval.
Selections Numberofselectioncallsduringtheinterval.
ActiveIpAddrs NumberofdistinctIPaddressesthathasbeenactiveduringtheinterval
andstillexistsattheendoftheinterval.
Note!TunneledsessionsandmultipleusersoriginatingfromthesameIPcannotbe
distinguished.
IpAddrs TotalnumberofdistinctIPaddressesconnectedattheendoftheinterval.
Note!TunneledsessionsandmultipleusersoriginatingfromthesameIPcannotbe
distinguished.
ActiveUsers NumberofdistinctNTusersthathasbeenactiveduringtheintervaland
stillexistsattheendoftheinterval.
Note!Anonymoususerscannotbedistinguished.
Users TotalnumberofdistinctNTusersconnectedattheendoftheinterval.
Note!Anonymoususerscannotbedistinguished.
CPULoad AverageCPUloadfromQVSduringtheinterval.
VMAllocated(MB) SizeinMBofthevirtualmemoryallocatedbyQVSattheendofthe
interval**.
VMCommitted(MB) SizeinMBofthevirtualmemoryactuallyusedbyQVSattheendofthe
interval.ThisnumberispartofVMAllocated(MB)andshouldnotexceed
thesizeofthephysicalmemoryinordertoavoidunacceptableresponse
times.
VMFree(MB) SizeinMBoftheunallocatedvirtualmemoryavailabletoQVS**.
VMLargestFreeBlock(MB) SizeinMBofthelargestcontiguousblockofunallocatedvirtualmemory
availabletoQVS.ThisnumberispartofVMFree(MB).
UsageCalBalance -1.00=TherearenoUsageCALs.
*Oneuser+onedocument=Onedocumentsession.
**VMAllocated(MB)+VMFree(MB)=TotalmaximumvirtualmemoryspaceavailabletotheQVSprocess.
Timestamp Dateandtimewhenthelogentrywascreated.
SeverityID IDfortheseveritylevel:
1=Error
2=Warning
4=Information
EventID UniqueIDfortheeventtype.
Severity Eventseveritylevel:
l Error
l Information
l Warning
Message Eventdescription.
Field Description
Server DateandtimewhenQVSwasstarted.
started
Timestamp Dateandtimewhenthelogentrywascreated.
Document Pathandnameofthedocumentthatwasaccessed.
Type Typeofselectionmade(forexample,SelectionorBookmark).
Foranoverviewofthetypesavailable,seethetablebelow.
User Username.
Field Description
Message Informationonthetypeofselectionorapplicationofbookmarkthatwasmadeinthe
document(forexample,ApplyServer\Bookmark15).
Foranoverviewofthemessagesthatcanbepostedinthisfield,seethetablebelow.
Id IDoftheobjectthatisconnectedtotheoperation(forexample,Document\SH03).If
thereisnoobjectconnectedtotheoperation,thisfieldisempty.
Session SessionID.
ThetypesandmessagesthatcanbepostedintheTypeandMessagefieldsintheend-userauditlogare
listedbelow.
Note!Intheend-userauditlog,XXXandYYYarereplacedwithvaluesfromtheQlikViewdocument.
Thefollowingexampleshowstheresultinglogentrywhenabookmark(Bookmark01)isselected.Thelog
hasbeenputinatableforbetteroverview.
Field Value
Serverstarted 2013-05-0610:17:33
Timestamp 2013-05-0610:23:28
Document C:\ProgramData\QlikTech\Documents\Test.qvw
Type Bookmark
User QlikTech\jsmith
Message ApplyServer\Bookmark01
Ifdetailedauditloggingisselected,thelogentryabovemaybefollowedbyoneormorelogentriesthat
detailtheselectionsthatweremadebecausethebookmarkwasselected.Intheselogentries,theTypefield
issettoBookmarkSelection.
ModifiedTime Timeanddate(inUTC)whenthechangesweremade.
ID IDoftherow(thatwasupdatedordeleted)inthetablethatwaschanged.
Thefollowingexamplecomesfromthe AlertEmailtable.Theloghasbeenputinatableforbetter
overview.
TransactionID 455a241d-8428-4dc7-ba67-4ae7cb21cf3d
ChangeType Update
ModifiedTime 2010-02-0215:12:54
ModifiedByUser MyDomain\mjn
ID b3745325-cee7-4fe7-b681-9c9efe22fc5c
DistributionServiceID 8846d7dd-bb3f-4289-9c9b-b0ca71b7c3b2
FolderID 18fcf23e-bd07-4fb9-a8ed-eb71df701b0f
MailAddress mjn
TransactionID 455a241d-8428-4dc7-ba67-4ae7cb21cf3d
ChangeType Update
ModifiedTime 2010-02-0215:12:54
ModifiedByUser MyDomain\mjn
ID a37f242c-6d80-42da-a10c-1742d2ec927f
DistributionServiceID 8846d7dd-bb3f-4289-9c9b-b0ca71b7c3b2
QDSWebAdress http://computer-mjn:4720/qtxs.asmx
CurrentWorkorderID 96bff2dc-f1ea-84d2-b6c4-ea58bf5c98e5
CurrentConfigurationID c0c4bbb4-66ab-4a8e-4c3a-16aa7febce6e
Shared Files
TherearemultipleobjectsavailableforusercollaborationandsharingthroughQlikViewServer:
l Bookmarks
l Sheetobjects,includingcharts
l Reports
l Annotations
Eachoftheseobjectsmaybedefinedasauserobject,availabletoauthenticatedusers,regardlessofaccess
methodorlocation,orasharedobject,availabletoallusersofthedocumentthroughQVS.
TheobjectsareconfiguredandmanagedusingQlikViewManagementConsole(QMC).
OnceQVSisenabledforserverobjects,anyoftheQVSobjectsettingsarechecked,andthedocumentis
openedinQVS,aspecialdatabasefileiscreatedandmaintainedinthesamelocationastheQlikView
document.ThefilehasthesamenameastheQlikViewdocument,buta .Sharedfileextension.
Example:
l QlikViewdocument: Presidents.qvw
l QVSsharefile: Presidents.qvw.Shared
IfthenameoftheQlikViewdocumentischanged,the .Sharedfilehastobemanuallyrenamedtomatch
beforeopeningtherenamedQlikViewdocumentinQVS.Thispreservesthesharedobjectsattachedtothe
document.
WhenupdatingaServerobject,report,bookmark,orinputfielddata,thefileisexclusivelylocked.Making
aselectionorsimplyactivatingtheobjectdoesnotlockthefileandanynumberofserverscanreadthefile
atthesametime.Apartiallockisimplementedsothatdifferentsectionsofthefilemaybeupdated
simultaneouslybydifferentserversinacluster.
Thefileisreadoncewhentheserveropensthedocument,butitisnotreadagainunlesstherearechanges.
Allsessionssharethesameinternalcopyofthe .Sharedfile(thatis,openingasessiongenerallydoesnot
requirethefiletobereadfromdisk).
Theserverobjectscanbemanaged(forexample,changeofownershipordelete)onthe Documents>User
Documents>Server>Server ObjectstabinQMC.
8.4 Tasks
Taskscanbeusedtoperformawidevarietyofoperationsandbechainedtogetherinanyarbitrarypattern.
Thestartingpointwhendescribingtasksisthetransformationofasourcedocumentintoauserdocument.
Source
Ataskisalwaystiedtoasourcedocument,sothesourceisgiven.
Layout
Thesourcedocumentcontainsthelayout,whichiscopiedunchangedallthewaytotheuserdocuments.
Theserversidelayoutisassociatedwiththeuserdocumentandisalsounchanged.
Reload
Thedatacanbe:
l Usedasstoredinthedocument(thatis,noreload)
l Partlyreloadedfromthesource(thatis,requirescriptpreparation)
l Fullyreloadedfromthesource,discardinganyolddata
l ReloadedinpartsbyuseofScriptParameters(whichrequirescriptpreparation)
Reduce
Thedocumentcanbereducedafterreload.Thereductioncaneitherreducetheinputintoasmallerdocument
(simplereduce)orsplititupintoseveralsmallerdocuments(loopandreduce).
Thereductionisbasedonaselection,eitherdonedirectlyinQMCorusingbookmarks.
Distribution
DistributionrequiresaQlikViewPublisherlicense.
Thedestinationisdefinedas:
l AlistofusersandafolderonaQlikViewServer
l Alistofusersandafolderinthefilesystem
l Alistofusers(assumingtheire-mailaddressesareknown)
Note!Loopanddistributemustbeused,ifdifferentcontentistobedistributedtodifferentusers.Ifnot,
thesamedocument(ordocuments)isdistributedtoall.
Information
Informationcanbeassociatedwiththedocumentaspartofthedistributiontoaserver.Theinformationis
notmovedwiththedocument,ifitisdistributedtoanotherlocation.TheinformationisusedinQlikView
AccessPoint.
Thefollowinginformationcanbeassociatedwiththedocument:
l Description
l Category
l Arbitrarynamevaluepairs
Server Settings
Thesettingsforthedocumentaredistributedtoaserver.Thesettingsarenotmovedwiththedocument,ifit
isdistributedtoanotherlocation.ThesettingsareenforcedbyQlikViewServer.
Authorizationenforcedbytheserver(equaltoallservers):
l Theusersauthorizedtocreateserverobjects
l Theusersauthorizedtodownloadthedocument
l TheusersauthorizedtoprintandexportthedocumenttoMicrosoftExcel
PreferencesappliedbyQlikViewAccessPoint(equaltoallservers):
l InternetExplorerpluginisrecommended
l Mobileclientisrecommended
l AJAXclientisrecommended
Performanceenforcedbytheserver(equaltoallservers):
l Auditlogging
l Maximumopensessions
l Documenttimeout
l Sessiontimeout
Availability(perserver):
l Never
l On-demand
l Pre-loaded
9 Service by Service
ThischapterdescribestheQlikViewServer/Publishercomponentsindetail.
Note!TheaccountthatisusedtoruntheQlikViewservicesmusthavelocaladministratorprivileges.
Data %ProgramData%\QlikTech\QlikViewServer
Listens to QVP:4747;QVP(tunneling):4774;Broadcast:14747;SNMP:161
Uses/Controls -
Used by QDS,QMS,QVWS,QlikViewDesktop/InternetExplorerplugin/OCX
Files
Settings and Configuration
File Description
Settings.ini StorestheQlikViewServer(QVS)settings.Manualchangesinthisfilerequirerestart
ofQVS.ThisfileisalwaysstoredintheDatafolder(see Overview (page 53)).
Cluster
QVSuses .pgofilestocoordinateacluster.ThefilesarestoredintheDatafolder(see Overview (page
53)).
File Description
BorrowedCalData.pgo KeepstrackofborrowedClientAccessLicenses(CALs).
CalData.pgo KeepstrackofCALs.
ServerCounters.pgo Keepstrackofstatistics.
TicketData.pgo Keepstrackoftickets.
Logs
Thelogsarekeptonepernodeinthecluster.ThelogfilesarestoredintheDatafolderbydefault(see
Overview (page 53)forthedefaultpath).
File Description
Events_<computer_name>.log Eventlog.
File Description
Performance_<computer_name>.log Performancelog.
Sessions_<computer_name>.log Sessionlog.
Special Folders
ThespecialfoldersarestoredintheDatafolder(see Overview (page 53)forthepath).
Folder Description
Extensions Note!TheExtensionsfolderhastobecreatedmanually.
Bydefault,QVSlooksforextensionsinthisfolder.Extensionobjectsarelocated
in Extensions\Objectsanddocumentextensionsarelocatedin
Extensions\Document.U seQlikViewManagementConsole(QMC)to
manageallextensionsinoneplaceincaseofacluster.
Temp Bydefault,QVSputstemporaryfilesinthisfolder(forexample,whenexporting
usingtheAJAXclient,atemporaryfileiscreatedinthefolder).
Data %ProgramData%\QlikTech\DistributionService
Listens to HTTP:4720;SNMP:4721
Uses/Controls DSC,QVS,QVB
Used by QMS
Note!Afterrestartingthemachine,theWindowseventlogmaycontainamessagethattheQlikView
DistributionService(QDS)failedtostartinatimelymanner,eventhoughitstartedsuccessfully.Thisis
becausetheQDSinitializationphaseislongerthantheWindowstimeoutperiod(30secondsbydefault).
Toavoidtheeventlogmessage,eitherchangetheWindowstimeoutperiodorconfigureQDStodependon
anotherlatestartingservicetomakeQDSstartupduringalessbusyperiod.
Files
TheQlikViewDistributionService(QDS)filescanbedividedintothreegroupsbasedonmainpurpose.All
filesarestoredintheQDSDatafolder(see Overview (page 56)).Inaclusteredsetup,allQDSsmustshare
thesameprogramfolder.Thisissolvedbythefile config_<computer_name>.xml,whichcontainsthe
programdatapathtouse.
Tasks\Task_ Theactualtasks.Notethatdeletedtasksarenotautomaticallyremoved(due
<GUID>.xml tosupportissueanalysis).
Triggers\Triggers_ Theactualtriggers.Notethatdeletedtriggersarenotautomaticallyremoved
<GUID>.xml (duetosupportissueanalysis).
Cluster
File Description
LoadBalancer.xml UsedtoselectwhichQDS(inacluster)todothejob.
Logs
File Description
TaskResults\TaskResult_ LatestresultofthetaskidentifiedbytheGUID.
<GUID>.xml
TaskLogIndex\TaskLogIndex_ Thisisjustforlookup(onefilepertask),pointingtotheactual
<GUID>.xml log.
EdxResults\EdxResult_ Untilthetaskiscompleted,thisfilecontainsthecurrentstatus
<GUID>.xml oftheEDXtask.Whentheexecutionisfinished,itcontainsthe
result(success/fail)andthetaskstartedasaresult(ifany).
<node-nr>\Log\<Date>.txt GeneralQDSeventanderrorlog.
<node-nr>\Log\Cluster_ Synchronizationlog.
<Date>.txt
<node-nr>\Log\LoadBalancer_ Loadbalancinglog.
<Date>.txt
<node-nr>\Log\Root_ QDSeventlog.
<Date>.txt
<node-nr>\Log\WebService_ QDSeventlog.
<Date>.txt
<node-nr>\Log\Workorder_ QDSeventlog.
<Date>.txt
<node-nr>\Log\<date>\<time> QDStaskeventlog.
- <task name>\Tasklog.txt
<node-nr>\Log\<date>\<time> Thedistributionrelatedtothetask(onlyexistsfordistribution
- <task tasks).
name>\DistributionReport.xml
QlikView Batch
Overview
Data -
Listens to COM
Uses/Controls -
Used by QDS
Note!QlikViewBatch(QVB)doesnotsupportgraphicaloruserinputobjects.ThismeansthatQVB
cannotreloaddocumentsthat,forexample,containscriptsthatrequireuserinput.
Files
Settings and Configuration
File Description
Settings.ini Usedtostoresettings.
Logs
File Description
<document_name>.log Reloadlogthatisplacedtogetherwiththereloadeddocument.
Data %ProgramData%\QlikTech\ManagementService\QVPR
Listens to -
Uses/Controls -
Used by QMS
Files
Bydefault,QlikViewPublisherRepository(QVPR)isasetofXMLfiles.Thesefilesarebackedupas .zip
filesin %ProgramData%\QlikTech\ManagementService\QVPR\Backups.
Security Groups
WheninstallingQlikViewServer/Publisher,acoupleofsecuritygroupsarecreated.
TheQlikViewServer/Publisherservicesmustrununderanaccountthatismemberofthesecuritygroup
QlikViewAdministrators.UsersconnectingtoQMCmustbepartofthisgroup.Anyoneconnectingtoa
remoteservicemustalsobememberofQlikViewAdministrators.
TheusersconnectingthroughtheAPImustbemembersoftheQlikViewManagementAPIsecuritygroup.
Thegroupisnotcreatedduringtheinstallationandhastobeadded(andpopulated,forexample,withthe
membersoftheQlikViewAdministratorsgroup)manually.Amembershipinthisgroupisrequiredtoimport
tasksfromanotherQlikViewServer/Publisher.
TheQlikViewEDXsecuritygroupisnotcreatedduringtheinstallationandhastobeadded(and
populated)manuallyinorderforuserstorunEDXtasks.
Document Administrators
TodelegatetheresponsibilityofcreatingtaskstopeoplenotpartoftheQlikViewAdministratorsgroup,
userscanbeappointeddocumentadministrators.Thedocumentadministratorsareonlyallowedtoaccessthe
tabsinQMCthatarerelatedtoeitheruserdocumentsorsourcedocuments.
Note!TheuseofdocumentadministratorsrequiresaQlikViewPublisherlicense.
Formoreinformationonhowtoappointdocumentadministrators,seetheQMConlinehelp.
UseHTTPS True=Communicationrunsoverhttps.Acertificateforthewebsiteis
neededtoenablethissetting.
Trace Usedfordebuglogging.
QMSBackendWebServicePort Portthatthebackendmanagementservicelistensto.Thedefaultvalueis
4799.
QMSFrontendWebServicePort Portthatthefrontendmanagementservicelistensto.Thedefaultvalueis
4780.
MaxLogRecords Maximumnumberoflogrecordsthatshouldberetrievedforatask.
EnableAuditLogging True=Tracka)changesontasksandsettingsmadeinthesystem,b)who
madethechanges,andc)whenthechangesweremade.
AuditLogFolder Pathtothefolderwheretheauditlogsaresaved.
AuditLogKeepMaxDays Maximumnumberofdayseachlogissaved.
WebservicePort PortthattheQlikViewDistributionServiceusestocommunicate
with.Thedefaultvalueis4720.
UseHTTPS True=Communicationrunsoverhttps.
DSCAddress PortthattheDirectoryServiceConnectorserviceusesto
communicatewith.Thedefaultvalueis4730.Ifthevalueis
modified,thetagDSCAddressinthe
QVDirectoryServiceConnector.exe.configfilehastobe
modifiedtoo.
DSCTimeoutSeconds TimeoutforcallstotheDirectoryServiceConnector.
DSCCacheSeconds HowlongtheservicecachestheresponsesfromtheDirectory
ServiceConnector.
QlikViewEngineQuarantineTimeInms HowoftenaQlikViewengineisallowedtostart(inmilliseconds).
OpenDocumentAttempts Howmanytriesthatcanbemadetoopenadocumentbeforeitis
loggedasanerrorduringdistribution.
DebugLog True=EnableloggingofmemoryusageandstacktraceonError
logging.
Trace True=Enabledebuglogging.
EnableBatchMode EnablethissettingtomakebatchcallstotheQlikViewDistribution
Service(see QlikView Distribution Service (page 56)formore
information).
WebservicePort PortthattheDirectoryServiceConnectorserviceusestocommunicatewith.The
defaultvalueis4730.Ifthevalueismodified,thetagDSCAddressinthe
QVDistributionService.exe.configfilehastobemodifiedtoo.
UseHTTPS True=CommunicationrunsoverSSLinsteadofhttp.Acertificatefortheweb
siteisneededtoenablethissetting.
PluginPath PathwheretheDirectoryServiceConnectorlooksforavailableDSPplugins.The
defaultvalueis %ProgramFiles%\QlikView\Directory Service
Connector\DSPlugins.
Trace True=Enabledebuglogging.
DisableCompress Enablethissettingtodisablecompressionofthehttpcommunication.
Overview
QlikView Web Server
Data %ProgramData%\QlikTech\WebServer
Listens to HTTP:80;HTTP:4750;SNMP:4751
Uses/Controls DSC
Used by Webbrowserclientsandmobileclients
Data %ProgramData%\QlikTech\WebServer
Listens to HTTP:4750
Used by QMS
Files
Settings and Configuration
File Description
Config.xml Configurationfilefortheservice.
Logs
File Description
Log\<date>.txt Eventanderrorlog.
Load Balancing
QVWShostswebpages,preparesthefilelistforAccessPoint,andmanagestheloadbalancingofQlikView
Servers(QVSs).
AccessPointisawebportalfordocumentshostedonQVWS.ThepagesforAccessPointarebydefault
locatedinthefolder %ProgramFiles%\QlikView\Web.QVWSalsoactsaswebserverforanyAJAX
pagesaccessedbytheendusers.
TheloadbalancingperformedbyQVWSisdifferentfromloadbalancingawebserver,sincetheadditional
workandresourceconsumptionisalmostsimilarforeachuser,soitdoesnotmatteronwhichservertheuser
endsup.
Theloadbalancingschemesarelistedbelow.
Scheme Description
Random Thedefaultloadbalancingscheme.Theuserissenttoarandomserver,nomatterifthe
documenttheuserislookingforisloadedornot.
Loaded IfonlyoneQVShastheparticulardocumentloaded,theuserissenttothatQVS.Ifmore
Document thanoneQVSornoneoftheQVSshasthedocumentloaded,theuserissenttotheQVS
withthelargestamountoffreeRAM.
CPUwith TheuserissenttotheleastbusyQVS.
RAM
Overload
ThesettingsforloadbalancingareconfiguredinQMC.
QlikView AccessPoint
QlikViewAccessPointisawebportalthatliststhedocumentseachuserhasaccessto.AccessPointonly
linkstoeachdocumentitdoesnothostthedocuments.ThehostingisdonebyQlikViewServer.
Thedocumentscanbedisplayedasthumbnailsorinadetailedlist.
ThesettingsavailableinAccessPointarelistedbelow.
Setting Description
Category Categorygroupingforthedocument.CategoriesaremanagedinQMCunder
Documents>User Documents>Document Information.
Setting Description
Attribute Attributegroupingforthedocument.AttributesaremanagedinQMCunder
Documents>User Documents>Document Information.
NextUpdate Whenthedocumentwillbeupdatednexttime.
Note!Thisisonlydisplayedifthedocumentispartofataskthathasa
schema.
FileSize Sizeofthedocument.
AvailableClients Clickaclienttoopenthedocumentwiththatclient.
Removelastdocumentstate Clickthisbuttontoremovethelastdocumentstate.
ClickastariconnexttoadocumentnameintheThumbnailsorDetailedviewtosetthepreferencesforthe
document.
Setting Description
Openwith Selectaclienttomakeitthedefaultclienttoopenthedocumentwith.
Overview
Executable %ProgramFiles%\QlikView\Directory Service
Connector\QVDirectoryServiceConnector.exe
Data %ProgramData%\QlikTech\DirectoryServiceConnector
Listens to HTTP:4730;SNMP:4731
Uses/Controls -
Used by QDS,QMS,QVWS
Files
Settings and Configuration
ThesesettingsoriginatefromQVPR.
File Description
Config.xml Configurationfilefortheservice.
Resources/<id>.xml DSPconfigurations.
Logs
File Description
Log\<date>.txt Eventanderrorlog.
Data %ProgramData%\QlikTech\ManagementService
Listens to HTTP:4780(Web);HTTP:4799(API);SNMP:4781
Uses/Controls DSC,QDS,QVS,QVWS
Used by Webbrowser/APIclient
Files
Settings and Configuration
QlikViewManagementService(QMS)keepsaglobalviewofthesettingsinQVPR.
File Description
Config.xml Configurationfilefortheservice.
Logs
File Description
Log\<date>.txt Eventanderrorlog.
Part4Security
10 Security Overview
ThesecurityofQlikViewServer/Publisherconsistsofthefollowingparts:
l Protectionoftheplatform:Howtheplatformitselfisprotectedandhowitneedstocommunicateand
operate.
l Authentication:Whoistheuserandhowcantheuserproveit?QlikViewusesstandard
authenticationprotocols,suchasIntegratedWindowsAuthentication(IWA),HTTPheaders,and
ticketing,toauthenticateeveryuserrequestingaccesstodata.
l Documentlevelauthorization:Istheuserallowedtoaccessthedocumentornot?QlikViewuses
server-sidecapabilitiessuchasDocumentMetadataService(DMS)orWindowsNTFStodetermine
accessprivilegesatfilelevel.
l Datalevelauthorization:Istheuserallowedtoseeallofthedataorjustpartsofit?QlikView
implementsrowandfieldleveldatasecurity,usingacombinationofdocument-levelcapabilities
(SectionAccess)andserver-sidedatareductioncapabilities(QlikViewPublisher).
QlikView Administrators
TheQlikViewAdministratorsgroupisusedforgrantingaccesstotheQlikViewManagementConsole
(QMC)aswellasauthorizationofcommunicationbetweenservices,ifWindowsAuthenticationisused.
11.3 Communication
Protection of AJAX Client
TheAJAXclientusesHTTPorHTTPSastheprotocolforcommunicationbetweentheclientbrowserand
theQlikViewWebServer(QVWS)orMicrosoftIIS.Itisstronglyrecommendedtoprotectthe
communicationbetweenthebrowserandthewebserverusingSSL/TSLencryptionovertheHTTPprotocol
(thatis,HTTPS).Ifthecommunicationisnotencrypted,itissentascleartext.
ThecommunicationbetweenthewebserverandQVSusesQVPasdescribedbelow.
Protection of Plugin
TheQlikViewplugincancommunicatewithQVSintwoways.Ifthepluginhastheabilitytocommunicate
withQVSusingQVP(port4747),thesecuritydescribedin Server Communication (page 72)isapplied.
IfthecommunicationcannotuseQVPoriftheclientchoosesitintheplugin,thecommunicationis
tunneledusingHTTPtothewebserver.
IfHTTPSisenabledonthewebserver,thetunnelisencryptedusingSSL/TLS.
Server Communication
TheQVScommunicationusestheQVPprotocol,whichisencryptedbydefault.TheQVPprotocolcanbe
protectedusing1024-bitRSAforkeyexchangeand128-bitRC4fordataencryption,providedtheMicrosoft
EnhancedCryptographicProviderisinstalled.IftheMicrosoftBaseCryptographicProviderisused,the
protectionofthecommunicationis512-bitRSAforkeyexchangeand40-bitRC4fordataencryption.
Services Communication
TheservicesthatarepartoftheQlikViewplatform(thatis,QVS,DSC,QMC,QDS,andQVWS)all
communicateusingwebservices.ThewebservicesauthenticateusingIntegratedWindowsAuthentication
(IWA).
12 Authentication
AlthoughQlikViewcanbeconfiguredtoallowanonymousaccess,themajorityofimplementationsrequire
userstobeauthenticated.Insuchenvironments,QlikViewalwaysrequiresthattheuserisauthenticated
whenestablishingasessionviaQlikViewServer(eitherthroughabrowserorwhendownloadingand
openingadocumentviatheQlikViewDesktopclient).
IntheQlikViewcontext,theauthenticationofauserisalmostalwaysdoneagainstanexternalentitythatis
thenusedtopasstheexternallyauthenticateduseridentitytoQlikViewServer.Insuchascenario,
QlikViewreliesontheauthenticationtobeperformedpriortoaccessingQlikView,andthatsometokenof
identityistransmittedto,andtrustedby,QlikView.
ThefigurebelowshowstheauthenticationflowforthecombinationofNTLMandalternatelogin,which
differsfromthestandardflowforIWA:
Inbothcases,iftheuserhasproperlyauthenticatedtotheSSOsoftware,theusernameisinjectedintoan
HTTPheaderandthevalueinthatheaderiswhattheQlikViewserveracceptsastheauthenticatedidentity
oftheuser.
Note!UnlessSSOsoftwareisinplace,theHTTPheadermethodofauthenticatingtoaQlikViewServer
mustnotbeused.HTTPheaderscaneasilybespoofed.AlloftheSSOsoftwarepackagesmentionedabove
provideprotectionagainstthistypeofspoofingattacks,ifthesoftwarepackageistheonlypathforusersto
accessthecontent.
QlikViewdoesnotrecommendorendorseanyspecifictoolorproductforprovidingidentityinHTTP
headers.Theapproachishighlysuitedtoextranetdeploymentswhereintheusersmaynotexistinthe
internalActiveDirectory.TheactofauthenticationisperformedbythereverseproxyorISAPIfilterthat
interceptstheattemptoftheendusertointeractwithQlikViewcontent.
13 Authorization
Onceauserhasbeenauthenticated(thatis,thesystemknowswhotheuseris),thefirststepinassigningthe
securityprivilegeshasbeencompleted.Thesecondstepistounderstandtheauthorityoraccessrightsthat
theuserhastoapplications,data,orboth.ThisstepisreferredtoasAuthorization.Atafundamentallevel,
anadministratorpopulatesanAccessControlList(ACL)withalistofusersand/orgroupsandwhattheyare
tohaveaccessto.Whenthetimecomesforausertorequestaccess,thesystemlooksuptheauthenticated
identityoftheuserintheACLandverifiesiftheadministratorhasgrantedtheuserenoughprivilegestodo
so.
DirectaccesstoaQlikViewdocumentusingQlikViewDesktopisalwaysgovernedbytheWindowsNTFS
filesecurity.Accesstotheweb-basedQlikViewManagementConsole(QMC)isrestrictedtoWindowsusers
thataremembersofaparticularlocalWindowsgroup.
Therearetwotypesofdatalevelauthorizations:
l Dynamicdatareduction:Determinesiftheuserisallowedtoviewthedatawhentheusertriesto
accessit.
l Staticdatareduction:PerformedbyQlikViewPublisher,determinesiftheuserisallowedtoviewthe
datawhenitispreparedfortheuser.
Staticanddynamicreductionofdatacanbeusedonitsown,butcanalsobecombinedtodeliverdatalevel
authorization.
Part5Licensing
Session ASessionCALallowsanyuser,identifiedoranonymous/unidentified,ononeQlikView
CAL clienttoaccessasmanyQlikViewdocumentsasmayresideontheserverorserverclusterto
whichtheSessionCALisassignedforaminimumperiodof15minutes.ForSessionCALs,
theQlikViewclientreferstoeachuniqueinstanceoftheQlikViewclient(forexample,the
AJAXclient,QlikViewDesktop,ortheInternetExplorerplugin)ontheusersmachine.The
minimumsessiontimeforaSessionCALis15minutes,whichmeansthatsessionsthatend
inlessthan15minuteswillstillconsumethesessionuntilthe15minutemarkispassed;
thosewhichterminateafter15minuteswillconsumetheiractualsessionlength.Bydefault,
thereisnomaximumsessionlength,butthiscanbeconfigured.
14.2 Identification
TouseaNamedUserCALoraDocumentCAL,theclientusermustbeidentifiedviaanauthenticateduser
name(WindowsActiveDirectoryorthroughaticketexchangebetweenthewebserverandQlikView
Server).AnIPaddressisnotavalidformofidentificationforaNamedUserCAL.Thetwomethodsof
identificationcannotbemixedonthesameinstanceofQlikViewServer.Notethattheusername
identificationrequiresWindowsauthenticationonAJAXclients,sincemachinenameidentificationcannot
beusedfortheseclients.
AnyCALusedbyanidentifiedusermaynotbetransferredtoanotheruser,unlessthetransferisduetoa
changeintheemploymentstatusorworkdutiesoftheprioruser,inwhichcasethereisa24-hourquarantine
beforetheCALbetransferredtoanotheruser.
4. IfanewDocumentCALcanbeassignedtotheconnectingclient,itisused.
5. IfthereisanavailableSessionCAL,itisused.
6. IfthereisanavailableUsageCAL,itisused.
7. Ifnoneoftheabove,accessisdenied.
15.1 Editions
ThevariouseditionsofQlikViewServerarelistedbelow.
Edition Description
QlikView QlikViewEEServerisdesignedtobeusedinlargeandcomplexdeploymentsand
Enterprise providesfeaturessuchasunlimiteddocuments,server-basedcollaboration,integrationwith
Edition third-partysecuritysystems,serverclustering,andclusterlicensing.Theminimum
(EE)Server configurationofaQlikViewEEServerisfiveNamedUserClientAccessLicenses(CALs).
QlikView QlikViewSBEServerisdesignedtobeusedinsmallerdeployments.Theminimum
Small configurationofaQlikViewSBEServerisfiveNamedUserCALs.
Business
Edition
(SBE)
Server
QlikView QlikViewIASisaQlikViewServerthatislicensedforanuncappednumberofusersanda
Information singleQlikViewdocument.TheIASmaybelicensedwithmultipleQlikViewdocuments
Access foranadditionalfee.QlikViewIASrunsinanonymousmode,mustbepublically
Server accessiblewithoutauthentication(onthepublicInternet),andmustnotbeplacedbehinda
(IAS) firewall.TheAJAXclientoracustomizedAJAXclientcanbeusedviaQlikView
WorkBench,whichisincludedinIAS.
Note!ThereisnolicenseleasefromQlikViewIAS.
QlikView QESallowsenduserstodeployQlikViewsolutionstotheirextranet.QESisbasedon
Extranet QlikViewEEServer,butonlysupportsuptothreeQlikViewdocuments.Theservercanbe
Server deployedwithacombinationofSessionandUsageCALs.QESsupportsmobileclients
(QES) andcanbedeployedinclusteredenvironments.TheAJAXclientoracustomizedAJAX
clientcanbeusedviaQlikViewWorkBench,whichisincludedinQES.Theminimum
configurationofaQlikViewQESServerisfiveExtranetSessionCALs.
InadditiontotheeditionsofQlikViewServerdescribedabove,thereisalsoanumberofadditional,server-
relatedproducts,allofwhicharelistedbelow.
Product Description
QlikView QlikViewTestServerisalicensethatprovidesanenvironmentseparatefromproduction
TestServer tousefordatavalidation,applicationtesting,andpreparation/migrationofQlikView
documentstonewversionsand/orreleasesofQlikView.
QlikViewTestServercomesintwoeditions,QlikViewEETestServerandQlikViewSBE
TestServer,bothofwhichhavethesamefeaturesandlimitationsasthecorresponding
productionservers.Inaddition,thewatermarkTestissuperimposedonallchartsand
addedtoallobjectcaptions.
Note!ThereisnolicenseleasefromQlikViewTestServer.
Product Description
QlikView QlikViewPublisherisalicensethataddssignificantfunctionalitytothestandardreload
Publisher capabilityofQlikViewServer.QlikViewPublisherincludesfunctionalitytohandlefield
levelsecurityandaccesscontrolfromcentraladministrationsoftwarelikeWindowActive
DirectoryorNovellLDAP.QlikViewPublisherisalsoneededtosupportcomplex
distributionmodelsforQlikViewdocuments.Inaddition,eachlicenseofQlikView
Publisherallowsanadditionalnode/serverforreload,distribution,orsecuritymanagement
inamulti-node/serverdeployment.
WiththeadditionalcomponentQlikViewPublisherReportDistribution,anyQlikView
documentreportcanbedistributedasa .pdffiletoafolderorviaemailorSMTP.
QlikView QlikViewWorkBench(anadd-ontoQlikViewEEServer)isadevelopmenttoolfor
WorkBench creatingwebmash-upswithQlikView.Itfeaturesdraganddropeditingcapabilities
withintheMicrosoftVisualStudiodevelopmentenvironmentandallowsforcustom
webinterfacesandintegrationwiththird-partyservices.
Note!QlikViewWorkBenchisnotavailableforusewithQlikViewSBEServer.
QlikView QlikViewWebParts(anadd-ontoQlikViewEEServer)forMicrosoftSharePointallows
WebParts forrapiddeploymentofQlikViewobjectswithinMicrosoftSharePointportal
for environments.
Microsoft
Note!QlikViewWebPartsarenotavailableforusewithQlikViewSBEServer.
SharePoint
QlikView QlikViewLocalClientisaclientwithallfunctionalityusedtodevelopQlikView
LocalClient documents.QlikViewLocalClientisdeployed,iftheenduserdeployslocalclientsonly.
QlikView AnybodyregisteredonQlikView.comisallowedtodownloadQlikViewanddevelop
Personal QlikViewdocumentsforpersonaluse.TherearenorestrictionstoQlikViewPersonal
Edition EditionexceptthatitcannotopenQlikViewdocumentscreatedbyotherusersorperform
animportofanentirelayoutfromanXMLfile.
Licensing
Clients
Scalability
Integration
Features
Security
Part6Appendix
16 Silent Installation
Whenrunningasilentinstallation,QlikViewisinstalledwithalimitedsetofornodialogsatall.This
meansallfeatures,properties,anduserselectionshavetobeknownwhencreatingthesilentinstallation
package.TherearealsosomestandardpropertiesinWindowsInstallerServicethatmayberequired.
Toprepareasilentinstallation,theMSIfilehastobeextractedfromtheQlikView Setup.exefile.
Asilentinstallationcanberunwithdifferentinterfacelevels:
/qn Completelysilent.
/qb Basicuserinterface.
Adda +signatendoftheinterfacelevelscommandtogetamodaldialogattheendoftheinstallation
sayingFinishedandifitwassuccessfulornot.
ThefollowingsilentinstallationcommandlinesarerecommendedforQlikView:
msiexec /i QlikViewServerx64.msi Addlocal="all" IS_NET_API_LOGON_
USERNAME="Domain\username" IS_NET_API_LOGON_PASSWORD="password /qn+
Alternatively:
QlikViewServer_x64Setup.exe /s /v"/qn+ Addlocal="all" IS_NET_API_LOGON_
USERNAME="Domain\username" IS_NET_API_LOGON_PASSWORD="password"
Thecommandlineaboveinstallsallfeaturescompletelysilentlywithamodaldialogattheendofthe
installation.
Ifjustalimitedsetofthefeaturesaretobeinstalled,change alltothenameofthefeatureinstead.If
severalfeaturesaretobeinstalled,separatethemwithcommas.
Thefollowingfeaturescanbeinstalled:
l DirectoryServiceConnector
l ManagementService
l QVS
l QvsDocs
l WebServer
l DistributionService
l SupportTools
l QvsClientswiththesub-featuresPluginandAjaxZfc
l MsIISwiththesub-featuresQvTunnelandQlikViewSettingsService
Note!Forthesub-featurestobeincludedintheinstallation,theyhavetobeincludedinthelistoffeatures
tobeinstalled.
msiexec /i QlikViewServerx86.msi ADDLOCAL="all" DEFAULTWEBSITE="2" /qn+
Thiscommandlineinstallsallfeatures,includingthevirtualdirectoriestoanotherwebsitethanthedefault
one.ThisrequiresamachinewithMicrosoftInternetInformationServices(IIS)installedandmorethanone
websiteonit.Thesitenumberalsohastobeknown.Set DEFAULTWEBSITEtothesitenumberwherethe
virtualdirectoriesaretobeinstalled.Tofindthenumberofthewebsite,checkIIS.
Theinstallationprocedurecanbelogged,usingthefollowingcommand:
msiexec /i QlikViewServerx86.msi ADDLOCAL="all" DEFAULTWEBSITE="2"/L*v
log.txt /qn+
16.1 Settings
Thefollowingsettingsaregoodtoknowwhendesigningasilentinstallationpackage:
Prerequisites .NETFramework4.0
INSTALLEVEL 100,allfeaturesissetto101bydefault
IIS FourvirtualdirectoriesandanApplicationpoolareinstalled
Services Fiveservicesareinstalled
16.2 Dialogs
TheQlikViewinstallationhasanumberofdialogs,oneofwhichisaCustomSetupdialogandoneof
whichisaWebsitedialog.Alldialogssetimportantproperties.Tofindthevalueofaproperty,doatest
installationwithverboselogging.Notethatthepropertyvaluesmaydifferdependingonthelanguageand
operatingsystemused.
Region
Thisdialogisusedforspecifyingtheregion.
Property: REGION_LIST
Region dialog
License Agreement
Thisdialogdisplaysthelicenseagreementfortheselectedregion.
Radiobutton: AgreeToLicense = "Yes"
License dialog
Customer Information
Thisdialogisusedforenteringthecustomerinformation.
Properties:
l USERNAME
l COMPANYNAME
Destination Folder
Thisdialogisusedtosetthedefaultfolderfortheinstallation.
Property: INSTALLDIR
Profiles
Thisdialoghasseveralpropertiesconnectedtoit,sincetherearemultipleprofilestochoosefrom.
Select Full Installation, Single machine with QlikView Webservertoinstalleverything,including
QlikViewWebServer,neededtorunQlikViewonasinglemachine.TouseIISinstead,select Full
Installation, Single machine with IIS(thisoptionisonlyavailableifIISisinstalledonthetargetmachine).
Toperformacustominstallation,select Custom installation, select profilesandthenselecttheprofilesto
install.The WebserverprofileallowstheusertochoosebetweenQlikViewWebServerandIIS(ifIISis
installedonthetargetmachine).
Properties:
l PROPQVS:QlikViewServer
l PROPDS:Publisher
l PROPQMC:ManagementConsole
l PROPWEB, PROPIIS=1or2:Webserver
l PROPIIS(ifIISisinstalled)or PROPSTATE:SingleMachineInstall
Profiles dialog
Logon Information
Thisdialog,whichisoptionaltouse,isusedtospecifytheuserthatistoruntheservicesthatareinstalled.
Whenclicking Next,aCustomActionchecksthattheentereduserisvalid.TheCustomAction,whichis
implementedbyInstallShield,requiresthemachinetobepartofaDomaintoworkproperly.
Properties:
l LOCALSERVICE
l IS_NET_API_LOGON_USERNAME
l IS_NET_API_LOGON_PASSWORD
Service Authentication
Thisdialogisusedtoselectthetypeofserviceauthentication.QlikViewAdministratorsGroupisselected
bydefault.
Property: PROPCERT(1=Digitalcertificates,2=QlikViewAdministratorsGroup)
Ready to Install
Thisisthelastdialog.Click Installtostarttheinstallation.
Website
ThisdialogisdisplayedwhenselectingIISaswebserverintheProfilesdialog,see Profiles (page 96).
Property: DEFAULTWEBSITE
Website dialog
16.4 MST
WhencreatinganMSTfile,theMSIfileiscustomizedwithoutanychangesbeingmadedirectlyintheMSI.
TheMSTfileworksasafilterontopoftheMSIandallowschangestobemadetotheinstallation.For
example,thedefaultinstallationfolderforQlikViewServeris %ProgramFiles%\QlikView,butifthat
ischangedto C:\QlikViewintheMSTfile,thedefaultfolderischanged.Thesamethingcanbedone
withthedialogs,whichmeanspropertiescanbepreset,sothattheinstallationcanberunwithalimitedset
ofdialogs.
TocreateanMSTfile,anMSIrepackagingstudio(forexample,InstallShieldAdminStudio)isneeded.
Note!QlikTechdoesnotsupplyanyMSTfilesanddoesnottakeanyresponsibilityforMSTfilescreated
bycustomersorpartners.
Thefollowingfigureshowsaresilient,clustered,loadbalancedQlikViewServerdeploymentthatuses
AccessPointandnetworkloadbalancing.
TheQlikViewServerloadbalancingcapabilitiesareincludedintheQlikViewwebportal,AccessPoint.
Thischapteralsodiscusseshowtomakethiscomponentresilientusingnetworkloadbalancing(ifneeded).
serverAandthesecond1,000userstoserverB.Alternatively,theserverscouldbeclusteredsothat,tothe
endusers,thereisjustoneworld(inrealityitwouldbeasingleIPaddressorURL).
Resilience
Whenthenumberofusersincrease,sodoestheusersrelianceonQlikView.ByclusteringtheQlikView
Servers,resiliencecanbebuiltintothedeployment.Inthecaseabove,whereasingleservercansupport
1,000users,threeserverscouldbeusedtobuildresilienceintothedeployment.Thiswouldallowoneserver
tobelost(dueto,forexample,hardwarefailure)withthesystemstillcapableofsupporting2,000users.
Havingallthreeserversasactivenodeshelpsreducingtheresponsetimesbynotrunningallserversat100%
oftheircapacityandalsolimitsthenumberofusersaffectedifanodeislost.
However,QlikViewcurrentlydoesnotprovideanysessionrecoveryoptions.Inpractice,thismeansthatifa
nodeintheQlikViewclusterislost,theuserslosetheanalysistheyarecurrentlyperformingandthatthey
havetoreconnecttotheclustertoresumetheirwork.ThisdoesnotmeanthatthedatawithintheQlikView
applicationislostandneedstobereloaded,asthedataisstoredinthe .qvwfileontheNAS.
Sticky Sessions
Therequirementisfortheuserssessiontoberoutedconsistentlytothesameserver.Methodsfordoingthis
varyfromdevicetodevicerefertotheloadbalancerdocumentationforinformationontheoptions
available.
Availability Checking
AspecialwebpageontheAccessPointprovidesautomatedcheckingofthesystemstatus:
http://myAccessPoint/QvAjaxZfc/QvsStatus.aspx
Thispagereturnsanhttpstatuscodeof200,iftheAccessPointandatleastoneQlikViewServerinthe
clusterrespond.Anyotherstatuscodereturnedbythispageshouldbeconsideredanerror.Commonerrors
fromthispageinclude:
l 404:TheAccessPointisunabletorespond.Checkthewebserver.
l 503:NoQlikViewServersrespondedtotheAccessPointandthereforeitcannotserviceuserrequests.
ThestatusoftheQlikViewServerclusterisalsodisplayedonthewebpage:
2. ConfigurethedocumentfoldertopointtoafolderontheNASthatallQlikViewServersinthe
clustercanaccess.
3. InstallthenextQlikViewServerinthecluster.
4. EnsurethatallQlikViewservicesarerunningaslocaladministratorsandthattheyaremembersofthe
QlikViewAdministratorslocalgroup.
5. Open System>SetupintheQMCandselecttheserver.Thengotothe Generaltabandenterthe
controlnumberforyourlicenseandtheaddresstothesecondQlikViewServerinthecluster.
6. Ifneededforusabilityreasons,gotothe GeneraltabfortheQlikViewServerintheQMCand
renamethecluster(inthisexample,theclusterisrenamedMyCluster).
7. Repeatsteps3-5fortheQlikViewServernodesinthecluster.
9. Theclusterisnowconfiguredandreadytouse.
18.1 Introduction
QlikViewPublisherisanoptionalmoduleforQlikViewServerthatenablesscheduling,administration,and
managementtoolsthatprovideasinglepointofcontrolforQlikViewanalyticsapplicationsandreports.
Administratorscanschedule,distribute,andmanagesecurityandaccessforQlikViewapplicationsand
reportsacrosstheenterprise.
QlikViewPublisherperformsthefollowingmainfunctions:
l Itloadsdatadirectlyfromdatasourcesdefinedinconnectionstringsinthesource .qvwfiles.
l Itisusedasadistributionservicetoreducedataandapplicationsfromsource .qvwfilesbasedon
variousrules(forexample,userauthorizationordataaccess)anddistributethesenewly-created
documentstotheappropriateQlikViewServersorasstaticreportsviaemail.
l WhenusingQlikViewPublisher,onlyPublisherhasaccesstothesourcedocumentsfolderandthe
datasourcesfordataloadanddistribution.Thesourcedocumentsanddataarenotaccessibleby
QlikViewusers.
Bydeployingaclusteredarchitecture,QlikViewPublisherachievesscalabilityand/orresilienceusingweb
servicestechnology.A dministratorscanclusterservicestogethertoprovideloadbalancing.Nativesupport
forSNMPenablesintegrationwithenterprisesystemmonitoringtools.Externalenterpriseschedulingtools
cantriggerPublishertasksusingwebservicecalls.Taskscanalsobescheduledandexecutedondemandby
QlikViewadministrators.
Thefigurebelowshowsatwo-server,clusteredQlikViewPublisherwhereeachserverisconfiguredfor
processingdifferenttasksandloadbalancing.Thefigurealsoincludesathree-server,clusteredQlikView
ServerthatusesQlikViewAccessPointforloadbalancing.DocumentscreatedbyQlikViewDeveloperare
storedinthesourcedocumentsfolder.QlikViewPublishertasksareusedtoretrievedataandstoretheresult
intheuserdocumentsfolder.
Source Documents
Thesourcedocumentscontaina)scriptswithin .qvwfilestoextractdatafromvariousdatasources(for
example,datawarehouses,MicrosoftExcelfiles,SAP,andSalesforce.com),b)theactualbinarydataextracts
themselveswithin .qvdfiles,orc)abinaryloadfromanother .qvwfile,inheritingitsdatamodelinone
lineofcode.
TheQlikViewsourcedocuments,createdusingQlikViewDeveloper,resideinthefollowingfolder:
l WindowsServer2008andlater: \ProgramData\QlikTech\SourceDocuments.Thisisthe
defaultQlikViewlocationforWindowsServer2008andlater.
l WindowsServer2003: \Documents and Settings\All Users\Application
Data\QlikTech\SourceDocuments.ThisisthedefaultQlikViewlocationforWindowsServer
2003.However,foraQlikViewPublishercluster,thisfolderhastoberelocatedtoasharedfolder
designatedintheQMCPublisherconfiguration.
User Documents
TheuserdocumentsfolderistherepositoryusedbyQlikViewServer.Thefolderislocatedat:
l WindowsServer2008andlater: \ProgramData\QlikTech\Documents.Thisisthedefault
QlikViewlocationforWindowsServer2008andlater.
l WindowsServer2003: \Documents and Settings\All Users\Application
Data\QlikTech\Documents.ThisisthedefaultQlikViewlocationforWindowsServer2003.
Tasks
Tasksarecreatedbyadministratorsfordatadistributionanddatareloads.TasksarestoredintheQlikView
PublisherrepositoryasacollectionofXMLfilesorinanSQLServerdatabase.Whenataskisexecuted,
QlikViewPublisherinvokesQlikViewBatch(QVB),whichiscomparabletoQlikViewDesktopwithout
theuserinterface.
Note!QlikViewBatch(QVB)doesnotsupportgraphicaloruserinputobjects.ThismeansthatQVB
cannotreloaddocumentsthat,forexample,containscriptsthatrequireuserinput.
QVBreloadsthedocuments,whicharestoredinthesourcedocumentsfolder(s)andcreatesanassociative
QlikViewdatabase,whichisstoredwithineachdocument.TheQVBperformsthereloadbyretrievingthe
datadescribedbytheloadscriptfromthedatasources.QlikViewPublisherdistributesthedocumentstothe
userdocumentsfolderforQlikViewServerusingtheencryptedQVPprotocol,toamailserver,and/orafile
folder.QlikViewPublishercanusetheDirectoryServiceConnector(DSC)todeterminewhereandtowhom
thedocumentsaretobedistributed.
Horizontal Scalability
HorizontalscalingofhardwareprovidestheabilitytoincreasetheresourcesoftheQlikViewdeployment.
Byaddingadditionalhardwareservers,theworkloadofQlikViewPublishercanbeincreased.Theclustered
PublisherserverscanthenbeconfiguredtoloadbalancetheQlikViewtasks.
Forexample,onacertainhardwareserver,QlikViewPublishercanprocesseightconcurrenttasks.Whenthe
resourceneedsincrease,theQlikViewPublisherservicecangrowasneeded.Byaddinganadditional
QlikViewPublisherserviceonanewhardwareserver,thedeploymentcanhandleuptosixteenconcurrent
tasksbyconfiguringtheadditionalserverinaPublisherclusterdeployment.Inthisscenario,thefirsteight
tasksareallocatedtoServerAandthesecondeighttaskstoServerB.Alternatively,iftheserversare
clustered,thetaskscanbeloadbalancedoverthetwoservers.
Resilience
Whenthenumberoftasksinthedeploymentincreases,thewindowforcompletingthetasksintime
becomesincreasinglyimportant.ClusteringtheQlikViewdistributionservicesprovidesforresilienceinthe
deployment.Inthecaseabove,whereasingleservercansupport100concurrenttasks,anadditionalserver
canbedeployed(foratotalofthreeservers)inordertobuildresilienceintothedeployment.Ifaserveris
lost(forexample,duetoahardwarefailureornetworkconnectionissues),theresilientclusterstillsupports
upto200tasks.Havingallthreeserversasactivenodeshelpsreduceresponsetimesbynotrunningall
serversat100%oftheircapacity.Italsolimitsthenumberoftasksandtaskchainsaffectedifanodeislost.
l ClusteredQlikViewPublisherlicensekey
l Sharednetworkstorage
l Loadbalancingstrategies
Simultaneous Tasks
Bydefault,fourQlikViewtaskscanexecutesimultaneouslyonanode.Therecommendedmaximumiseight
simultaneoustaskspernode.Ifmorethantentaskshavetobeexecutedsimultaneouslyonanode,
modificationsarenecessaryintheWindowsregistrytochangethedesktopheapsizetoallowformore
simultaneoustasks.
Note!Alarge-scaleserverisrequiredforexecutingtenormoresimultaneoustasks.Alternatively,add
additionalserversforPublishertasks.
Proceedasfollowstochangethenumberoftasksallowedtoexecutesimultaneously:
1. BackuptheWindowsServerregistry.
2. LocatethefollowingWindowsServerregistrysetting:
HKEY_LOCAL_
MACHINE\System\CurrentControlSet\Control\Session\Manager\SubSystems\Windows
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,3072,512 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16
Thedefaultvaluefor SharedSectionis1024,3072,512for32-bit(x86)and1024,20480,768for64-bit
(x64),respectively.Foradditionalinformation,see
http://blogs.msdn.com/ntdebugging/archive/2007/07/05/desktop-heap-part-2.aspx.
3. Changethedesktopheapsizebysetting SharedSectionto1024,20480,2048:
HKEY_LOCAL_
MACHINE\System\CurrentControlSet\Control\Session\Manager\SubSystems\Windows
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,20480,2048 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16
4. Savetheregistrychangesandrestartthemachine.
5. Changethe Max number of simultaneous QlikView engines for distributionsettinginQMCtothe
numberofenginesneeded.
18.4 Security
QlikViewPublisherprovidesaccesstoQlikViewapplicationsanddata.Itisthereforeimportanttointegrate
QlikViewPublisherwiththeenterprisesecuritysolutionsinadditiontothestandardsecurityfeaturesof
QlikViewServer.
QlikViewPublisherisviewedasabackendprocesswithintheQlikViewsolution.Fromasecurity
perspective,itisimportanttounderstandthatthefrontenddoesnothaveanyopenportstothebackend.The
frontenddoesnotsendanyqueriestodatasourcesonthebackend,nordoanyoftheuserdocuments(.qvw
files)containanyconnectionstringstodatasourceslocatedonthebackend.Enduserscanonlyaccess
QlikViewdocumentsthatexistonthefrontend.Withinthebackend,theWindowsfilesystemisalwaysin
chargeofauthorization;QlikViewisnotresponsibleforaccessprivileges.
ThefigurebelowshowsasimplifiedviewofastandardQlikViewdeploymentcontainingthelocationofthe
QlikViewproductsandthedataandapplications.
Directory Services
ToprovidesecurityforQlikViewdocuments,QlikViewPublishercanconnecttoanexternaldirectory
service(forexample,ActiveDirectory,LDAP,adatabase,orothersign-onsolutions).Theexternaldirectory
serviceisanauthenticationsourcewithwhichQlikViewhasatrustrelationship.
QlikViewprovidesabuilt-inDirectoryServiceProvider(DSP)forActiveDirectorythatallowsQlikView
administratorstoassignActiveDirectoryuserprivilegestoQlikViewdocumentsorportionsthereof.
QlikViewPublisherleveragesthisbuilt-inprovidertoprovidedirectintegrationwith,andsupportfor,
ActiveDirectory.
QlikViewalsoprovidesameansofcreatingaConfigurableLDAPforotherdirectoryservices.A
ConfigurableLDAPenablesQlikViewadministratorstograntprivilegestousersauthenticatedbyany
authenticationsystemotherthanActiveDirectory.
PublisherpopulatesastandardNTFSACLwhensendingdocumentstoQlikViewServer.IncaseofDMS
authorization,PublisherpopulatesanACLcontainedwithina .metafileassociatedwiththeapplication.
Requirements
ThefollowingrequirementsmustbefulfilledbeforestartingtheQDSclusterconfiguration:
l AQlikViewPublisherlicensethatsupportsmorethanoneQDS.ThePublisherLEFmustcontainthe
entry NUMBER_OF_XS;N;;,where Nis2orhigher.
l QlikViewAccessPoint(basedonQlikViewWebServerorMicrosoftIIS),QlikViewManagement
Service(QMS),QlikViewServer(QVS),andDSCarealreadyinstalledintheQlikViewsysteminthe
network.
l AdomainusertoruntheQlikViewservicesoneverymachineisavailable.
l Asharedstoragedevice;QlikTechrecommendsashareddevicemountedasaWindows-basedfile
share.
AllQDSclusternodesneedreadandwriteaccesstothefollowing,centrallystoreddata:
l QlikViewPublisherstatus,configuration,andlogfiles
l QlikViewsourcedocuments
Step-by-step Instructions
Prepare the Shared Storage Device
CreatefoldersforthefilesaccessedbyeveryPublisherclusternode:
l \\<server1>\ProgramData\QlikTech\DistributionService(applicationfolder)
l \\<server1>\ProgramData\QlikTech\SourceDocuments(sourcedocumentsfolder)
DSC(requiredforPublisher) 4730/TCP
QMS(requiredforPublisher) 4780/TCP
Service Port
QlikViewWebServer/MicrosoftIISconfiguration 4750/TCP
QVSconfiguration 4749/TCP
QVPcommunication 4747/TCP
QMS(EDXcalls)(requiredforPublisher) 4799/TCP
3. DeactivatetheInternetExplorerEnhancedSecurityConfigurationforadministrators.Bydefault,
WindowsServer2003andlatershipwiththisconfigurationenabled,whichisbasicallyalocked
downversionthataddsabitofextrasecuritytotheserversforwebbrowsing.Whenthe
configurationisenabled,itmaycauseproblemsinviewingtheQMCandservicecontent.The
InternetExplorerEnhancedSecurityConfigurationcanbeleftturnedon,butifanyissuesarise,turn
offthefeaturefortheAdministratorsgroup.
4. AddthedomainuserthatisusedtoruntheQlikViewservicestotheLocalAdministratorsGroup.
5. StarttheQlikView64-bit(x64)serversetupandselect Custom installation, select profiles.Then
selectthe Reload/Distribution EnginefeatureandinstallitoneachnodewherePublisheristo
reside.
6. EntertheQlikViewserviceaccountcredentials.
7. Finishthesetupandrestartthesystemimmediately.
4. Click ApplyandrestarttheQDSmanually.
5. AddeachadditionalQDSclusternodeinURLformat.
6. Click ApplyandrestarttheQDSonallnodesmanually.
18.6 Troubleshooting
IfthelogmessageThenetworkBIOScommandlimithasbeenreachedoccursinthedebugclusterlog,the
limitforlong-termsessionsintheregistryhastobeincreased.Failuretodosomayresultintasksnotbeing
run.
Increasethefollowingparametersintheregistry:
HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\MaxCmds
and
HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\MaxMpxCt
Note!ThisissueonlyoccursonWindowsServer2000,WindowsXP,andWindowsServer2003.Formore
information,see http://blogs.msdn.com/b/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspxand
http://support.microsoft.com/kb/810886.
ForQlikView10and11,thesettingsareavailableinthe config.xmlfileontheserverwherethe
QlikViewPublisherserviceisinstalled:
l WindowsServer2003: C:\Documents and Settings\All Users\Application
Data\QlikTech\DistributionService
l WindowsServer2008andlater: C:\ProgramData\QlikTech\DistributionService on
Windows xxxx Server
19 OEM
19.1 General
TheOEMfeaturepreventsabuseofQlikViewServerssoldunderanOriginalEquipmentManufacturer
(OEM)licenseandprotectstherevenuestreamsofboththeOEMproductsandthefullQlikViewproduct.In
addition,thefeaturehelpsavoidchannelconflictsbetweenQlikViewOEMpartners,QlikViewreseller
partners,andQlikViewdirectaccountmanagers.
TheOEMfeatureincludesthefollowingrestrictions:
l AQlikViewServerdeliveredtoacustomerbyanOEMpartnercannotrunotherQlikView
applicationsthantheonesdeliveredbytheOEMpartner.
l AQlikViewapplicationdeliveredtoacustomerbyanOEMpartnercannotrunonanotherQlikView
ServerthantheonedeliveredbytheOEMpartner.
20 DSP Interface
ThereasonfordevelopingaproprietaryDirectoryServiceProvider(DSP)istohaveQlikViewdistribute
documentstousersinadirectoryservicenotsupportedbydefault,andtoprovidegroupresolutiontothe
webserver.
20.1 DirectoryServiceProvider
DirectoryServiceProvideristheinterfaceoftheclassthatplugsintotheframework.Themembersofthe
interfacearelistedbelow.
Member Description
LogMessage LogMessageEvent { Directlyafterconstruction,thisfieldisinstantiatedwitha
set; get; } delegatethatprovidescrudeloggingfacilities.
IList<string>GetKnownRootPaths Thereturnedlistshouldcontainoneormoreviablepathsfor
(); themethodslistedhere.
Member Description
void Dispose (); Calledwheneveraproviderobjectisreleased.
IDSObject Asimpleinterfaceforanytypeofnodewithinthedirectory
service.
21 SNMP
QlikViewprovidesSNMPagentsforallservices.ItispossibletouseaMIBbrowser(forexample,the
iReasoningMIBbrowser)topulldatafromtheagents.
TheSNMPsettingisoffbydefault,sincetheimplementationisinitsinitialstagesandsubjecttochange.At
thetimeofwriting,readingoperationsfromtheagentsareenabled.Thefollowingmessagesaresupported:
l GetRequest
l GetResponse
l GetNextRequest
AllservicesanswerthestandardSNMPqueries(seebelow).
Identifier Query Description
1.3.6.1.2.1.1.1 sysDescr Descriptionofservice/product.
Example:
sysDescr.0:Qlikview Publisher
Commandcenterservice version 8.50.600
SNMPPort SetstheporttousefortheparticularPublisherservice.Seethedefaultsettingsfor
eachservicebelow.
SNMPsysContact Contactinformationforthepersonresponsibleforthemanagednode.Thedefault
valueis Unspecified System contact.
SNMPsysName Anadministrativelyassignednameforthemanagednode.Byconvention,thisisthe
fullyqualifieddomainnameofthenode.Ifthenameisunknown,thevalueisazero-
lengthstring.Ifleftempty,itdefaultstothecurrentmachinename.Thedefaultvalue
is Unspecified name.
SNMPsysLocation Physicallocationofthenode(forexample,telephonecloset,thirdfloor).The
defaultvalueis Unspecified location.
Thedefaultportsettingsfortheservicesarelistedbelow.
Service Default Port Setting
ManagementService 4781
DirectoryServiceConnector 4731
DistributionService 4721(defaultSNMPport)
QlikViewServer 161
QlikViewWebServer 4751
Allportscanbeconfigured.Iftheservicesareinstalledondifferentmachines,theycanallrunonthesame
port.TheportschangeastheimplementationmovesawayfromtheexperimentalSNMPrangeandintothe
rangeallottedbyQlikTech.
1.3.6.1.4.1.30764.1.2.2.1.1.2 QDSTaskName(taskname)
Identifier Query
1.3.6.1.4.1.30764.1.2.2.1.1.3 QDSTaskExecuteStatus(taskstatus):
l Waiting
l Running
l Aborting
l Failed
l Warning
1.3.6.1.4.1.30764.1.2.2.1.1.4 QDSTaskNextExecutionAt(whenthetaskwillbeexecutednext)
1.3.6.1.4.1.30764.1.2.2.1.1.5 QDSTaskLastExecutedAt(whenthetaskwasexecutedlast)
1.3.6.1.4.1.30764.1.2.2.1.1.6 QDSTaskCurrentWork(whatthetaskiscurrentlydoing)
1.3.6.1.4.1.30764.1.2.2.1.1.7 QDSTaskEnabled(ifthetaskhasbeenenabled)
22.1 General
Acommonproblemtodayishowtodeployapplicationsinanetworkenvironmentwheretheusershave
limitedrights,andhowtodeployapplicationsforaspecificgroupofusers.Thissectionbrieflydescribes
howtodeployMicrosoftWindowsInstaller(.msi)packageswithgrouppoliciesinanActiveDirectory
environment.
Note!DeploymentofsoftwarewithgrouppoliciesisonlysupportedbyworkstationsrunningWindowsXP
Professional,WindowsVista,WindowsServer2003,andlater.
TheQlikView .msipackagesrequireversion2.0orhigheroftheWindowsInstallerservicetobeinstalled
onthedestinationworkstations.
Advertising
Toadvertisemeansthattheadministratorgivestheinstallationpackagepermissiontoexecuteonanaccount
withlockeddownpermissions.
Whenthepackageisadvertised,therearesocalledentrypointsloadedontothedestinationsystem.Entry
pointsaretypicallyshortcuts,fileassociations,listingintheAdd/RemoveProgramsdialog,andsoon.
Selecting Properties
Providing a name
5. Highlightthenewgrouppolicyobjectandclick Edit.
23 Certificate Trust
QlikView11Serverusescertificatesforauthenticationandauthorization.Acertificateprovidestrust
betweenservers(thatis,machines).
Thischapterdescribeshowtodeploycertificatesonmultipleservers.
23.1 Architecture
CertificatesareusedinaQlikViewinstallationtoauthenticateandauthorizecommunicationbetween
servicesthatresideonmultipleservers.Configuringcertificatesinamultipleserverdeploymentwithin
QlikViewremovesthedependencyonaQlikViewAdministrationGroupfortheestablishmentoftrust
betweentheQlikViewservices.Italsoallowstheuseofcertificatestobuildatrustdomainbetween
QlikViewservicesthatarelocatedindifferentdomainswithouthavingtoshareanActiveDirectory(AD)or
otheruserdirectories.
Note!TheconfigurationstepsdescribedinthischapteronlyprovideatrustdomainbetweentheQlikview
services.TheuseofSSLandcertificatesforsecuringend-usercommunicationhastobeconfigured
separately.
ThearchitectureisbasedontheQlikViewManagementService(QMS)actingasthecertificatemanageror
CertificateAuthority(CA).TheQMScancreateanddistributecertificatestoallservicesintheQlikView
installation.
QMSisthereforeanimportantpartofthesecuritysolutionandhastobemanagedfromasecurelocationto
keepthecertificatesolutionsecure.
TherootcertificatefortheinstallationisstoredontheQMSserver.AllserverswithQlikViewservicesthat
aretoparticipateintheinstallationreceivecertificatessignedusingtherootcertificatewhenaddedtothe
QMS.TheQMS(thatis,theCA)issuesdigitalcertificatesthatcontainkeysandtheidentityoftheowner.
TheprivatekeyisnotmadepubliclyavailableitiskeptsecretbytheQlikViewservices.Thecertificate
enablestheQMStovalidatetheauthenticityoftheservice.ThismeansthattheQMSisresponsiblefor
sayingyes,thisservicedeployedonthisserverisaserviceinmyinstallation.
Aftertheservershavereceivedcertificates,thecommunicationbetweentheQlikViewservicesisencrypted
usingHTTPS(SSLencryption).Thecertificatesonlysecurethecommunicationbetweentheservicesonthe
servers.Thecertificatesdonotsecurethecommunicationwiththeenduser(thatis,thecertificatesarenot
usedforQlikViewplugin,client,orwebservercommunicationwiththeQVS).
23.2 Requirements
General
Thefollowingrequirementsmustbefulfilledforthecertificatetrusttofunctionproperly:
l Certificatetrustcannotbepartiallyimplemented.ItiseitherusedbyallservicesintheQlikView
installationornotatall.
l CertificatetrustisonlysupportedbyWindowsServer2008andlater.
l IfrunningQlikView9/10Server,upgradetoQlikView11Server.
l IfitisaninitialinstallofQlikView11Server,installandconfiguretheQlikViewserviceswithout
anymodification.Priortoconfiguringtheuseofcertificates,startandstoptheservicesontheservers
(thatis,machines)wheretheQlikViewservicesaredeployed.
l SectionAccessmanagementmustnotbeconfiguredinenvironmentswherecertificatetrustis
configured.
Inaddition,thetechnicalrequirementsdescribedinthefollowingsectionsalsohavetobefulfilled.
Communication Ports
Thissectiondescribestheportsthatareneededwhenusingcertificatetrust.
Theportsthatarelistedinthefollowingtableareneededforthecertificateinstallationprocedureonthe
localserver.
Note!Theportsarenotusedforservicetoservicecommunication.
Service Ports
QlikViewDistributionService 14720
Service Ports
DirectoryServiceConnector 14730
QlikViewWebServer 14750
Theportsthatarelistedinthefollowingtableareneededforservicetoservicecommunication.
Note!Firewallconfigurationchangesmightbenecessary,dependingonthelocationoftheQlikView
serverswithintheresultingnetworkandtheroutingoftheQVScommunication.
Thefollowingtableliststheprotocolsthatareusedforcommunicationontheportsthatarespecifiedinthis
section.
Service Protocol
QlikViewServer QVPXoverSSL
Allotherservices SOAPoverSSL
Access
Toinstallthedistributedcertificatesfortherespectiveservices,physicalaccesstotheconsoleorremote
accesstotheconsole(forexample,usingremotedesktopfunctionality)isneeded.
23.3 Installation
OnlyinstalltheQlikViewservices(components)neededoneachserver.Donotperformafullinstallonall
serversusecustominstallandselectonlytheservicesthatwillbeactiveandexecutingoneachserverin
theQlikViewconfiguration.Tosimplifytheprocedure,itisrecommendedtohavethesameWindows
AdministratoronallserversintheQlikViewconfiguration.
Atthispoint,youcancheckifthecertificatesareproperlysetontheserverthatexecutestheQMSservice
byrunningtheMicrosoftManagementConsole(MMC)fromtheStartmenu.SeeUsingMicrosoft
ManagementConsolefordetails.
Configuring Certificates
Proceedasfollowstoconfigurethecertificatesfortheremainingservers:
1. StoptheDSC,QDS,QVWS,andIISservicesontheserverswheretheyarelocated.
2. RunNotepadasadministrator.
3. Openthe <service>.exe.configfileforeachserviceinNotepad.
Service Default Path
DSC C:\Program Files\QlikView\Directory
ServiceConnector\QVDirectoryServiceConnector.exe.config
4. Savethefile.
5. Right-clickthefileandselect Run as administrator.
6. StarttheQVSservice.
4. Accesstheserverwherethenewserviceresides,eitherphysicallyorbyusingaremotedesktop
connection.ThenopenawebbrowserandentertheURLandportprovidedbytheQMCpopup
window.
5. Ontheresultingwebpage,enterthepasswordprovidedtheQMCpopupwindow.
6. Ifsuccessful,youreceivethemessagebelow.
Atthispoint,youcanchecktoseeifthecertificatesareproperlysetupontheserversthatexecutethe
additionalQlikViewservicesbyrunningtheMMCfromtheStartmenu.SeeUsingMicrosoftManagement
Console.
ThefiguresaboveshowproperlyinstalledcertificatesinaQlikView11Serverconfiguration.Withinthe
MMC,allQlikViewservicesonservershavecertificatesdeployedasshowninthefigures.
Theuninstallerdoesnotremovethecertificates.Thismeansthecertificateshavetobedeletedmanually,if
needed.
Type CustomUser
Parameters CUSTOM\
Authentication tab
Selecting Authentication
3. Disable Windows Authenticationandenable Anonymous Authentication.
Parameter Purpose
guid IDoftheQlikViewDistributionService(QDS)wherethetaskisdefined.
taskNameOrId TasknameorIDofthetaskinstringformat.
password Password(ifrequiredbythetask).
variableName Variablename(ifrequiredbythetask).
variableValues Listofvaluesforthevariable.
Thereturnedresultcontainsinformationonwhetherthetaskwassuccessfullystartedornot.
Theexamplebelowshowshowtotriggerataskandwaituntilithasfinishedoruntilacertainamountof
timehaspassed.
TheexamplecomesfromtheQMSAPIdocumentation,whichisinstalledaspartoftheQlikView
ManagementConsole(QMC).Itcontainsdetailedinformationontheavailablemethodsandhowtoget
startedwiththeQMSAPI.