Documente Academic
Documente Profesional
Documente Cultură
20
EPM Performance Suite
Profitability Installation Guide
BusinessObjects XI R2 11.20
Windows
Patents Business Objects owns the following U.S. patents, which may cover products that are offered and sold by
Business Objects: 5,555,403, 6,247,008 B1, 6,578,027 B2, 6,490,593 and 6,289,352.
Trademarks Business Objects, the Business Objects logo, Crystal Reports, and Crystal Enterprise are trademarks or
registered trademarks of Business Objects SA or its affiliated companies in the United States and other
countries. All other names mentioned herein may be trademarks of their respective owners.
Third-party Business Objects products in this release may contain redistributions of software licensed from third-party
Contributors contributors. Some of these individual components may also be available under alternative licenses. A
partial listing of third-party contributors that have requested or permitted acknowledgments, as well as
required notices, can be found at: http://www.businessobjects.com/thirdparty
Contents
Chapter 1 Introduction ..........................................................................................................5
2.3.7 Utilities...............................................................................................10
Chapter 3 Preparation.........................................................................................................13
3.3 Pre-Requisites.............................................................................................15
3.7.2 IT Staff...............................................................................................21
4.2.3 Expansion..........................................................................................25
6.2 Configuring EPM servers and clients to communicate without DCOM ..........88
9.1 Preparation................................................................................................108
Chapter 10 Troubleshooting................................................................................................113
10.2.6Connection Problems.......................................................................116
Index.........................................................................................................................................123
1| Introduction
Introducing EPM
2| System Architecture
EPM Architecture
There are several additional Web Service options that are available where IIS is the base Web Server.
Secure Sockets Layer (SSL) technology (https:) may be used to view Books securely over the web
provided a valid certificate has been obtained from a certificate authority. This supports 128-bit
encryption of communication between the Web Service and Web Browser thereby reducing the risk of
sensitive information being obtained by attackers.
The Web Service used by EPM may be placed within a protective demilitarized zone (DMZ), thereby
preventing direct communication between web clients and the application server for increased security.
These options are discussed in more detail in the Web Service Configuration section.
2.3.7 Utilities
2.3.7.1 Report Manager Server
The Report Manager Server is a service that manages Report Manager tasks. When a reporting task is
initiated the service renders the EPM book(s) that forms the basis of the report and sends that data to
the designated printer as a print job or Adobe PDF document.
3| Preparation
Before you start
versions.
Oracle Client software onto each of the model servers that will connect to the database.
format (via the Export feature) it is necessary to have Microsoft’s XML Parser installed.
The XML Parser may already be installed on many of the potential server and clients in your
organization, as it comes bundled with later Microsoft operating systems and data access
components. You can use this link to check versions of the XML Parser and to determine
whether your server or client machine may already have this pre-requisite.
3.3.1.5 MS Installer
EPM uses the Microsoft Windows Installer (MSI) component to allow customizable installation
of the EPM product. Prior to the advent of the Windows 2003 platform the installer component
was not included as part of the operating system, and therefore it may be necessary to
upgrade earlier operating systems to include this component in order to successfully install and
deploy EPM.
See the Microsoft web site for more information about this product.
3.3.2.2 MS Installer
See Section 3.3.1.5 for information about the Microsoft Installer program.
3.4 Topology
EPM has been designed as a three-tier application and the best performance is achieved when
the optimum system architecture is utilized (see diagram in Section 2 System Architecture).
Disks are important as calculated model information is stored on the machine and is referenced
whenever a change is made in the model so disk access speed and space here can improve
performance. A large amount of memory is required to allow calculated results to be cached so
allowing the faster retrieval of calculated data when required. Fast processors will better handle
large numbers of requests from users which, when they cause the changes in either model
structure or values trigger the recalculation of the models.
Several Model Servers can be installed on the same EPM system, to support balanced
Large EPM models can also be partitioned across EPM Model Servers to dedicate processing
resources to portions of a model. For more information on portioning a model see the
document EPM Model Partitioning.
• Web Server
For optimal performance Web Servers are best hosted on powerful multiple processor
machines. Although not requiring as much memory as Model Servers, more memory will allow
frequently used results to be cached so speeding up their retrieval.
the core elements of the EPM Suite, and which has been specially designed to incur the
smallest resource footprint possible.
It is recommended that only the smallest models be developed using the Standalone version of
EPM, and that the number of models be kept to an absolute minimum, in recognition of the
limited resources, and the inevitable degree of CPU and RAM contention that will occur when
models are called upon to provide calculated results.
To install this self-contained version of EPM refer to the EPM Standalone Installation Guide on
your Standalone Setup CD.
‘ADMINEPO’, and has a default password of ‘PASSWORD’. This should be changed after
The EPO account that is created for the purposes of defining access from the model server to
the database is the ‘USREPO’ account, which also has a default password of ‘PASSWORD’.
Again, it is recommended that this be changed to something more secure as soon as possible
after installation.
The ‘USREPO’ user should be given the ‘EPOACCESS’ role within the database to ensure that
it is mapped to the correct schema, and has the correct permissions.
If the account does not have the necessary permissions this will often lead to an ‘80040E4D’
across a network DCOM will need to be configured to permit a user group (typically a security
group created to contain only EPM users) to access these services.
We recommend that this group have Windows Domain User permissions at least.
accounts and permissions for those databases, and to implement and manage maintenance
This is an on-going role, and their involvement should be continuous in terms of monitoring the
resources used by the EPM system and planning for maintenance and expansion as it is
required.
3.7.2 IT Staff
This role is defined as someone who can create network (domain) accounts, has permissions
to log onto servers as a Local Administrator, and who is familiar with software application
installation.
During the EPM installation process they will be required to provide account information, to
create folders for EPM to store files, and to perform the installation and configuration activities
at each stage.
system is installed and running in order to support their area of the business. The role of the
Project Sponsor in the installation process is to oversee the activities of the Database
Administrator and IT Staff to ensure that their work is coordinated at the correct times.
Once installation has been completed the Project Sponsor may wish to organize the testing of
the system connectivity and permissions to ensure that everything works and performs as
expected.
It is the responsibility of the Project Sponsor to appoint an EPM Administrator role.
organization’s requirements.
A special account exists within EPM by default, and is called “Administrator”. This account
does not take up a license, and has complete access to all functions within EPM. As such, the
use of this account should be restricted, preferably to a single user with whom the Project
Sponsor is in regular contact.
o A database server will require sufficient size to expand as more values are
entered into the EPM system. Take account of intended expansion plans, and
consider the amount of space that may be needed for SQL Server transaction
logs or Oracle SGA/PGAs.
• Can servers communicate with each other?
o Inter-domain servers may need to be part of a Trust Relationship
o Can the servers PING each other?
o Are the TCP/IP settings correct for each server?
• Is DCOM running on each model and web server?
• Are the necessary database services running?
o For SQL Server, ensure the MSSQLSERVER service is running
o For Oracle, ensure that the associated Listener service is running
• Have the EPM pre-requisites been installed on the servers and clients?
• If you are intending to install the web server component, have you already installed
Microsoft’s IIS on the web server?
• Have you read the Release Notes that have been supplied on the Installation CD to
check for updates or changes relevant to your organisation?
4| EPM Installation
Initial Steps
LEGAL DISCLAIMER
In accordance with your contract with Business Objects, you must not make any changes
to the software, including, without limitation, changes to any database schema or any
general changes to the database on which the software runs (a “customer modification”).
Any warranties contained including, without limitation, warranties with respect to the
performance of the products, will be voided and of no further force and effect if customer
makes any such customer modifications.
Services performed by Business Objects in investigating, identifying, or rectifying any
issues arising due to any Customer Modification are not included within the Business
Objects’s Maintenance Services. Accordingly, any services provided by and all costs and
expenses incurred by Business Objects arising as a result of a Customer Modification will
be invoiced to and paid by Customer. Such services will be invoiced at Business Objects’s
then standard rates.
If you need more information about this, please contact the nearest Business Objects
office for clarification.
Once installation is complete EPM Configure is then used to customize the EPM components.
Configuration can be carried out immediately after the installation process (following the
required system reboot) or at any point after installation is complete. EPM must be configured
before you can start to use the system.
installation programs for deploying the web ActiveX component, and the Book Viewer
The Web Client Installer program is designed for use by System Administrators. It provides a
means of installing the EPM ActiveX web toolbar object without the necessity for the installation
to be performed by the client from within the web browser.
There are several benefits to using the installer program instead of the web download method.
These are:
The installation can be automated using a method such as Microsoft's System
Management Server. This type of program can also distribute the executable to all the
EPM clients at a convenient time.
The client machine can be updated with the correctly-versioned control before requiring
access to the EPM web books, thus reducing inconvenience.
A centrally-controlled roll-out of the installation will ensure that there is consistency of
software versions amongst the client community.
To install the program on the client simply run the executable WebViewerSetup.exe that is
located in the 'Additional Installers' directory on your current EPM software CD. No reboot of
For more detailed information on silent installation see the accompanying document EPM
Silent Installation.
4.2.2 Upgrade
When upgrading you should follow this procedure:-
• Backup the EPO database
• Note any existing DCOM settings against the EPMSERVER and EPMMAIN
• Ensure that any users that are in the EPM system log themselves out (this can be
checked using the EPM Monitor application)
• Stop all running services using the EPM Service Manager application
• Un-install the EPM Suite using the ‘Add/Remove Programs’ feature and re-boot the
server
• Re-install the latest version (see Section 4.6), re-applying DCOM settings as required
After rebooting your PC you will need to reconfigure the new EPM Version in the same manner
as described in Section 5 EPM Configure onwards.
During the uninstall process the services EPMServer and EPMMain are removed along with
any associated DCOM settings. After the upgrade process DCOM will need reconfiguring for
If EPM was installed using sockets and if IP Filter rules had been created, these settings and
rules will be retained in the default install directory after un-installation, in the form of COR and
LOC files. Once the software is re-installed these stored settings will be available to the
application again.
4.2.3 Expansion
Expanding your EPM Suite will involve new licensing options and keys. All other settings
should remain in place. Any new servers may possibly need account information during the
configuration stage.
To add your new components it may be necessary to re-install the EPM Suite on the server
where the additional component is required, unless the component is going to have its own
server. When expanding your EPM Suite you should follow the procedure outlined above for
upgrading.
Once the above are correctly configured you can install the EPM Windows client applications
including Model Builder, Book Builder, Work Manager Client, Book Viewer, Report Manager
Client and Data Bridge.
If using Microsoft IIS Web Server to access Web Books, ensure this is installed before
installing the EPM Web Service, as the EPM web files need to be installed into the default IIS
directory (normally ‘wwwroot’).
It is important to ensure that the user logged into the machine has required permissions to
perform the installation. Local Administrator privileges are required on the machine EPM is
to be installed on as Read / Write access is required throughout. For DCOM configuration
across a domain you may require Domain Administrator rights.
Likewise sufficient permissions are required when installing the Database Server. For
information on how to login to the Oracle or Microsoft SQL Server database to install the
database tables, please refer to the EPM Database User Guides for Oracle or Microsoft
SQL Server as appropriate.
An SMTP e-mail system should be available before installing Work Manager client, as this will
be requested when configuring Work Manager to use a mail server after installation of the
components.
If at the time of install, you envisage some future use of Work Manager you should be aware of
the following: Books containing the Workflow object require Work Manager client to be installed
on any Model/Book Builder Client or Web Server that will be used to edit or view them. Work
Manager client cannot be added after EPM has been installed without uninstalling and re
installing the software.
Full installation and configuration of the EPM components is divided into two distinct stages.
Firstly, the selected EPM components are installed as defined by the product serial numbers
provided from Business Objects. This is then followed by the EPM Configure utility, which
configures and customizes your installation to your business environment.
Section 5.6.1 to familiarize yourself with the account information that will be used during this
process.
Details of how to install or upgrade the EPO database schema is in the documentation EPM
Enter the serial number required in the drop-down box area and press the Add button to enter
serial numbers manually or Load to load a collection of keys from an ELF file. You may be
issued with more than one serial number. See below for details of what types of serial numbers
are required for different types of installation.
The Clear button will remove all the current license information should you need to change this
(for example, if you are given an entirely new license key).
All installations of EPM need a permanent or evaluation product serial number to be added in
the Registration Information screen. This gives access to the next step of the installation
displaying the available components that can be installed. If the serial number added is correct
then a list of the components you have available is displayed in the list box.
Serial numbers allowing a maximum predefined number of users access to different EPM
applications (i.e. ModelBuilder, BookBuilder and End User) should be added on the EPM
Server machine. The appropriate licenses will be picked up from this location when the
respective users access EPM through the different applications. These numbers are stored in
the EPO database to prevent duplication but must be registered on the EPM Server.
After adding all Serial numbers required select Next to move on to the next screen. This screen
allows you to select which EPM components you wish to install on your PC.
After ensuring that all components to be installed on the machine have been selected click
Next to choose a destination directory for EPM.
Note: You may choose not to install all components available on a particular machine, thereby
using the same license key for several different types of installation.
If you choose to browse, a Windows standard directory box will appear, from which you can
select your chosen location:
After selecting the directory for installation, clicking the OK button will take you back to the
previous screen, where you can continue the installation process by clicking Next.
The Installing Screen shows details of the files being installed and the time remaining for
installation to be completed.
present the installation screens. This option also determines which language the program
Click Next to start the installation or Back to modify any options previously defined in the
installation process.
5| EPM Configure
About Configuration
IMPORTANT: EPM Configure updates relevant machine settings after each configuration
screen. Therefore selecting Cancel before EPM Configure is complete will not return the
system settings to their previous state as any new settings you may have made will be
retained.
NEW INSTALLATION:
After installation the Configuration Wizard will appear immediately you log in following a restart.
EPM Configure MUST be run before users can start to access the system. For configuration
options relating to a new installation refer to section 5.3.
RECONFIGURATION:
The EPM Configuration Wizard can be run at any time from Start \ Programs \ Business
Objects \ Tools \ EPM Configure to display the EPM Configuration Welcome screen.
Important: There can only be one Primary EPM Server installation through which additional
EPM Model Servers communicate. The EPM Server handles login requests by users. Model
Servers handle processing and calculation required by models.
If an installation is to be the Primary EPM Server then the box should be checked underneath
the Server radio button.
For Model Server only installations this box should be unchecked. Model Server only
installations will then lead to a screen where the name of the EPM Server should be entered.
Enter the EPM Server name manually or browse to the machine name and continue with the
configuration process.
Note: When re-configuring to define a new Primary EPM Server, the existing Model Server
assignment is not changed automatically. Models will still be associated with the previous
application server, until this is changed manually via the Model Administration screen in the
EPM Model Builder application (see EPM Administration & Security Guide for further
details).
Model Servers are installed from the EPM Core component in the ‘Select Components’ screen
within the installation process. The Builder application does not need to be installed although it
can be useful when trying to eliminate communication problems that clients might encounter.
On a three-tier system you should install the Server version on the middle tier and the Client
version on any client workstations. An EPM Server should be installed alongside the OLE DB
provider for your database, to allow you to connect to your database.
When using Oracle Database Server, ensure the Oracle Client software is installed on the
Server machine.
If you are running on Windows XP or 2003, Configuration Management is incorporated into the
Windows Component Services console. You must expand the Computers and DCOM Config
items to display all the installed Applications that use DCOM.
[Note: In Windows 2000 you are taken to the Distributed COM Configuration Properties screen,
where you can double click EPM Server under the Applications tab.]
You will now see the EPMServer Properties screen where you must click on the Security tab.
Firstly, ensure that the radio button under Launch and Activation Permissions is set to
Customize and click Edit.
Using Add, select the appropriate groups and names from the Names list. Repeat until all your
groups/users are added and appear in the Group or user names box as shown. Now check
the Allow boxes to set the necessary types of access for confirmation as shown.
Click OK again to return to the DCOM Properties screen. Repeat the above steps and add the
same groups/users to “Access Permissions”. When this is done, click Apply then OK on the
Properties screen.
Select EPMMain in the DCOM Configuration Properties screen and apply the same settings as
for EPMServer. When finished, click OK from the EPMMain Properties screen.
The DCOM security settings for installations where the Application Server and Web Server are
installed on the same machine should be applied using the following local accounts.
• Internet Guest Account I_USR_<machine name>
• Launch IIS Process Account I_WAN_<machine name>
You are advised to apply these accounts with the necessary levels of access to the EPM
Services as follows:
When Application Server and Web Server are on separate machines that may also be on
different domains, you must include settings for accounts that have access to both machines
and/or domains. Business Objects technical support can advise you on the settings that are
most appropriate for your environment.
To continue to configure the EPM Server if Work Manager is not installed see 5.6
If Work Manager Server is selected see 5.6 to continue configuring EPM Server.
Server into the dialog box or click Browse to search for the relevant server.
If you selected Browse, the following screen will be displayed for you to navigate to the
appropriate server.
Once selected you will be taken to the previous screen, your chosen computer will appear in
the dialog box and you should now click Next to continue.
Having entered a Server you now need to test the connection between the Server and your
machine. Click Next to test this connection.
If the EPM Server option was selected see 5.6 to configure the Server options.
If the Client option was selected see 5.9 to configure the client options.
There can only be one Primary EPM Server installation through which additional EPM Model
Servers communicate. The EPM Server handles login requests by users. Model Servers
handle processing and calculation required by models.
If an installation is to be the Primary EPM Server then the box should have been checked
underneath the Server radio button. For Model Server only installations this box should be
unchecked.
Selecting the Server option in the EPM Installation Type screen will lead you into several
configuration options, which are detailed below including:
• Database
• Advanced IP Filtering
• EPM Model Directory Selection
• License Key Configuration
Your choice of Database Access Protocol will affect the next screen to be displayed:
• Oracle Instant Client Server Database Setup – for native Oracle connectivity
• SQL Server Native Client Database Setup – for native SQL Server connectivity.
• EPM Server Database Setup – for OLEDB selection
Note: In Oracle installations swapping between the two means of communication will cause
any existing DCOM settings to be lost.
If this is not a Primary Server the screen below will not be editable and will reflect the database
settings of the EPM Primary Server.
Alternatively the User assigned to the EPOACESS role may be used here (by default
‘USREPO’ user is created which you may choose to use).
For either Server database you may choose to restrict the privileges a user has to
prevent access to additional databases. If this is the case use the user created in the
Server Database setup.
TNS Names… button on the Oracle Instant Client Server Database Setup screen. EPM will
use the information stored in the TNSNAMES.ORA file to provide the connection details.
When the window opens click on the Browse button to select the folder path of the
TNSNAMES.ORA file. When you have selected the correct folder and clicked OK, the content
of the TNSNAMES.ORA file should appear in the TNSNAMES.ORA text box.
Click OK to return to the Oracle Instant Client Server Database Setup window.
Now enter the TNS Names entry in the service name field along with the user name and
Should the use of the TNSNAMES.ORA file become redundant it will be necessary to relocate
this file before it is possible to re-configure EPM to use OCI.
optionally create rules to allow or deny access to the EPM server services. These rules are
configured to identify the originating machine’s IP or network address and then allow or deny
access to the EPM server service. Each EPM server service has its own list of rules allowing
granular control over which hosts or networks can communicate with specific EPM server
services. The ordering of the rules in each list is significant and this is discussed in section
5.6.2.2.
Rules for each service are configured for the appropriate server. The specific servers for which
rules can be written are determined by the type of installation performed on each machine.
If no rules are present then the default is to allow communication between all machines and the
services they run.
To create a rule for a particular Server, select it from the Server Name drop down menu and
then click on the Add button. To apply a rule or rules to all servers, click on the Apply to all
Servers button. IP filters can be configured for the servers:
Note: If you have set up rules within a previous version of EPM, your Servers as listed in the
ipFilters.ipt file may now need to be renamed. This is because the ipFilters.ipt file is a user-
generated text file and is not automatically updated on upgrade. To edit the ipFilters.ipt file, go
to C:\Program Files\Business Objects\EPM\ipFilters.ipt.
The value of X which in this example is represented in the right-most text field of the Network
Number defines the range of Host IDs. The Network Number Preview text boxes display the
results of applying the Subnet Mask to the Network Number.
If Classless Inter-Domain Routing (CIDR) is selected then the Subnet Mask will be
transformed to its equivalent CIDR block prefix as displayed below:
Tip: It is strongly advisable to select a drive with a large amount of free disk space and Read &
Write access, as this folder will be used to install your EPM models, which are likely to be a
substantial size.
Click Next to continue to the License Key Configuration screen whilst testing your connection
to the EPM Server. The EPM Server service will be stopped and restarted when the ‘Next’
button is clicked.
The EPM options or components that are available with each license key are displayed in the
lower window when the key is selected in the upper window (e.g. EPM component access,
User number limits).
If you choose to alter the current selection, a dialog box will appear, asking you to confirm that
you now wish to disable/enable database auditing.
If the installation is not a Primary Server only the check boxes corresponding to that machine
name will be editable.
If Work Manager Server was selected see 5.7 to configure the Server options.
If the Web Server is installed on this machine see 5.11 to configure this component.
If Report Manager Server is installed on this machine see 5.12 to configure this
component.
If no other EPM components are installed on this machine see 5.10 to continue the
configuration.
The configure for Auditing options allows you to configure which actions are logged in the audit
log when a state changes in Work Manager. Simply select Configure and select the relevant
options using the check boxes. This audit log is global throughout Work Manager.
Select Next to continue configuration.
If EPM client was selected and this machine is not to be a Model Server see 5.9 to
configure the EPM Client.
If this machine is a Model Server and the Web Server is installed see 5.11 to
configure the EPM Web Service options.
If Report Manager Server is installed and this machine is a Model Server see 5.12 to
next configure this EPM component.
EPM can be integrated into a Windows NT, Active Directory or LDAP compliant environment.
Selecting either EPM Standard Security or Windows NT Security options requires no further
configuration.
If either the Windows Active Directory Security or LDAP security options are selected, the user
will be able to specify connection parameters that will return the user name from either the
Active Directory or the LDAP directory.
'Enable Secondary Logon' can be checked for the Win32 and/or Web applications. This
enables users to manually log into the Web using a secondary username, if logging onto the
If this machine is to be a Server installation for Web Server, Work Manager or Report Manager
but not a Model Server the DCOM security must be setup up. See 5.3.1 for details on how to
do this.
Server into the dialog box or click Browse to search for the relevant server.
If you requested to Browse, the following screen will be displayed for you to navigate your way
to the appropriate server.
NOTE: The server setting selected will be written to the computer’s Registry. Local
Administrator rights are required for this setting to be written to a central location. If the person
configuring this setting does not have Local Administrator rights then an “override” Registry key
will be generated, and this setting will be used in preference to the centrally configured “default”
server setting.
Once selected you will be taken to the previous screen, your chosen computer will appear in
the dialog box and you should now click Next to continue.
The ‘Test Connection’ button tests whether the database connectivity information supplied in
previous screens is sufficient to make a connection to the current EPO database server, and
also checks whether the EPM Server service on the Primary Model Server can be connected
to.
location screen to define a suitable folder in which these files are to be saved. You will need
Read / Write access to this folder. Here you can choose to accept the default directory or
To finish configuration where neither the Web Service nor Report Service is to be
configured see 5.13.
First you must specify where the IIS ASP files are to be stored and the Web Server URL. The
default destination will appear in the respective edit boxes on the screen.
The system account user must have full access to the EPM Temp directory in order to ensure
temporary files are cleaned up correctly.
The machine’s IP address may be used here but this must also be used by Web Clients. Web
Clients trying to access a Book using details alternate to those specified in this screen will not
be allowed access (i.e. using the URL address instead of the IP address).
When using IIS Web Server the IIS Web Files Directory should be specified as the standard IIS
Directory. By default this is \inetpub\wwwroot\EPM. Read & Write access will be required to
this directory.
Once these are defined select Next to update the web files.
Selecting either EPM Standard Security or Windows NT Security options will require no further
configuration.
For details on the correct configuration of Windows Active Directory and LDAP Security see
previous section 5.8.
For an example of how to configure EPM to work with Web security see the EPM
Administration & Security Guide.
The web files are then updated and a monitor bar displays progress. Once the bar is full select
Next to complete configuration.
Where IIS is used as the Web Server please check the correct settings have been configured
within IIS after the EPM Configure (see 5.11.4).
Internal Network
The internal network will contain the Host IIS Web Server, which will connect to the primary
EPM server in the normal manner.
DMZ
This will contain the proxy IIS Web Server, which must have a 1 – 1 relationship with the Host
IIS Web Server.
Note: Where multiple proxy Web Servers are used each must connect to a corresponding host
Web Server.
External Client
This is the web user using Internet Explorer to connect to the URL of the Proxy IIS Web Server.
The Host IIS Web Server should be configured in the usual manner for an EPM installation.
Do Not check the EPM Web Proxy Service option in the EPM Web Server Configuration
screen.
The Proxy IIS Web Server should have the EPM Web Proxy Service option checked in the
EPM Web Server Configuration screen.
Details on how to configure this are below:
• EPM Web Proxy Service Check Box: Click this if you wish to use the EPM Web Proxy
Service on this Web Server.
• Proxy URL Edit Box: This should contain the location of the local web client software
with ‘/tun’ added onto the end of the URL to use the EPM Web Proxy Service.
E.g. //YourMachineName/epo/tun
• Destination URL Edit Box: This should contain the address of the host IIS Web Server
connecting to EPM.
E.g. //HostInternalEPMWebserver/epo
Note: It is possible to use an IP address when configuring the Proxy URL and the Destination
URL but the user must use this IP address as the URL in the Internet Explorer web client rather
than the DNS machine name.
Select Next to continue IIS web server configuration. The web files are then updated and a
monitor bar displays this progress. Once the bar is full, select Next to complete configuration.
Where IIS is used as the Web Server please check the correct settings have been configured
within IIS after EPM Configure (see 5.11.4).
The system account user must have full access to the EPM Temp directory in order to ensure
temporary files are cleaned up correctly.
IMPORTANT: The EPM Web Proxy Service is not available when using EPM Web Service.
If you choose to use a port other than the default suggested (in this case 80), then this port
number needs to be added after the EPM Web Server URL, preceded by a colon.
For Example:
http://YourMachineName:82
Additional ports to be used for the EPM Web Server must be operational in order to connect to
Web Books successfully. If an invalid port is specified in EPM Configure you will not be able to
successfully login to the application using the port.
5.11.4.1) and IIS Timeouts (see 5.11.4.2). You must implement these settings to ensure your
Web access operates correctly. Some special configuration options are required for Windows
2003, which uses IIS 6 (see 5.11.4.3). Additional options must be set for very large EPM
By default the Web Files for your EPM Applications should be created in the directories at
C:\Inetpub\wwwroot.
It is advisable to stop and restart your IIS service to ensure that the changes become effective
immediately. This can be done by selecting the context menu from the top node in IIS Manager
and selecting Restart IIS.
Your EPM web pages should now be available from your browser. You can check this by
navigating to: http://yourwebservername/epo/about.asp where ‘YourWebServerName’ is the
name of your EPM web server.
In the Anonymous User Account screen define a windows account user. This can either be the
default IIS Guest Access account or a personalized user on your PC. This user must have
sufficient access to the EPM directory and web files (ensure this user is set up on the machine
within Control Panel \ Computer Management \ Users and Groups). Set a password for this
user in the box provided and ensure that ‘Allow IIS to control password’ is unchecked.
These anonymous access rights are not required when using the EPM Web Proxy Service.
The default IIS access provided is sufficient with this service, as it does not use COM security.
When EPM is used with the DCOM transport layer then this account should be modified to use
a Domain User account to allow the anonymous internet session to have sufficient privileges to
have access to remote (i.e. distributed) services.
IMPORTANT: The user defined under anonymous access must be added to the DCOM
settings of any primary and secondary model servers and web servers to allow users to login
through the web to models based on alternative model servers.
These users must have access rights across the Domain in which the EPM system is installed.
Right click on Default Web Site or the virtual directory containing the EPM directory and choose
properties. On the Properties dialog box select the Web Site tab. Set the Connection Timeout
to a time greater than you would expect any model requests / calculations to take.
The default access permissions of 'Read' and 'Scripts Only’ are sufficient to allow access to the
EPM web files and can be left at these settings. To avoid possible COM surrogate errors the
Application Protection option must be set to ‘High (Isolated)’ and default COM Security
changed to include the IWAN_USER account (see 5.3.1).
Now click on Configuration to set the Configuration options.
On the Configuration Options tab, set the ASP Script timeout to a time greater than you would
expect any model requests / calculations to take.
Select the ‘Configure DCOM Manually’ checkbox and then click Config DCOM if you wish to
configure your DCOM now. Alternatively, you can complete the installation and perform this
manually later. (Refer to section 5.3.1 for further details on DCOM Configuration.)
Select Next to continue to the Test Connection screen from which you can test your connection
to the EPM Server (the Primary Model Server).
Select Next to continue to the Finish screen, which will give details of your successful
connection. Press the Finish button to close the EPM Client Connection Wizard.
EPM has a comprehensive security mechanism designed to control every aspect of a user’s
access to the system. However, DCOM also contains authentication intended to limit
communication between clients and servers to only authorized users. This extra authentication
layer imposed by DCOM is somewhat redundant and can overcomplicate installation, as
permissions need to be configured for EPM services.
Where the client workstation accesses the server through a firewall numerous extra ports have to
be opened in the firewall to enable DCOM authentication to take place. By removing DCOM
authentication and implementing COM Internet Services (CIS) then DCOM communications can
be reduced to a single port.
Disclaimer: this suggested configuration may have negative effects for a client workstation
accessing other servers, which have not been reconfigured to use CIS. After reconfiguring your
client workstation to communicate with the Business Objects application server, your workstation
may not communicate properly on other servers in the network.
The following section describes the process of removing DCOM from a client-server setup where
the client is installed on Windows 2000 Professional that belongs to a workgroup called
“workgroup”. The user is logged on as a standard user accessing the EPM server software running
on a Windows 2003 Server in a domain called “domain.local”.
The client workstation is connected to the LAN via a hardware firewall whilst the domain controller,
DNS server and EPM server are all behind a firewall in a DMZ.
The removal of DCOM authentication should ideally be done before any system goes live.
However if these changes need to be applied to a production environment then you must ensure
that all users are logged out of EPM and that all models have closed down before starting.
It is possible to confirm that the EPM services have automatically stopped by inspecting the status
of the services in EPM Service Manager. This is accessed from Start | Programs | Business
Objects | Tools | EPM Service Manager.
Expand the “Components Services” by pressing the “+” sign to the left then expand “Computers”,
and “My Computer” and finally click on the “DCOM Config” folder.
In the right hand pane select the “EPMServer” COM object and from the right click menu select
“Properties”. On the “General” tab change the “Authentication Level” to “None” using the drop-
down box.
Under the “Security” tab set the “Access” and “Launch Permissions” radio buttons to Customize.
In the “Launch Permissions” group box click the “Edit…” button then use the “Add...” button to add
the “ANONYMOUS LOGIN” group and set its “Launch Permission” to “Allow”.
Next, in the “Access Permissions” group box press the “Edit…” button then use the “Add...” button
to add the “Everyone” group and set its “Access Permission” to “Allow”.
At the properties dialog box press the “OK” button to return to the “Component Services”
application dialog box.
Repeat these steps for both the COM objects “EPMMain” and “EPMModel”. When complete
restart the server or restart the “EPMServer”, “EPMMain” and “EPMModel” services.
The following section describes the process of channeling all DCOM communications through a
single port in client-server setup where the client is installed on Windows 2000 Professional and
accesses an EPM server running Windows 2000 Server software.
The client workstation is connected to the LAN via a hardware firewall whilst the domain controller,
DNS server and EPM server are all behind a firewall in a DMZ.
Select the “Default Protocols” tab and use the “Remove” button to remove all protocols.
Use the “Add” button to add “Tunneling TCP/IP”. Select the “Default Properties” tab and enable
“Enable COM Internet Services on this computer”. The client will need rebooting before the
On the Windows 2000 Server, CIS requires that the Internet Information Server (including the IIS
Manager) is installed and working. CIS should not be installed on a server running Microsoft Proxy
Server because these two services are incompatible and will not work correctly together.
If your server is multi-homed i.e. has a network card with two or more IP addresses then you must
ensure that the EPM client software is configured to refer to the server by its DNS name and not
one of its IP addresses.
From the Control Panel, select “Add/Remove Programs” and click “Add/Remove Windows
Components”. Click the “Components” button to start the wizard. Select “Networking Services”
and click the “Details” button.
Select the “COMM Internet Services Proxy” check box and click OK.
As for the client, enable Tunneling TCP/IP by running DCONCNFG (see section 6.2.1). Select the
“Default Protocols” tab and use the “Remove” button to remove all protocols.
Use the “Add” button to add “Tunneling TCP/IP”. Select the “Default Properties” tab and enable
“Enable COM Internet Services on this computer”. The client will need rebooting before the
changes take effect.
14 Kerberos UDP 88 Y Y
15 LDAP UDP 389 Y Y
16 HTTP TCP 80 Y Y
1 (DNS)
This is used by the installation process of the EPM client software to determine whether it can
resolve the EPM server name just prior to issuing a ping to test whether it can communicate with
the server computer itself. Also the process of the client workstation actually logging on to the
domain and DCOM itself uses DNS lookups.
2-9 (ICMP)
The installation process for the EPM client software pings the named EPM server to test
communications with the server.
10-13 (NetBIOS/SMB)
This is the main set of services use by a client computer to access server resources like shares
etc… These services are also used during the logon process.
14-15 (Kerberos/LDAP)
These services are used during the logon process to locate user and computer objects and
authenticate the workstation to the domain.
16 (HTTP)
This is the protocol used by CIS to channel all ports for the client-server software in EPM to
communicate using DCOM over a TCP/IP network. The DCOM Dynamic ports usually cover the
range 1024-65535 by default; however CIS channels all of this traffic through port 80.
Whilst you may be able to PING successfully DCOM will not work.
Open the registry editor by running the REGEDT32 utility from either a command prompt or by selecting Run from the
Start menu and typing the command into the text box.
Do not use REGEDIT utility, as this does not support the registry modifications required.
Within the Registry Editor window expand the “HKEY_LOCAL_MACHINE” window to full.
Navigate to “Software\Microsoft\Rpc” and using the options under the Edit menu, create the key
“Internet” under the “Rpc” key. Inside that key create three new values as follows:
The “Ports” value “5000-5020” makes only these ports available to DCOM dynamic
communications. This is the recommended minimum value because Windows itself and other
applications will also use DCOM. For this reason it’s impossible to state exactly the minimum
number of ports that should be configured.
As a rule of thumb if you experience problems as a result of these changes then the range should
be increased from 5000-5020 to 5000-5030 or more as required. However don’t forget to also
increase the range configured in the firewall’s Allow rule to match any increases in range.
In order to work, SSO requires that an EPM login is created that exactly matches a users
NT, Active Directory or LDAP login (see Administration and Security Guide for more
details). As these EPM logins do not exist in a newly installed system, when first logging
in as the administrator, the user must bypass the SSO security. To achieve this, open
Model Builder and cancel the error message. To then open the Login dialog screen hold
down the Shift key and click on the login icon on the tool bar or use the keyboard
combination of Ctrl, Shift and L. Then enter the predefined administrator login and
password and click OK (see below). One of the first tasks is then to create the EPM
logins to allow other users to login.
Click on the Model Builder icon from Start | Programs | Business Objects | EPM to launch
the application.
The Login dialog screen will be displayed as shown below:
Select Model Admin to be taken to the model management screen where you can create your
first Model.
Give your Model a name and if required a description and click OK.
Your newly created Model will appear on the Administration tab and can be opened by double
clicking on it or by selecting it and clicking the Open button.
The main EPM Application screen is now displayed. You should now set up some of your
Users and Groups before proceeding any further with your Model.
The software can be removed by the use of the uninstall program, accessed from
Add/Remove Programs in Control Panel.
Select the EPM Application you want to remove and click the Change/Remove button. You will
see a dialog similar to the one that follows, which demonstrates the removal of EPM.
During the removal of your EPM Application you will be asked whether you want to remove the
Business Objects shared components. These are the files stored in Program Files \ Common
Files \ Armstrong Laing which include the Business Objects language editor and EPM
Configure utility. It is advisable to remove the files that are no longer required as they will be
reinstalled on the next EPM installation.
Caution: The Metify application provided by Business Objects shares some of the same
components as Activity Analysis. If you remove these at this stage Metify will no longer work.
These components can be restored by a re-install of either Metify or Activity Analysis. If you
choose not to remove these components Metify is unaffected.
Once your EPM Application has been successfully uninstalled, you MUST restart your machine
If you do not restart your machine between removing the software and installation the following
Note: Do not simply delete the directories containing the EPM files.
9.1 Preparation
Preparation is all-important. You should make sure before you begin that you have carried out
the following tasks. Time spent here may well save you trouble later.
• Evaluate the network environment in place at your site. Make sure you understand the
primary domain, shares, routers etc.
• Ensure that you have the necessary user names and passwords.
• If the client and server are on different NT domains, an NT trust relationship has to be
established. Contact your NT Administrator for assistance.
• Establish that clients can see the EPM Server through their normal logons. You can do
this by logging on as the client, and then checking that your machine can see the EPM
server via “Network Neighborhood”.
• Make sure that you have your EPM serial number(s) before starting.
• If at all possible, be able to contact a Network Administrator.
pieces of information that you will need to consider to ensure that the deployment goes as
smoothly as possible.
The EPM web client uses Microsoft’s ActiveX technology to provide web users with an EPM
logon panel within their Internet Explorer browser. With each release of the EPM Suite comes a
new version of the signed ActiveX control ‘EPMDataConnection Control’ which will be placed
into the ‘Downloaded Program Files’ folder.
There are two alternative methods for installing the EPM ActiveX toolbar object:
• Web Download
• Web Client Installer Program
Trusted Sites.
NOTE: Local administrator rights are required to effect any changes to Internet Explorer
settings. If you do not have local administrator access you will not be able to download the
ActiveX control if your current settings do not permit such downloads.
10| Troubleshooting
EPM System Information
This error occurs at installation on a Client PC when a different version of EPM is being
installed to that installed on the server.
To rectify this click OK and then click Cancel from the “Test Connection to EPM Main Server”
screen and the click Finish. EPM should then be uninstalled using Add/Remove Programs
from Control Panel and then reinstalled using the correct version.
This error occurs at installation when the client tries to access a server that is unavailable. This
could mean that either the server name is incorrect or that the server cannot be accessed.
To rectify this click OK on the error message and then click Back to return to the EPM Client
If the server name is correct, check that the server is visible within Network Neighborhood. If it
Incorrect DCOM configuration may also be a factor. Check DCOM has been set up
The message may appear as above, when unable to start an application, or alternatively it may
appear once an application has been opened that is unable to carry out an operation.
To rectify the situation, check the rules that have been defined in Advanced IP Filtering, to
ensure that they don’t block any IP services from that address.
allow User access across all these machines. All users within the network domain who wish to
access EPM must be added to the DCOM security settings on all the Server machines (this
security privileges. It is advisable to choose a user within the network domain who has read /
write access on the Web Server machine. If problems persist check this user is set up within
the DCOM Settings on the other Servers the Web Server communicates with.
appears within the details accessed through a yellow warning icon to the bottom left of Internet
Explorer.
This may be caused by an incorrect web address being used, namely an IP address was
defined with the Web Server configuration screen but the address used by the Web Client is a
machine name.
Try entering the alternate address used for the Web Server to login to EPM.
Alternatively this may be caused when more than one Web Server exists on an EPM system
but the same IUSR account is used within Internet Information Services. Where several Web
Servers exist, different domain users must be used in IIS to avoid a conflict of access
longer. For more information on this process please contact Business Objects.
see the EPM banner page and this standard IIS error will be displayed.
To solve this problem check that the web files are stored in the default IIS folder (this is often
\inetpub\wwwroot\) by using EPM Configure. If an EPM folder does not exist under this path
then you may need to create an EPM subfolder in which to store the files.
File Structure
If IIS was not installed before the installation of EPM, a virtual directory will need to be created
in order to access the web files created during installation (usually underneath the default root
directory) on IIS.
To access the IIS configuration program open the Control Panel and select Administrative
Select the 'Default Web Site' node and select New \ Virtual Directory from the right-click context
menu. This will evoke the Virtual Directory Creation Wizard. When prompted to supply an alias
name for the directory type "EPM”.
Resources
A2. Documentation
You can find answers to your questions on how to install, configure, deploy, and use Business
Objects products from the documentation.
Business Objects consultants can accompany you from the initial analysis stage to the delivery
of your deployment project. Expertise is available in relational and multidimensional databases,
in connectivities, database design tools, customized embedding technology, and more.
Advanced IP Filtering, 55
IIS Configuration
Post Installation, 77
C Installation
Catalog, 52, 54
Installation Order, 26
Installation Process, 27
Connectivity, 51
Installation Tips
Preparation, 108
D Introduction, 6
Database Auditing
Defining rules, 56
Selection, 60
Rule ordering, 57
Database Connectivity, 51
OCI, 53
Configuration, 59
OLEDB, 52
M
DCOM and Firewall Settings with EPM, 88
DCOM Configuration
Model Directory
Workflow, 48
Selection, 58
E N
EPM Architecture, 8
Networking Advice, 108
EPM Configuration, 40
EPM Installation, 24
O
EPO Configure
Client Setup, 66
OCI, 51
OLEDB, 51
Configuration Options, 40
Server, 42
EPO Server
Database setup, 52
S
Installation Type, 42
Server component registration, 61
Database Server, 9
F EPO Server, 9
Firewall Configuration, 95
Model Server, 9
Utilities, 10
Housekeeping, 108
Web Client, 10
Index
Web Service, 9 V
Topologies, 16
Web Client Installer Program, 110
Troubleshooting, 114
Web Download, 109