SQL Server Reporting Services On External Deployments¶
JustWare uses SQL Server Reporting Services (SSRS) to create a powerful combination that makes the convergence of reporting and case management possible. Reports deliver hyperlinked, drill-down, and sorted data analysis to all types of system users.
Typically the report server runs on the same machine as the JustWare database. With a large number of users, however, it may be beneficial to put the reporting server on a dedicated machine. This scenario is possible with and without integrated security.
- Integrated Security: Make sure that you are using it throughout the entire system. Both the SSRS web service and data sources for SSRS will need integrated security enabled in addition to the JustWare client, web server, and database instance. Integrated security only works if all machines, including servers and clients, are on the same domain.
- Non-integrated Security: If you need to access the system from a non-domain machine, you need to configure your system to not use integrated security. When SSRS is running on a separate machine, an issue will occur where the Kerberos security will not allow multiple hops with the same password hash.
Important: If you are using a separate server for SQL Reporting Services it will be necessary to enable Kerberos Delegation. For instructions on how to set up Kerberos Delegation, see the Installation Guide.
Follow the steps below to set up SSRS on a dedicated machine.
Configure the SSRS web service to not require integrated security.
Note: On SQL Server 2008 x64, this file defaults to the location
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\web.config.
Restart the web service once the change has been made.
In the website provided by SSRS, configure the data sources to use Credential supplied by the user running the report and make sure the Use as Windows credentials when connecting to the data source check box is checked.
The two options that need to configured.
In the same website, configure the user privileges, allowing users to view reports. The easiest way to do this is to create a group that everyone will use, such as Everyone.
An example of how to configure user privileges.
Configure the user privileges on the database. The SQL database server will need to be configured to accept non-integrated connections for those users who route through SRS to the database. Please refer to Microsoft's documentation on SQL Server User Management for steps on how to complete this.
Note: The report server itself has its own database where it caches information. The user that accesses that database must be a DBO on that database. This user is configured in the Report Server configuration tool (or its underlying web.config file referenced above) and may or may not be using integrated security. The SQL Server must also be configured to allow remote connections, both for the cache database and the JustWare views. The standard JustWare database permissions for users should be sufficient for data access.