Upload
dominique
View
42
Download
1
Tags:
Embed Size (px)
Citation preview
Auditing in BI 4.0
Orange Business ServicesSAP Active Global SupportAutumn 2013
© 2011 SAP AG. All rights reserved. 2Customer
Agenda
1. What is Auditing?2. Auditing Dashboard3. Auditing Data Store4. Consistent Auditing Events
© 2011 SAP AG. All rights reserved. 3Customer
What is Auditing?
Keep a record of significant events on servers and applications
Can give you a picture of:
What information is being accessed
How it's being accessed and changed
Who is performing these operations
Information recorded in a database called the Auditing Data Store (ADS)
Can design custom reports based off of data in the ADS
No packaged sample universes or reports included with BI4
Samples can be found on the SAP Developer Network (SDN) site
Keep a record of significant events on servers and applications
Can give you a picture of:
What information is being accessed
How it's being accessed and changed
Who is performing these operations
Information recorded in a database called the Auditing Data Store (ADS)
Can design custom reports based off of data in the ADS
No packaged sample universes or reports included with BI4
Samples can be found on the SAP Developer Network (SDN) site
© 2011 SAP AG. All rights reserved. 4Customer
Auditing Install in 4.0
Special license keys not required in 4.0
For performance reasons it is recommended to have auditing DB separate from
Central Management Server (CMS) DB
After install, auditing is preconfigured, enabled and running
Silent install provides no auditing command line parameter
Special license keys not required in 4.0
For performance reasons it is recommended to have auditing DB separate from
Central Management Server (CMS) DB
After install, auditing is preconfigured, enabled and running
Silent install provides no auditing command line parameter
© 2011 SAP AG. All rights reserved. 5Customer
Agenda
1. What is Auditing?2. Auditing Dashboard3. Auditing Data Store4. Consistent Auditing Events
© 2011 SAP AG. All rights reserved. 6Customer
Auditing Install in 4.0
Special license keys not required in 4.0For performance reasons it is recommended to have auditing DBseparate from Central Management Server (CMS) DBAfter install, auditing is preconfigured, enabled and runningOption to not configure auditing disables auditing and hence no auditingevents are firedSilent install provides no auditing command line parameter
© 2011 SAP AG. All rights reserved. 7Customer
Auditing Dashboard
© 2011 SAP AG. All rights reserved. 8Customer
Auditing Dashboard:Status Summary Section Overview
The Auditing Status Summary section is a new featureMetrics to optimize auditing configurationAlerts of potential issues with auditingWarnings under the following circumstances:
– The connection to the Auditing Data Store (ADS) database is unavailable.– There is no running or enabled Client Auditing Proxy Service (CAPS)– An Auditee has events that could not be retrieved
The Auditing Status Summary section is a new featureMetrics to optimize auditing configurationAlerts of potential issues with auditingWarnings under the following circumstances:
– The connection to the Auditing Data Store (ADS) database is unavailable.– There is no running or enabled Client Auditing Proxy Service (CAPS)– An Auditee has events that could not be retrieved
© 2011 SAP AG. All rights reserved. 9Customer
Auditing Dashboard: Status Summary SectionMetrics
CMS collects events from all auditees once every 3 minutes.CMS automatically adjusts polling cycle duration.Manual configuration of polling cycle duration is not possible.
CMS collects events from all auditees once every 3 minutes.CMS automatically adjusts polling cycle duration.Manual configuration of polling cycle duration is not possible.
© 2011 SAP AG. All rights reserved. 10Customer
Auditing Dashboard: Status Summary SectionPolling Cycle
CMS collects events from all auditees once every 3 minutes.CMS automatically adjusts polling cycle duration.Manual configuration of polling cycle duration is not possible.
CMS collects events from all auditees once every 3 minutes.CMS automatically adjusts polling cycle duration.Manual configuration of polling cycle duration is not possible.
© 2011 SAP AG. All rights reserved. 11Customer
What happens during the polling cycle?Server auditing
1. An auditable event is performed by the server.2. The auditee writes events in a temporary file.3. The auditor polls the auditee and requests a batch of auditing events.4. The auditee retrieves the events from the temporary files.5. The auditee transmits the events to the auditor.6. The auditor writes events to the ADS and signals the auditee to delete the events from
the temporary files.
1. An auditable event is performed by the server.2. The auditee writes events in a temporary file.3. The auditor polls the auditee and requests a batch of auditing events.4. The auditee retrieves the events from the temporary files.5. The auditee transmits the events to the auditor.6. The auditor writes events to the ADS and signals the auditee to delete the events from
the temporary files.
© 2011 SAP AG. All rights reserved. 12Customer
What happens during the polling cycle?Client auditing
© 2011 SAP AG. All rights reserved. 13Customer
What happens during the polling cycle?Client auditing via CAPS
Client Auditing Proxy Service (CAPS)
© 2011 SAP AG. All rights reserved. 14Customer
Client Auditing: CAPS
To enable client auditing (events sent by clients) you must have at least oneAdaptive Processing Server (“APS”) with Client Auditing Proxy Service(“CAPS”).
For high availability and load balancing it is highly recommended to have atleast 2 APS servers with CAPS services
Each APS to be hosted on a different machine to minimize the effect ofhardware failure
It is critical to have at least one CAPS always available, otherwise clientevents will be lost
Make sure that each APS request port is open in the firewall between clientsand APS to allow client events to be delivered to CAPS
To enable client auditing (events sent by clients) you must have at least oneAdaptive Processing Server (“APS”) with Client Auditing Proxy Service(“CAPS”).
For high availability and load balancing it is highly recommended to have atleast 2 APS servers with CAPS services
Each APS to be hosted on a different machine to minimize the effect ofhardware failure
It is critical to have at least one CAPS always available, otherwise clientevents will be lost
Make sure that each APS request port is open in the firewall between clientsand APS to allow client events to be delivered to CAPS
The preinstalled APS hosts CAPS. Instead ofusing a pre-installed APS with CAPS, it isrecommended to create a new APS dedicatedonly to CAPS. This will significantly improveperformance and high availability.
© 2011 SAP AG. All rights reserved. 15Customer
Back to the Auditing DashboardStatus Summary Section
© 2011 SAP AG. All rights reserved. 16Customer
Auditing Dashboard: Configuring Auditing Events andEvent Details
Use the “Auditing Level” slider in “Set Events” to chose the level of auditingChoose “Custom” to select individual auditing eventsChanges apply to all servers and applications.You can enable and disable some event details:
QueryUser Group DetailsFolder Path DetailsRights DetailsProperty Value Details
Note: For client auditing it may take up to two minutes after the changes havebeen made before the system will start recording data for any new events. Makesure you allow for this delay when implementing changes to the system.
Use the “Auditing Level” slider in “Set Events” to chose the level of auditingChoose “Custom” to select individual auditing eventsChanges apply to all servers and applications.You can enable and disable some event details:
QueryUser Group DetailsFolder Path DetailsRights DetailsProperty Value Details
Note: For client auditing it may take up to two minutes after the changes havebeen made before the system will start recording data for any new events. Makesure you allow for this delay when implementing changes to the system.
© 2011 SAP AG. All rights reserved. 17Customer
Auditing Dashboard : Configuring ADS Database
If Auditing is enabled and ADS database not configured, audit eventsaccumulate.
CMS must be restarted for changes in ADS database configuration to takeplace.
Multiple clusters can write events to the same ADSAuto-delete: Delete events older than (days)ADS Auto Reconnect – CMS automatically reconnects to ADS when connection
is lost.
If Auditing is enabled and ADS database not configured, audit eventsaccumulate.
CMS must be restarted for changes in ADS database configuration to takeplace.
Multiple clusters can write events to the same ADSAuto-delete: Delete events older than (days)ADS Auto Reconnect – CMS automatically reconnects to ADS when connection
is lost.
© 2011 SAP AG. All rights reserved. 18Customer
Summary of Audit Configuration in CMC
You cannot configure:• Auditing polling interval duration• Which events are retrieved• AuditInterval and AuditMaxEventsPerFile
command line CMS parameters no longersupported.
You can configure:• In CMC > Servers > Nodes >
Placeholders• The location of temporary auditing files
• In CMC > Audit (Audit Dashboard)• Auditing levels and events details• Audit ADS database
All auditing configuration is done in CMC, no more in CCM.
© 2011 SAP AG. All rights reserved. 19Customer
Agenda
1. What is Auditing?2. Auditing Dashboard3. Auditing Data Store4. Consistent Auditing Events
© 2011 SAP AG. All rights reserved. 20Customer
Migration
New auditing events and ADS schema are not compatible with XI 3.1 auditingdatabase.
No migration of auditing data between releases.Event structure and information collected has changed.Audit events have more information in 4.0.Consistency of event data.
No out of the box sample auditing universe and reports.
New auditing events and ADS schema are not compatible with XI 3.1 auditingdatabase.
No migration of auditing data between releases.Event structure and information collected has changed.Audit events have more information in 4.0.Consistency of event data.
No out of the box sample auditing universe and reports.
Caution: If you specify an older version of the auditing database duringthe installation, the contents of the database will be re-initialized andpermanently deleted!
© 2011 SAP AG. All rights reserved. 21Customer
ADS: schema
© 2011 SAP AG. All rights reserved. 22Customer
Key tables are ADS_EVENT and ADS_EVENT_DETAILADS_EVENT contain all event properties for each event (onerow per event), and includes:
Event IDOrigin:– Cluster_ID– Server_ID– Service_Type_ID– Client_Type_IDTime (when event took place):– Start_Time (in GMT)– Duration_ms– Time_Added_To_ADSUser (who caused auditable operation)– User ID– User Name– Session IDEvent type (which operation)– Event_Type_ID– Status ID
Action IDObject Properties (on which resource the
operation is performed)-Object_ID-Object_Name-Object_Type-Folder_Path-Folder ID-Top_Folder_Name-Top_Folder _ID
ADS: ADS_EVENT
© 2011 SAP AG. All rights reserved. 23Customer
Agenda
1. What is Auditing?2. Auditing Dashboard3. Auditing Data Store4. Consistent Auditing Events
© 2011 SAP AG. All rights reserved. 24Customer
Auditing Transversal Consistency
Auditing events are now transversally consistent.There are two types of events:
CommonSpecific
© 2011 SAP AG. All rights reserved. 25Customer
Auditing Common Events
EventName
ID MinimalAuditingLevel
Description
View 1,002 Default User viewed a document / object
Refresh 1,003 Default User refreshed an object
Prompt 1,004 Default User selected value for a prompt
Create 1,005 Default User created an object
Delete 1,006 Default User deleted an object
Modify 1,007 Default User modified property(ies) of an object
Save 1,008 Default Saving a document / object locally, remotely or to CMSrepository. In the same of different format.
Search 1,009 Default User searched for a document, text
Edit 1,010 Default User edited a the content of an object
Run 1,011 Default A job was run
Deliver 1,012 Default An object was attempted to be delivered
Retrieve 1,013 Complete Object is retrieved from CMS
Logon 1,014 Minimal User logon
Logout 1,015 Minimal User logout
Trigger 1,016 Complete An event was triggered
© 2011 SAP AG. All rights reserved. 26Customer
Auditing Common Events (cont.)
- Doesn’t apply. No auditing events is triggered by the component.- Auditing event is triggered by the component.- The component relies on CMS event with the same name. No auditing event is triggered by the component.- The “Save” results in CMS firing Create or Modify events. No auditing event is triggered by the component.
S - The component relies on Search Service event. No auditing event is triggered by the component- The event generated by Live Office Web Services provider on behalf of the client- The event generated by Query as a Web Service and Live Office Web Services provider on behalf of the client
© 2011 SAP AG. All rights reserved. 27Customer
BI Platform Specific Events
BI Platform
Components Generating Events
Event Name ID MinimalLevel
Description
RightsModification
10003 Minimal Right on object were modified
CustomAccess LevelModified
10004 Minimal Custom Access Level wasmodified
AuditingModification
10006 Minimal Tracks changes in auditingevents state (enabled/disabled)
Event Name CMS EventService
Rights Modification
Custom Access Level Modified
Auditing Modification
© 2011 SAP AG. All rights reserved. 28Customer
SAP BusinessObjects Web Intelligence Specific Events
SAP BusinessObjects Web Intelligence (WEBI) Events:
Components Generating Events:
EventName
ID MinimalLevel
Description Generatedby
Drill Out OfScope
10201 Complete Drill Out Of Scope WRC, WEBIServer
PageRetrieved
10202 Complete WebI document pageretrieved
WEBI Server
Event Name WEBI RichClient
WEBIProcessingService
Drill Out Of Scope
Page Retrieved
© 2011 SAP AG. All rights reserved. 29Customer
SAP BusinessObjects Analysis Specific Events
SAP BusinessObjects Analysis Events:
Event Name ID MinimalLevel
Description Generatedby
MDASSession
10300 Complete MDAS Session operationperformed
MDASservice
CubeConnection
10301 Complete Cube Connection operationperformed
MDASservice
© 2011 SAP AG. All rights reserved. 30Customer
Auditing Events: Workflow Example 1
Example of sequence of events for viewing an SAP Crystal Reports report(document A) on demand with prompts in BI Launchpad.
Component Event Note
BI Launchpad View Object ID = CUID of document A
CMS Retrieve Object ID = CUID of document A
CR ProcService
Prompt Object ID = CUID of document APrompt Name = CountryPrompt Value = USA
CR ProcService
Refresh Object ID = CUID of document AQuery = select * from ….
CR CacheService
View Object ID = CUID of document A
© 2011 SAP AG. All rights reserved. 31Customer
Auditing Events: Workflow Example 2
Example of sequence of events for viewing an SAP BusinessObjects WebIntelligence document (document A) in CMC with two prompts.
Component Event Note
CMC View Object ID = CUID of document A
CMS Retrieve Object ID = CUID of document A
SAPBusinessObjectsWeb IntelligenceProc Service
Prompt Object ID = CUID of document ABunch = 1Prompt Name = RegionPrompt Value = EastPrompt Value = West
Bunch = 2Prompt Name = CountryPrompt Value = USAPrompt Value = Canada
SAPBusinessObjectsWeb IntelligenceProc Service
Refresh Object ID = CUID of document ABunch = 1Universe Name = SalesUniverse ID = CUID of Sales universeUniverse Object Name = QuarterUniverse Object Name = Customer
Bunch = 2Universe Name = OrdersUniverse ID = CUID of Orders universeUniverse Object Name = Amount
Query = SELECT * FROM …
SAPBusinessObjectsWeb IntelligenceProc Service
View Object ID = CUID of document A
© 2011 SAP AG. All rights reserved. 32Customer
Supported Databases
Thank You!
Contact information:
© 2011 SAP AG. All rights reserved. 34Customer
No part of this publication may be reproduced or transmitted in any form or for anypurpose without the express permission of SAP AG. The information containedherein may be changed without prior notice.Some software products marketed by SAP AG and its distributors containproprietary software components of other software vendors.Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks ofMicrosoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF,Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere,Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBMCorporation.Linux is the registered trademark of Linus Torvalds in the U.S. and othercountries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks orregistered trademarks of Adobe Systems Incorporated in the United States and/orother countries.Oracle and Java are registered trademarks of Oracle and/or its affiliates.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, andMultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®,World Wide Web Consortium, Massachusetts Institute of Technology.
© 2011 SAP AG. All rights reserved.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjectsExplorer, StreamWork, and other SAP products and services mentioned herein aswell as their respective logos are trademarks or registered trademarks of SAP AGin Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, CrystalReports, Crystal Decisions, Web Intelligence, Xcelsius, and other BusinessObjects products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Business Objects Software Ltd.Business Objects is anSAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and otherSybase products and services mentioned herein as well as their respective logosare trademarks or registered trademarks of Sybase, Inc. Sybase is an SAPcompany.
All other product and service names mentioned are the trademarks of theirrespective companies. Data contained in this document serves informationalpurposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this documentmay be reproduced, copied, or transmitted in any form or for any purpose withoutthe express prior written permission of SAP AG.
© 2011 SAP AG. All rights reserved. 35Customer
© 2011 SAP AG. Alle Rechte vorbehalten.
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind,zu welchem Zweck und in welcher Form auch immer, ohne die ausdrücklicheschriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikationenthaltene Informationen können ohne vorherige Ankündigung geändert werden.Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareproduktekönnen Softwarekomponenten auch anderer Softwarehersteller enthalten.Microsoft, Windows, Excel, Outlook, und PowerPoint sind eingetragene Markender Microsoft Corporation.IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5,System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries,zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6,POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF,Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere,Netfinity, Tivoli und Informix sind Marken oder eingetragene Marken der IBMCorporation.Linux ist eine eingetragene Marke von Linus Torvalds in den USA und anderenLändern.Adobe, das Adobe-Logo, Acrobat, PostScript und Reader sind Marken odereingetragene Marken von Adobe Systems Incorporated in den USA und/oderanderen Ländern.Oracle und Java sind eingetragene Marken von Oracle und/oder ihrerTochtergesellschaften.UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame undMultiWin sind Marken oder eingetragene Marken von Citrix Systems, Inc.
HTML, XML, XHTML und W3C sind Marken oder eingetragene Marken desW3C®, World Wide Web Consortium, Massachusetts Institute of Technology.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjectsExplorer, StreamWork und weitere im Text erwähnte SAP-Produkte und -Dienstleistungen sowie die entsprechenden Logos sind Marken oder eingetrageneMarken der SAP AG in Deutschland und anderen Ländern.Business Objects und das Business-Objects-Logo, BusinessObjects, CrystalReports, Crystal Decisions, Web Intelligence, Xcelsius und andere im Texterwähnte Business-Objects-Produkte und Dienstleistungen sowie dieentsprechenden Logos sind Marken oder eingetragene Marken der BusinessObjects Software Ltd. Business Objects ist ein Unternehmen der SAP AG.
Sybase und Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere undweitere im Text erwähnte Sybase-Produkte und -Dienstleistungen sowie dieentsprechenden Logos sind Marken oder eingetragene Marken der Sybase Inc.Sybase ist ein Unternehmen der SAP AG.Alle anderen Namen von Produkten und Dienstleistungen sind Marken derjeweiligen Firmen. Die Angaben im Text sind unverbindlich und dienen lediglich zuInformationszwecken. Produkte können länderspezifische Unterschiedeaufweisen.Die in dieser Publikation enthaltene Information ist Eigentum der SAP. Weitergabeund Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchemZweck und in welcher Form auch immer, nur mit ausdrücklicher schriftlicherGenehmigung durch SAP AG gestattet.
© 2011 SAP AG. All rights reserved. 36Customer
Headline area
Drawing area
White space
The Grid