Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I am wanting to make sure an environment is optimal for a new QlikView production environment. Any feedback it would be greatly appreciated.
It is a two node QlikView Server cluster. For now the second node is removed because we noticed some initial performance issues with the second node so we deactivated it for now while we try to validate the primary node. Two large servers are being used for the cluster. At this point we do not have a dedicated file share setup so we are using the first / primary node as the file share location. All of the services including QMS and a single publisher license has been established on this first node and any configurable path in QMC is pointing to the primary server using UNCs. The two servers are within the company's intranet. We have two smaller servers that will be used as external Web Servers that have been placed within the DMZ using QlikView Webserver. Ports have been opened for all the servers to talk with each other (at least all the ones that are needed). We are in the process of setting up SSL on the two web servers to do https.
Some initial oddities that have been noticed:
The environment was built under the assumption that web servers should be within DMZ and remaining QlikView servers should not be. Is this what is recommended and best practice? Any additional suggestions and thoughts would be greatly appreciated!
This is all using 64bit QV 11.20 SR2.
Hello Mike,
Quite a nice one you have!
Answering to your questions first:
This is one of those cases where it's worth the time engaging with QlikView Consulting Services so they can check the configuration and the platform and help to to move on.
Hope that helps.
Miguel
Thank you for the response and information.
In regards to the document prompts for credentials. We are using DMS authorization and we do not currently have any section access security defined - so are you thinking we should at it or possible add the service account as a user of the document under authorization? Another interesting point is when the credentials dialog comes up after selecting a document you can click on cancel instead of providing credentials and it still opens the document. So it is more of a nuisance. It might be related to the custom user authentication we are currently using along with and an ODBC Directory Service using the same prefix to share/merge groups (we plan to replace custom users with SSO WebTickets in the near future so the custom user implementation is temporary).
In regards to the nodes for the cluster, the servers are identical and we were seeing the performance degradation just when trying to log into the Access Point and see documents. We are using just one of the web servers pointing to the QlikView server cluster for now. It would take 30 to 60 seconds to see a list of documents on Access Point while the second node was added to the cluster versus a couple seconds or less without the second node added. We tried each of the QlikView cluster load balancing settings. When interacting with a document that was assigned to the second node the performance was considerably slower than when it was assigned to the first node. I am wondering if it is related to the documents being shared from the first node so we are in process of getting external file server established and tested with the first node before adding the second node back. (Note we have the documents set to preload on the cluster.)
So any recommendations / best practices on the service positioning in and out of the DMZ for internet facing applications? (Note - the QlikView Server cluster is the only QlikView environment at this point for both internet and intranet users.)
Thank you again!
Hi Mike,
As for the credentials, sounds like a bug we experienced some time ago but that I cannot recall the exact details right now. So I'd suggest you to log a case with Support using support@qlik.com just to confirm it and if there is a patch available.
As long as the services account is the one that will open the documents, reload them, save them and so, I'd strongly recommend to add it to the distribution, or make it Document Administrator and Supervisor in both QVS and QDS services in the Console. You can check that:
Although the QMC shows "Users and Groups" it only accept individual user accounts, not groups.
In regards to the degradation with the second node, try making some of the documents being preloaded. I understand that even if you are using a server1 folder, the server2 is using a UNC path and has all corresponding permissions. One more thing: does that happen when you add the same server, or it happens regardless the server you join? I mean, If server1 is up, then join server2, it slows down. But what if server2 is up and server1 joins? Again, I'd log a Support case here.
Hope that helps.
Miguel
EDIT: I'm assumin that the account running the services is a domain account and the same for both servers. Should they are local users in the local Administrators group, then that might be the problem, since the cluster acts as one server with two different credentials, and you cannot add local users from one server to another.