Qlik Community

QlikView Deployment

Discussion Board for collaboration related to QlikView Deployment.

mgdpuro1
New Contributor II

Security in Cluster Deployment

how is security handled in typical cluster environment.

Currently we provide file level permission to local server groups and handle security. However with cluster environment this method will not work (that's what we have been told) because cluster SAN does not recognize local groups.

Only way to implement security in cluster is:

1) create groups in AD and assign users. (requires AD access, harder to get in enterprise environment)

2) switch from NTFS mode to DMS and assign individual users to each dashboard. (painful)

Just wanted to ask everyone. how is it typically done and what is the best method.

4 Replies
Bill_Britt
Esteemed Contributor III

Re: Security in Cluster Deployment

Hi,

To make this simple, the SAN should be attached to a Windows Server. Then it is shared and at that point users and groups will work. I am betting it is a NAS that you are using and being it isn't a Windows base NAS (not able to do groups) it is not supported.

Bill

mgdpuro1
New Contributor II

Re: Security in Cluster Deployment

Thanks Bill

We have not deployed this yet, however as per Qlik local groups will not work. They are proposing to use SAN.

Even if SAN is served as windows share drive. Where do you create security groups in cluster envionment. Only solution is to crete groups in AD, assign users to those groups and then create permission via publisher.

Currently: We have 1 server with all qlikview services running. We create local security groups and assign users to these groups via AD (integrated). These groups are then assigned to dashboards residing on same local server.

Bill_Britt
Esteemed Contributor III

Re: Security in Cluster Deployment

Hi,

Yes, local groups will be an issue and will not work in a cluster environment. However you are correct when talking about using AD groups. This is what most people use when they are assigning users to dashboards. That way both servers will be using the AD groups.

Bill


mgdpuro1
New Contributor II

Re: Security in Cluster Deployment

Yes i agree.

the only caviat is that now you need to be able to have access rights to create, delete, modify AD groups.