Crystal Enterprise™ 10
Administrator’s Guide
Crystal Decisions, Inc.
895 Emerson St.
Palo Alto
California, USA 94301
© 2003 Crystal Decisions, Inc. All rights reserved.
Issue 1.
No part of this documentation may be stored in a retrieval system, transmitted or
reproduced in any way, except in accordance with the terms of the applicable
software license agreement. This documentation contains proprietary information
of Crystal Decisions, Inc., and/or its suppliers.
Trademark Acknowledgements
Crystal Decisions, Crystal Reports, Crystal Enterprise, Crystal Analysis, Crystal
Services, Crystal Care, Crystal Assist, Crystal Applications, Info and Holos are
trademarks or registered trademarks of Crystal Decisions, Inc. in the U.S. and/or
other countries. All other trademarks or registered trademarks referenced are the
property of their respective owners.
Contents
Chapter 1: Welcome to Crystal Enterprise
What is Crystal Enterprise? ............................................................... 2
Who should use this guide? ............................................................... 2
About this guide ................................................................................ 2
Chapter contents ................................................................................................... 2
Online help ........................................................................................................... 6
Product registration .......................................................................... 6
Customer Handbook ......................................................................... 7
Crystal Care technical support .......................................................... 7
Crystal Training ................................................................................. 7
Crystal Consulting ............................................................................. 8
Document conventions ..................................................................... 8
Chapter 2: What’s New in Crystal Enterprise
End-user experience ........................................................................ 10
Microsoft Office integration ................................................................................. 10
Ad Hoc reporting and analysis ............................................................................ 10
Scheduling .......................................................................................................... 10
Report design .................................................................................. 11
Simplified data access ......................................................................................... 11
Integrated report component repository ............................................................... 11
Report hyperlinking ............................................................................................. 11
Developer flexibility ....................................................................... 12
.NET Server Controls ........................................................................................... 12
Application migration and upsizing ..................................................................... 12
System administration ..................................................................... 12
Crystal Enterprise Administrator’s Guide
iii
Security ............................................................................................................... 12
Object Management ............................................................................................ 13
System Management ........................................................................................... 14
Data access, security and management ............................................................... 15
Platform support .................................................................................................. 15
Chapter 3: Administering Crystal Enterprise
Administration overview ................................................................. 18
Working with the Crystal Management Console ............................. 18
Logging on to the Crystal Management Console .................................................. 19
Navigating within the Crystal Management Console ............................................ 19
Setting console preferences ................................................................................. 20
Setting the Query size threshold .......................................................................... 21
Logging off of the Crystal Management Console .................................................. 22
Working with the Crystal Configuration Manager .......................... 22
Accessing the CCM for Windows ........................................................................ 22
Accessing the CCM for UNIX .............................................................................. 23
Making initial security settings ........................................................ 24
Setting the Administrator password ...................................................................... 24
Disabling the Sign Up feature .............................................................................. 24
Disabling the Guest account ............................................................................... 25
Modifying the default security levels ................................................................... 25
Managing the Crystal Enterprise web desktop ................................. 26
Chapter 4: Crystal Enterprise Architecture
Architecture overview and diagram ................................................ 28
Client tier ........................................................................................ 29
Crystal Enterprise web desktop ............................................................................ 29
Crystal Management Console .............................................................................. 30
Crystal Configuration Manager ............................................................................ 30
iv
Crystal Enterprise Administrator’s Guide
Crystal Publishing Wizard ................................................................................... 30
Crystal Import Wizard ......................................................................................... 31
Application tier ............................................................................... 31
Windows COM platform ..................................................................................... 31
Java platform ....................................................................................................... 32
Windows .NET platform ...................................................................................... 33
Web application environments ............................................................................ 33
Intelligence tier ............................................................................... 34
Crystal Management Server ................................................................................. 34
File Repository Servers ........................................................................................ 35
Event Server ........................................................................................................ 36
Cache Server ....................................................................................................... 36
Processing tier ................................................................................. 37
Report Job Server ................................................................................................ 37
Program Job Server .............................................................................................. 37
Page Server ......................................................................................................... 38
Report Application Server .................................................................................... 38
Data tier .......................................................................................... 39
Report viewers ................................................................................ 39
Information Flow ............................................................................ 40
What happens when you view a report? .............................................................. 40
What happens when you schedule a report? ....................................................... 42
Choosing between live and saved data ............................................ 43
Live data ............................................................................................................. 43
Saved data .......................................................................................................... 44
Chapter 5: Crystal Enterprise Security Concepts
Security overview ........................................................................... 46
How Crystal Enterprise authenticates and authorizes ..................... 46
Primary authentication ........................................................................................ 47
Crystal Enterprise Administrator’s Guide
v
Secondary authentication and authorization ........................................................ 48
Security management components ................................................. 49
Web Component Server ...................................................................................... 49
Crystal Management Server ................................................................................. 50
Security plug-ins .................................................................................................. 50
Processing extensions .......................................................................................... 56
Active trust relationship .................................................................. 57
Logon tokens ....................................................................................................... 57
Ticket mechanism for distributed security ............................................................ 58
Sessions and session tracking .......................................................... 59
WCS session tracking .......................................................................................... 59
CMS session tracking ........................................................................................... 60
Environment protection .................................................................. 60
Web browser to web server ................................................................................. 60
Web server to Crystal Enterprise .......................................................................... 61
Auditing web activity ...................................................................... 61
Protection against malicious logon attempts ................................... 61
Password restrictions ........................................................................................... 61
Logon restrictions ................................................................................................ 62
User restrictions .................................................................................................. 62
Guest account restrictions ................................................................................... 62
Chapter 6: Managing User Accounts and Groups
What is account management? ....................................................... 64
Crystal Enterprise default users and groups .................................... 64
Default users ....................................................................................................... 64
Default groups ..................................................................................................... 65
Default Windows NT group ................................................................................ 66
Available authentication types ........................................................ 66
vi
Crystal Enterprise Administrator’s Guide
Managing Enterprise and general accounts ..................................... 67
Creating an Enterprise user account ..................................................................... 68
Modifying a user account .................................................................................... 69
Deleting a user account ...................................................................................... 69
Changing password settings ................................................................................ 70
Creating a group ................................................................................................. 71
Modifying a group ............................................................................................... 72
Viewing group members ..................................................................................... 73
Deleting a group ................................................................................................. 73
Disabling the Sign Up feature .............................................................................. 73
Disabling the Guest account ............................................................................... 74
Granting access to users and groups .................................................................... 74
Managing NT accounts ................................................................... 74
Mapping NT accounts ......................................................................................... 75
Unmapping NT users and groups ........................................................................ 78
Viewing mapped NT users and groups in Crystal Enterprise ................................ 80
Using account aliases for NT ............................................................................... 80
Troubleshooting NT accounts ............................................................................. 82
Setting up NT Single Sign On .............................................................................. 83
Managing LDAP accounts ............................................................... 84
Configuring LDAP authentication and mapping LDAP accounts .......................... 85
Mapping LDAP groups ........................................................................................ 89
Unmapping LDAP users and groups .................................................................... 89
Viewing mapped LDAP users and groups in Crystal Enterprise ............................ 90
Changing LDAP connection parameters and member groups .............................. 91
Managing multiple LDAP hosts ........................................................................... 92
Using account aliases for LDAP ........................................................................... 92
Troubleshooting LDAP accounts ......................................................................... 94
Managing AD accounts ................................................................... 95
Mapping AD accounts ........................................................................................ 95
Crystal Enterprise Administrator’s Guide
vii
Unmapping AD users and groups ........................................................................ 98
Viewing mapped AD users and groups in Crystal Enterprise ................................ 99
Using account aliases for AD .............................................................................. 99
Troubleshooting AD accounts ........................................................................... 101
Using AD Single Sign On .................................................................................. 102
Chapter 7: Managing Folder Objects
Folders overview ........................................................................... 106
Creating and deleting folders ........................................................ 106
Creating a new folder ........................................................................................ 106
Creating a new subfolder at any level ................................................................ 107
Deleting folders ................................................................................................. 108
Copying and moving folders ......................................................... 108
Adding a report to a new folder .................................................... 109
Specifying folder rights ................................................................. 111
Setting limits for folders, users, and groups .................................. 112
Managing User Folders ................................................................. 113
Chapter 8: Publishing Objects to Crystal Enterprise
Publishing overview ...................................................................... 116
Publishing options ............................................................................................. 117
Publishing with the Crystal Publishing Wizard .............................. 117
Logging on to Crystal Enterprise ........................................................................ 118
Adding objects .................................................................................................. 118
Duplicating the folder structure ......................................................................... 118
Creating and selecting a folder on the CMS ....................................................... 119
Moving objects between folders ........................................................................ 120
Changing scheduling options ............................................................................ 120
Enabling repository refresh ................................................................................ 121
viii
Crystal Enterprise Administrator’s Guide
Selecting a program type ................................................................................... 121
Specifying program credentials .......................................................................... 122
Changing default values .................................................................................... 122
Changing object properties ............................................................................... 122
Entering database logon information ................................................................. 123
Setting parameters ............................................................................................. 124
Setting the schedule format ............................................................................... 124
Adding extra files for programs .......................................................................... 124
Specifying command line arguments ................................................................. 124
Finalizing the objects to be added ..................................................................... 125
Publishing with the Crystal Management Console ........................ 125
Saving objects directly to the CMS ................................................ 127
Chapter 9: Importing Objects to Crystal Enterprise
Crystal Import Wizard overview ................................................... 130
Importing information from Crystal Enterprise ................................................... 130
Importing information from Info ........................................................................ 133
Importing with the Crystal Import Wizard .................................... 135
Specifying the source and destination environments .......................................... 136
Selecting information to import ......................................................................... 137
Chapter 10: Controlling User Access
Controlling user access overview .................................................. 142
Controlling users’ access to objects .............................................. 142
Viewing object rights settings ............................................................................ 143
Setting common access levels ........................................................................... 144
Setting advanced object rights ........................................................................... 146
Using inheritance to your advantage ................................................................. 149
Inheritance with advanced rights ....................................................................... 151
Customizing a ‘top-down’ inheritance model .................................................... 154
Crystal Enterprise Administrator’s Guide
ix
Controlling access to Crystal applications ..................................... 173
Controlling administrative access ................................................. 174
Controlling access to users and groups .............................................................. 175
Controlling access to servers and server groups ................................................. 176
Chapter 11: Managing Objects
Managing objects overview ........................................................... 178
General object management ......................................................... 178
Copying, moving, or creating a shortcut for an object ....................................... 179
Deleting an object ............................................................................................. 180
Searching for an object ...................................................................................... 180
Changing properties of an object ....................................................................... 181
Setting object rights for users and groups ........................................................... 182
Report object management ........................................................... 184
What are report objects and instances? .............................................................. 184
Setting report refresh options ............................................................................. 185
Setting report viewing options ........................................................................... 186
Specifying servers for viewing and modification ................................................ 187
Applying processing extensions to reports ......................................................... 189
Specifying alert notification ............................................................................... 192
Changing database information ......................................................................... 194
Updating parameters ......................................................................................... 196
Using filters ....................................................................................................... 197
Working with hyperlinked reports .................................................................... 199
Program object management ........................................................ 201
What are program objects and instances? .......................................................... 201
Specifying command-line arguments ................................................................. 202
Setting a working directory for a program object ............................................... 202
Configuring executable programs ...................................................................... 203
Configuring Java programs ................................................................................ 205
x
Crystal Enterprise Administrator’s Guide
Authentication and program objects .................................................................. 206
Object package management ........................................................ 208
What are object packages, components, and instances? .................................... 208
Creating an object package ............................................................................... 208
Adding objects to an object package ................................................................. 209
Configuring object packages and component objects ........................................ 210
Authentication and object packages .................................................................. 210
Chapter 12: Scheduling Objects
Scheduling objects overview ......................................................... 212
Setting up scheduling .................................................................... 212
Specifying servers for scheduling ....................................................................... 212
Managing calendars .......................................................................................... 214
Scheduling objects ........................................................................ 220
Scheduling on demand ..................................................................................... 221
Scheduling an object to run once ...................................................................... 222
Scheduling a daily object .................................................................................. 223
Scheduling a weekly object ............................................................................... 226
Scheduling a monthly object ............................................................................. 227
Scheduling an object with a calendar ................................................................ 231
Scheduling objects in batches ........................................................................... 232
Scheduling an object with events ...................................................................... 234
Managing instances ....................................................................... 236
Selecting a destination ...................................................................................... 237
Choosing a format ............................................................................................. 243
Setting printer and page layout options .............................................................. 244
Setting instance limits for an object ................................................................... 246
Managing and viewing the history of instances .................................................. 248
Setting notification for an object’s success or failure .......................................... 249
Crystal Enterprise Administrator’s Guide
xi
Chapter 13: Managing Crystal Repository
Crystal Repository overview ......................................................... 254
Copying data from one repository database to another ................ 254
Copying data from a Crystal Enterprise 10 CMS ................................................. 254
Copying data from a Crystal Enterprise 9 repository database ............................ 255
Copying data from a Crystal Reports 9 repository database ................................ 257
Refreshing repository objects in published reports ....................... 258
Chapter 14: Managing Events
Managing events overview ............................................................ 262
File-based events ........................................................................... 263
Schedule-based events .................................................................. 264
Custom events ............................................................................... 266
Specifying event rights .................................................................. 267
Chapter 15: Managing and Configuring Servers
Server management overview ....................................................... 270
Viewing current metrics ................................................................ 271
Viewing current server metrics .......................................................................... 271
Viewing system metrics ..................................................................................... 273
Viewing and changing the current status of servers ...................... 274
Starting, stopping, and restarting servers ............................................................ 274
Enabling and disabling servers ........................................................................... 276
Printing, copying, and refreshing server status ................................................... 278
Configuring the application tier .................................................... 279
Configuring properties for the Web Component Server ...................................... 279
Configuring the Web Component Adapter ......................................................... 282
Configuring the intelligence tier ................................................... 284
xii
Crystal Enterprise Administrator’s Guide
Clustering Crystal Management Servers ............................................................. 284
Copying CMS data from one database to another .............................................. 289
Deleting and recreating the CMS database ........................................................ 298
Selecting a new or existing CMS database ......................................................... 298
Setting root directories and idle times of the File Repository Servers ................. 300
Modifying Cache Server performance settings ................................................... 301
Modifying the polling time of the Event Server .................................................. 303
Configuring the processing tier ..................................................... 304
Modifying Page Server performance settings ...................................................... 304
Modifying database interaction settings for the RAS ........................................... 306
Modifying performance settings for the RAS ...................................................... 308
Modifying performance settings for Job Servers ................................................. 308
Setting default scheduling destinations for Job Servers ....................................... 309
Configuring Windows processing servers for your data source .......................... 313
Configuring UNIX processing servers for your data source ................................ 315
Logging server activity .................................................................. 320
Advanced server configuration options ......................................... 321
Changing the default server port numbers ......................................................... 321
Configuring Crystal Enterprise on a multihomed machine ................................. 324
Adding and removing Windows server dependencies ....................................... 325
Changing the server startup type ........................................................................ 326
Changing the server user account ...................................................................... 326
Chapter 16: Managing Auditing
Auditing overview ......................................................................... 330
How does auditing work? .................................................................................. 330
Which actions can I audit? ................................................................................ 331
Configuring the auditing database ................................................ 334
Enabling auditing of user and system actions ................................ 335
Controlling synchronization of audit actions ................................ 337
Crystal Enterprise Administrator’s Guide
xiii
Optimizing system performance while auditing ............................ 338
Reporting on audit results ............................................................. 339
Using sample audit reports ................................................................................ 339
Creating custom audit reports ............................................................................ 341
Chapter 17: Managing Server Groups
Server group overview .................................................................. 350
Creating a server group ................................................................. 350
Working with server subgroups .................................................... 352
Modifying the group membership of a server ............................... 353
Chapter 18: Scaling Your System
Scalability overview ...................................................................... 356
Common configurations ................................................................ 356
One-machine setup ........................................................................................... 357
Three-machine setup ......................................................................................... 357
Six-machine setup ............................................................................................. 358
General scalability considerations ................................................ 359
Increasing overall system capacity ..................................................................... 359
Increasing scheduled reporting capacity ............................................................ 359
Increasing on-demand viewing capacity ............................................................ 360
Enhancing custom web applications .................................................................. 361
Improving web response speeds ........................................................................ 361
Configuring your web farm for load balancing .................................................. 362
Getting the most from existing resources ........................................................... 363
Adding and deleting servers .......................................................... 364
Adding a server ................................................................................................. 365
Deleting a server ............................................................................................... 366
xiv
Crystal Enterprise Administrator’s Guide
Chapter 19: Working with Firewalls
Firewalls overview ........................................................................ 368
What is a firewall? ............................................................................................. 368
Firewall types .................................................................................................... 369
Understanding Crystal Enterprise and firewall integration ............ 371
Communication between Crystal Enterprise servers ........................................... 371
Overview of Crystal Enterprise and firewall configuration ................................. 373
Typical firewall scenarios .................................................................................. 373
Configuring Crystal Enterprise to work with firewalls ................... 374
Configuring for Network Address Translation .................................................... 375
Configuring for packet filtering .......................................................................... 383
Configuring for SOCKS servers .......................................................................... 387
Chapter 20: General Troubleshooting
Troubleshooting overview ............................................................. 394
Documentation resources ............................................................. 395
Web accessibility issues ................................................................ 396
Using an IIS web site other than the default ....................................................... 396
UNIX Web Connector cannot access WCS on Windows ................................... 396
Communication error when accessing the CMC ................................................ 396
Unable to connect to CMS when logging on to the CMC .................................. 397
Windows NT authentication cannot log you on ................................................ 397
Report viewing and processing issues ........................................... 398
Troubleshooting reports with Crystal Reports ..................................................... 398
Troubleshooting reports and looping database logon prompts ........................... 400
Error detected by database driver ...................................................................... 402
Ensuring that server resources are available on local drives ............................... 404
Page Server error when viewing a report ........................................................... 404
Crystal Enterprise Administrator’s Guide
xv
Crystal Enterprise web desktop considerations ............................. 405
Supporting users in multiple time zones ............................................................ 405
Setting default report destinations ...................................................................... 405
Setting preferences and report viewers for Crystal Enterprise
web desktop users ............................................................................................. 405
Crystal Enterprise web desktop and Windows Single Sign On ........................... 406
Chapter 21: Licensing Information
Licensing overview ........................................................................ 408
Accessing license information ....................................................... 409
Adding a license key ..................................................................... 410
Viewing current account activity .................................................. 410
Express Edition vs. Professional Edition ......................................... 411
Appendix A: Rights and Access Levels
Rights ............................................................................................ 414
Access levels ................................................................................. 415
No Access ......................................................................................................... 415
View ................................................................................................................. 415
View On Demand ............................................................................................. 416
Full Control ....................................................................................................... 416
Default rights on the top-level folder ............................................ 417
Object rights for the Report Application Server ............................ 417
Appendix B: Configuring NTFS Permissions
Configuring NTFS permissions ...................................................... 420
Configuring NTFS permissions for Crystal Enterprise components ...................... 420
xvi
Crystal Enterprise Administrator’s Guide
Appendix C: Server Command Lines
Command lines overview .............................................................. 426
Standard options for all servers ..................................................... 426
Crystal Management Server .......................................................... 428
Web Component Server ................................................................ 429
Page Server and Cache Server ....................................................... 429
Report and Program Job Servers ................................................... 431
Report Application Server ............................................................. 432
Input and Output File Repository Servers ..................................... 433
Event Server .................................................................................. 434
Appendix D: UNIX Tools
UNIX tools overview ..................................................................... 436
Script utilities ................................................................................ 436
ccm.sh .............................................................................................................. 436
cmsdbsetup.sh .................................................................................................. 438
configpatch.sh ................................................................................................... 439
serverconfig.sh .................................................................................................. 439
sockssetup.sh .................................................................................................... 440
uninstallCE.sh ................................................................................................... 441
Script templates ............................................................................ 442
startservers ........................................................................................................ 442
stopservers ........................................................................................................ 442
silentinstall.sh ................................................................................................... 442
Scripts used by Crystal Enterprise ................................................. 443
crystalrestart.sh ................................................................................................. 443
env.sh ............................................................................................................... 443
Crystal Enterprise Administrator’s Guide
xvii
env-locale.sh ..................................................................................................... 443
initlaunch.sh ..................................................................................................... 443
patchlevel.sh ..................................................................................................... 443
postinstall.sh ..................................................................................................... 444
setup.sh ............................................................................................................. 444
setupinit.sh ........................................................................................................ 444
Appendix E: International Deployments
International deployments overview ............................................. 446
Deploying Crystal Enterprise internationally ................................. 446
Planning an international Crystal Enterprise deployment ................................... 446
Configuring a solution for multiple languages .................................................... 449
Providing a client tier for multiple languages ..................................................... 453
Designing reports for an international audience ........................... 453
Conditional formatting for multiple languages ................................................... 453
Formatting text in multilingual reports ............................................................... 454
Formatting based on cultural conventions ......................................................... 456
Providing multiple languages in a single report ................................................. 457
Appendix F: Creating Accessible Reports
About accessibility ........................................................................ 460
Benefits of accessible reports ............................................................................. 460
About the accessibility guidelines ...................................................................... 461
Accessibility and Crystal products ..................................................................... 462
Improving report accessibility ....................................................... 462
Placing objects in reports .................................................................................. 462
Text ................................................................................................................... 464
Color ................................................................................................................. 467
Navigation ........................................................................................................ 469
Parameter fields ................................................................................................. 469
xviii
Crystal Enterprise Administrator’s Guide
Designing for flexibility ................................................................. 470
Accessibility and conditional formatting ............................................................ 471
Accessibility and suppressing sections ............................................................... 472
Accessibility and subreports .............................................................................. 472
Improving data table accessibility ................................................. 473
Text objects and data table values ..................................................................... 473
Other data table design considerations .............................................................. 478
Accessibility and Crystal Enterprise .............................................. 478
Setting accessible preferences for Crystal Enterprise .......................................... 479
Accessibility and customization .................................................... 479
Resources ...................................................................................... 481
Glossary ......................................................................... 483
Index .............................................................................. 497
Crystal Enterprise Administrator’s Guide
xix
xx
Crystal Enterprise Administrator’s Guide
Welcome to Crystal Enterprise
1
This chapter briefly describes Crystal Enterprise and
outlines the contents and the intended audience of this
Administrator’s Guide. Product registration and technical
support information is also included, along with a brief
description of the document conventions used within this
guide.
Crystal Enterprise Administrator’s Guide
1
What is Crystal Enterprise?
What is Crystal Enterprise?
Crystal Enterprise is a flexible, scalable, and reliable solution for delivering
powerful, interactive reports to end users via any web application—intranet,
extranet, Internet or corporate portal. Whether it is used for distributing weekly
sales reports, providing customers with personalized service offerings, or
integrating critical information into corporate portals, Crystal Enterprise delivers
tangible benefits that extend across and beyond the organization. As an integrated
suite for reporting, analysis, and information delivery, Crystal Enterprise provides
a solution for increasing end-user productivity and reducing administrative efforts.
Who should use this guide?
This guide is intended for system administrators who are responsible for
configuring, managing, and maintaining a Crystal Enterprise installation.
Familiarity with your operating system and your network environment is
certainly beneficial, as is a general understanding of web server management and
scripting technologies. However, in catering to all levels of administrative
experience, this guide aims to provide sufficient background and conceptual
information to clarify all administrative tasks and features.
For more information about the product, consult the Crystal Enterprise Getting
Started Guide, the Crystal Enterprise Installation Guide, and the Crystal Enterprise
User’s Guide. Online versions of these guides are included in the doc directory of your
product distribution. Once you install Crystal Enterprise, they are also accessible
from the Crystal Enterprise Launchpad.
About this guide
This guide provides you with information and procedures covering a wide range
of administrative tasks. Procedures are provided for common tasks. Conceptual
information and technical details are provided for all advanced topics.
Chapter contents
The following list provides a short description of each of the remaining chapters in
this guide.
Chapter 2: What’s New in Crystal Enterprise
Crystal Enterprise 10 continues to extend the market-leading scalability, reliability,
and flexibility of the Crystal Enterprise system, cementing it firmly as a premium
enterprise reporting system. Crystal Enterprise 10 delivers significant productivity
gains across enterprise reporting deployments, by helping both IT and end users
use the system more effectively. This chapter provides a high-level overview of
new features and enhancements.
2
Crystal Enterprise Administrator’s Guide
1: Welcome to Crystal Enterprise
Chapter 3: Administering Crystal Enterprise
This chapter provides a general description of system administration as it relates
to Crystal Enterprise. It then introduces the administration tools that allow you to
manage and configure Crystal Enterprise, and it shows how to make some
common changes to the system’s default security settings.
Chapter 4: Crystal Enterprise Architecture
This chapter provides an overview of the Crystal Enterprise architecture, describes
the different components, and identifies how they work together to distribute
reports over the web.
Chapter 5: Crystal Enterprise Security Concepts
This chapter details the ways in which Crystal Enterprise addresses enterprise
security concerns, thereby providing administrators and system architects with
answers to typical questions regarding security.
Chapter 6: Managing User Accounts and Groups
This chapter describes the tasks related to account management for users and
groups. It includes instructions that describe how to add, modify, and remove
accounts within Crystal Enterprise. It also details how to use and integrate NT and
LDAP authentication with Crystal Enterprise.
Chapter 7: Managing Folder Objects
This chapter describes basic folder administration tasks and shows how to add
folders and how to change settings, such as object rights and limits, for new folders.
Chapter 8: Publishing Objects to Crystal Enterprise
This chapter focuses on the publishing process: it introduces the Crystal Publishing
Wizard and tells you how you can use it to add Crystal reports and other objects to
the Crystal Enterprise web desktop or to your custom web desktop; it also describes
alternative ways of adding objects to the Crystal Enterprise environment.
Chapter 9: Importing Objects to Crystal Enterprise
The Crystal Import Wizard allows you to import information from other Crystal
Enterprise or Info systems into your new Crystal Enterprise system. This chapter
provides a general overview of the Crystal Import Wizard along with a series of
procedures that lead you through the process of importing information.
Chapter 10: Controlling User Access
This chapter describes the ways in which object rights enable you to secure the
content that you publish to Crystal Enterprise. Predefined access levels, advanced
Crystal Enterprise Administrator’s Guide
3
About this guide
rights, and inherited rights are all discussed in detail. Examples and procedures
are provided in the form of tutorials.
Chapter 11: Managing Objects
This chapter describes the management of report objects and instances using the
Crystal Management Console. It includes information on scheduling and choosing
the settings for a report object, such as the format, the intended destination, the
rights settings, and so on.
Chapter 12: Scheduling Objects
This chapter provides information on scheduling objects. It includes information
about configuring servers and creating calendars for scheduling. It provides
detailed instructions for scheduling objects individually and in batches, and
scheduling with events. It also describes distributing objects, specifying schedule
notifications, and managing instances.
Chapter 13: Managing Crystal Repository
This chapter discusses the use of a Crystal Repository in a Crystal Enterprise
environment. It shows how to connect Crystal Enterprise to a Crystal Repository
located in a database server, and how to refresh repository objects in reports.
Chapter 14: Managing Events
This chapter provides information on creating and managing events. It describes
file-based events, custom events, and schedule-based events.
Chapter 15: Managing and Configuring Servers
This chapter provides information on a range of server tasks that allow you to
customize the behavior of Crystal Enterprise. The chapter first covers
straightforward tasks like starting and stopping servers, and then proceeds to
more advanced configuration options, including CMS clustering and other serverspecific settings.
Chapter 16: Managing Auditing
This chapter provides an overview of the auditing functionality in Crystal
Enterprise. It also describes how to configure the auditing database, how to select
actions to audit, and how to create a custom audit report.
Chapter 17: Managing Server Groups
This chapter shows how to create server groups and subgroups. It also shows how
to modify the group membership of an individual server.
4
Crystal Enterprise Administrator’s Guide
1: Welcome to Crystal Enterprise
Chapter 18: Scaling Your System
This chapter provides general information about ways in which you might begin
to scale, or expand, your Crystal Enterprise system. The chapter also provides
general scalability considerations, and shows how to add server components to
your installation.
Chapter 19: Working with Firewalls
This chapter describes how Crystal Enterprise works with firewall systems. After
providing some background information on the supported types of firewalls, this
chapter explains how to configure firewalls and Crystal Enterprise to work together.
Chapter 20: General Troubleshooting
This chapter provides general troubleshooting steps and solutions to some specific
configuration problems. For up-to-date answers to commonly asked questions,
registered customers can freely download additional technical documents or
knowledge base articles from Crystal Care technical support.
Chapter 21: Licensing Information
This chapter describes how to view licensing information and add license keys
with the Crystal Management Console (CMC). It also shows how to view your
current account activity.
Appendix A: Rights and Access Levels
This appendix maps the object rights that are available in the Crystal Management
Console (CMC) to the actual rights available through the Crystal Enterprise SDK;
it also lists the object rights that make up each of the predefined access levels, and
the default rights that are applied to the system root folder. This appendix is
provided primarily for reference purposes. For complete details on setting object
rights, see “Controlling User Access” on page 141.
Appendix B: Configuring NTFS Permissions
This appendix provides the recommended user account and NTFS permissions for
Crystal Enterprise components.
Appendix C: Server Command Lines
This appendix lists the command-line options that control the behavior of each
Crystal Enterprise server.
Crystal Enterprise Administrator’s Guide
5
Product registration
Appendix D: UNIX Tools
This appendix details each of the administrative tools and scripts that are included
with the UNIX distribution of Crystal Enterprise. This appendix is provided
primarily for reference purposes. Concepts and configuration procedures are
discussed in more detail throughout this guide.
Appendix E: International Deployments
From server configuration to report design, this appendix recommends the best
practices for improving your Crystal Enterprise deployment’s efficiency for a
multilingual, worldwide audience.
Appendix F: Creating Accessible Reports
This appendix provides design recommendations to help you create Crystal
reports that are accessible to people with disabilities.
Glossary
This section defines some common Crystal Enterprise terminology.
Online help
Access the online help in Crystal Enterprise by clicking Help. The online help
contains all of the information found in this guide.
Product registration
There are several ways you can register your product:
• Fill out the Product Registration form on the Crystal Decisions web site at:
http://www.crystaldecisions.com/register/
• Print the Product Registration form and fax it to the registration fax number
closest to you. Crystal Decisions will then fax you a registration number that
can be entered into the product the next time you use it.
Registration fax numbers
USA/Canada +1 604 681-5147
United Kingdom +44 (0) 20 8231 0601
Australia +6 2 9955 7682
Germany +49 (0) 69 9509 6182
Hong Kong +852 2893 2727
Singapore +65 777 8786
Registering the product ensures that you are kept up-to-date with product
advancements.
6
Crystal Enterprise Administrator’s Guide
1: Welcome to Crystal Enterprise
Customer Handbook
For the latest details about product registration, maintenance, support, and
services, visit our web site and download the Customer Handbook that
corresponds to your region:
• North America:
http://www.crystaldecisions.com/about/loyalty/handbook.asp (English)
• Europe:
http://www.crystaldecisions.com/about/loyalty/handbook.asp (English)
http://germany.crystaldecisions.com/about/loyalty/handbook.asp
(German)
http://france.crystaldecisions.com/about/loyalty/handbook.asp
(French)
If a Crystal Decisions Customer Handbook is not available for your region, please
refer to the rest of this Welcome chapter, or contact your sales or support
representative for complete details
Crystal Care technical support
For information on accessing your Crystal Care support specialists, contact the
technical support administrative team, your sales representative, or the regional
office nearest you. Contact details are available at:
http://www.crystaldecisions.com/contact/offices.asp
To find out about the technical support programs available for Crystal Enterprise:
• Go to our support web site at:
http://support.crystaldecisions.com/crystalcare/
• Contact your regional office. For details, go to:
http://www.crystaldecisions.com/contact/offices.asp
Crystal Training
Whether you’re a developer, information technology professional, or business
user, we offer a wide range of Crystal Enterprise training courses designed to build
or enhance your existing skills. Courses are available online, at certified training
centers, or at your own site:
• For a complete list of training courses and special offers, visit:
http://www.crystaldecisions.com/training/
• Or contact your regional office. For details, go to:
http://www.crystaldecisions.com/offices/
Crystal Enterprise Administrator’s Guide
7
Crystal Consulting
Crystal Consulting
Our global team of certified consultants and consulting partners can guide you
through a corporate-wide solution—including strategy, design, integration and
deployment—for the fastest results, maximum performance, and increased
productivity.
• To learn more, visit:
http://www.crystaldecisions.com/consulting/
• Or contact your regional office. For details, go to:
http://www.crystaldecisions.com/offices/
Document conventions
This guide uses the following conventions:
• Commands and buttons
For easy recognition within procedures, User Interface (UI) features appear in
bold type. For example: On the File menu, click New.
• Keyboard shortcuts
Delete means the Delete key, or the Del key on your numeric keypad. Enter
means the Enter, Return, or CR key, depending on which of these keys appears
on your keyboard.
• Key combinations
CTRL+KEY, SHIFT+KEY, and ALT+KEY are examples of key combinations.
Hold down the first key in the combination and, at the same time, press the
second key in the combination (designated above as KEY). For example:
CTRL+C means hold the Control key down and press the letter C on your
keyboard (CTRL+C is the Windows Copy command).
• Key terms are italicized when first defined.
• Monospaced font indicates data that you enter using your keyboard. For
example: In the Formula Editor, type If Sales > 1000 Then crRed
• Monospaced, italicized font indicates variable data that you must replace with
data appropriate to your current settings, environment, or task. For example,
in the following URL, you would replace webserver:
http://webserver/crystal/enterprise/
8
Crystal Enterprise Administrator’s Guide
What’s New in Crystal Enterprise
2
Crystal Enterprise 10 extends the robust information
infrastructure provided by earlier versions of Crystal
Enterprise. Crystal Enterprise 10 brings together features
from across the Crystal product line to meet the diverse
needs of users, from presentation-quality reporting to indepth data analysis. This includes a variety of major
enhancements spread across our data access methods,
administration capabilities, and report design options. This
chapter provides a high level overview of the new features
and enhancements as they pertain to end-users, report
designers, developers, and IT professionals.
Crystal Enterprise Administrator’s Guide
9
End-user experience
End-user experience
Crystal Enterprise 10 brings powerful analytic reporting tasks and capabilities to
the average business user. Power users and analysts can also use Crystal
Enterprise as a central repository for accessing accurate data to conduct analyses,
to create spreadsheets and presentation-quality reports, and to share information
across the enterprise.
Microsoft Office integration
Crystal Enterprise 10 provides a range of integration points with the Microsoft
Office system. To complement the Excel Add-In for Crystal Enterprise, Crystal
Enterprise 10 can store and manage Excel, Word, and PowerPoint files. This allows
you to associate background information, proposals, and other documents with
existing reports in the Crystal Enterprise system, providing a single source for
information on various projects.
Ad Hoc reporting and analysis
Crystal Enterprise 10 provides a broad range of interactive reporting and analysis
capabilities. These capabilities are available through updated out-of-the-box tools
and our Smart Reporting Software Development Kit (SDK), which allows custom
development.
Scheduling
The Crystal Enterprise 10 web interfaces have been updated to increase usability
and accessibility. Common operations, such as scheduling and printing, have been
simplified with the introduction of new features, such as calendars and DHTML
printing.
• Calendars
Calendars simplify scheduling for you, the end-user. You can now run reports
based on predefined calendars that include key business events, such as the
close of quarter, holidays, and data warehouse refresh days. This eliminates the
complex data and time selections that are often required to set up recurring
jobs. For example, you might want to schedule a report to run on the first
morning of each week. Because of holidays, this event might fall on a Monday,
Tuesday, or even Wednesday. Rather than scheduling each instance of the
report individually, or manually selecting the run days, you can set the report
to run against a business calendar that already includes first day or week logic.
• Notification
You can now set scheduling options that automatically send notification when
an object instance succeeds or fails. For example, you may have a large number
of reports that run a new instance every day. You need to check each instance
10
Crystal Enterprise Administrator’s Guide
2: What’s New in Crystal Enterprise
to make sure it ran properly, and then send out emails to the users who need to
know that the new report is available. With thousands of reports, it would take
too much time to manually check the reports and contact the users who need the
information. Using notification settings in Crystal Enterprise, you can set each
object to automatically notify you when the report fails to run properly, and you
can automatically inform users when new report instances run successfully.
Report design
Crystal Enterprise 10 provides greater fluidity between reports and between data
sources through the new Business Views, through the Crystal Repository, and
through new report navigation features.
Simplified data access
Business Views, a new feature of Crystal Enterprise 10, offers a new data
abstraction layer that simplifies the process of connecting to enterprise data
sources. This new central data access model exposes predefined, domain-specific
data sources, which reduces the need for complex joins, filters, or formulas within
individual report designs. Using Business Views, you can integrate data from
disparate sources. You can also bring together data from multiple data collection
platforms and application boundaries so that the differences in data resolution,
coverage, and structure between collection methods are eliminated.
Integrated report component repository
Through the Crystal Repository, Business Views also provides centralized access
to common report components, which makes it easier to share useful components
with other report designers. You store these components in the Crystal Repository
through Crystal Enterprise and access them through either the Crystal Reports
designer or through Business Views.
Report hyperlinking
You can use hyperlinks in Crystal reports (RPT and CAR files) to tie together
information on multiple reports and to enhance navigation for end users. These
hyperlinks pass data context, allowing you to specify a dynamic path between two
specific pieces of information. This functionality is implemented as a Hyperlink in
Crystal Reports and as an Action in Crystal Analysis. You can use Hyperlinks to
link between reports published to an object package in Crystal Enterprise, or to a
specific instance of a report stored in the object history. Use Actions in Crystal
Analysis reports to link between Crystal reports and to other key information.
Crystal Enterprise Administrator’s Guide
11
Developer flexibility
Developer flexibility
Crystal Enterprise 10 allows you, the developer, to take advantage of the powerful
capabilities Crystal Enterprise platform with minimal coding or application
redesign. New features accelerate the process of creating new applications and
they provide a more seamless migration of application built on small components
of the Crystal Enterprise platform.
.NET Server Controls
The .NET Server Controls allow you to rapidly incorporate content and
functionality from Crystal Enterprise into Microsoft Visual Studio.NET
applications. Crystal Enterprise 10 provides visual and non-visual controls that
contain the logic for common operations, such as authentication, folder listing, and
report viewing. You can manipulate these controls in the Visual Studio.NET
environment and insert them seamlessly into applications.
Application migration and upsizing
You can use Crystal Enterprise 10 to centralize and scale existing stand-alone
applications created using the products from the Crystal family. Available in the
Report Application Server (RAS) and Crystal Reports for Visual Studio.NET
Server, a new feature allows you to easily upsize applications to run on a full
Crystal Enterprise deployment with multiple servers.
System administration
Crystal Enterprise 10 helps you, the administrator, to streamline system
management by delegating tasks and automating regular operations. Crystal
Enterprise 10 also provides cross-platform support, comprehensive data
management, and detailed usage auditing capabilities.
Security
Crystal Enterprise 10 extends Active Directory and LDAP functionality to support
a broader set of security scenarios.
• Active Directory (native mode)
Active Directory support allows you to authenticate Crystal Enterprise users
against and Active Directory server. You can also map Active Directory users
and groups to Crystal Enterprise, simultaneously implementing object, folder,
and data-level security.
12
Crystal Enterprise Administrator’s Guide
2: What’s New in Crystal Enterprise
• LDAP (secure socket layer)
The extension of LDAP support in Crystal Enterprise 10 provides a secure
channel for communication between Crystal Enterprise and a directory server,
through which all authentication and authorization requests between Crystal
Enterprise and the LDAP server flow. This feature supports both server
authentication and mutual authentication.
Object Management
Crystal Enterprise 10 increases your ability to centralize critical information and
distribute it consistently to users. Crystal Enterprise 10 allows you to manage and
secure a broad range of information and objects, including spreadsheets, text files,
programs, reports, and hyperlinks. An updated publishing tool and anew object
packaging feature round out this broad set of object management capabilities.
• Hyperlink Objects
Hyperlink objects provide a standard mechanism for accessing information
from external systems. You can use these objects to provide a URL connection
to legacy reports, web services, or other information resources hosted in third
party systems, and you can apply Crystal Enterprise security to these objects.
This allows customers to standardize on managing relevant business
intelligence content in Crystal Enterprise—delivering and securing the content
in a common interface.
• Object packages
Object packages simplify administration by allowing you to schedule, secure
and manage a set of related reports and programs as a single object. This
ensures that each instance of a package provides a consistent and synchronized
snapshot of a set of related data. The new managed report navigation feature
provides a means to link reports in an object package so that end users can
easily move between related report instances.
• Third party object support
The third party object support available in Crystal Enterprise 10 allows you to
distribute additional information associated with core operational reports (for
example, closely related documents or legacy reports). With the Crystal
Enterprise 10 security model and user interface you can distribute Microsoft
Word, Microsoft PowerPoint, Microsoft Excel, Adobe Acrobat, rich text, text,
and program files.
• Unified Publishing Wizard
The Crystal Enterprise 10 Publishing Wizard allows you to publish a number
of objects, such as reports, Microsoft Office documents, and other files, to
Crystal Enterprise simultaneously.
Crystal Enterprise Administrator’s Guide
13
System administration
System Management
Crystal Enterprise 10 allows you to decentralize the administration of large
deployments, for example you can delegate or automate specific tasks.
Additionally, you can use the new auditing capabilities to monitor system usage.
• Delegated administration
Delegated administration allows you, the system administrator, to distribute
administration tasks to application administrators or IT resources in specific
business units. The IT group can configure the system and ensure server health,
while each business unit gains responsibility for object management and security.
While in previous versions of Crystal Enterprise, delegated administration
capabilities were available only through the Software Development Kit (SDK),
Crystal Enterprise 10 directly exposes these capabilities in its primary
management tool, the Crystal Management Console (CMC).
Delegated administration is based on three types of Crystal Enterprise
administrators:
• Global administrators
A global administrator manages the entire Crystal Enterprise deployment.
This person can assign specific users and groups to be managed by specific
application administrators.
• Application administrators
An application administrator can manage folders, reports, and cubes for
specific business unit, but cannot see objects of other business units. An
application administrator can implement an application-level security
model by assigning users and groups to objects.
• Server administrators
A server administrator can mange the addition, removal, and/or
modification of Crystal Enterprise servers.
• Notification
Notification is an object-level trigger, primarily designed to help you catch critical
job failures or notify users when new information is available. Based on the
success or failure of an individual object instance, you can send notification via:
• An email to an administrator, the object owner, or other users.
• An event that triggers a program or report object to run.
• An audit file, stored in the Crystal Enterprise auditing database.
• Program objects
Program objects are executables, scripts, or Java programs that you can
schedule to run regularly or based on an event. Crystal Enterprise 10’s new
program object features allow you to automate a wide range of administrative
tasks, making Crystal Enterprise a self-managing environment. Additionally,
you can use program objects to trigger external processes, thus integrating
Crystal Enterprise into a broader work flow.
14
Crystal Enterprise Administrator’s Guide
2: What’s New in Crystal Enterprise
The following is an example of how program objects can be incorporated into
the administration of a Crystal Enterprise system:
A reconciliation process runs nightly and populates a database. On completion,
a file—nightlybatch.txt—is created, with a batch number. A file event in Crystal
Enterprise detects the file creation and runs five reports against the reconciliation
data from that night. The completion of these five report jobs triggers a program
object. This program object runs a script that moves nightlybatch.txt to another
directory, which launches another process in another system.
• Auditing
New auditing capabilities in Crystal Enterprise 10 provide you, the administrator,
with a detailed historical view of user and object interaction, and of system usage.
This allows you to fine-tune system performance, retire unused reports, and
provide business units with a comprehensive snapshot of their usage patterns.
Servers in Crystal Enterprise are now designed to record pertinent statistical
metrics to an auditing database. (System administrators specify whether or not
to audit metrics and the time interval of the audit for each server.) The auditing
cache file is periodically passed to the Crystal Management Server (CMS),
where the auditing sub-system maintains a database that stores the information.
You can compile and present this data using performance sample audit reports,
supplied with Crystal Enterprise or your own custom Crystal report.
Data access, security and management
Business Views, a metadata service that is part of Crystal Enterprise 10, allows you
to better manage reporting across multiple data sources. You can efficiently
abstract and organize data for end-users, while managing query efficiency and
data-level security. Additionally, Business Views facilitates the migration of
reports between various versions of an underlying database, for example,
development, testing, and production databases.
Platform support
Crystal Enterprise 10 allows flexibility in choice of operating systems, platforms, and
programming languages, based on individual application requirements. This ensures
that each business unit or application use its existing resources most efficiently.
• Operating systems
Crystal Enterprise 10 provides comprehensive support for all server functions—
including reporting and analysis—on Microsoft Windows, Sun Solaris, and IBM
AIX. You can deploy Crystal Enterprise 10 across any mixture of these platforms
to meet the specific needs of various business units or applications.
• Crystal Enterprise web desktop
Crystal Enterprise’s standard web interface now supports both COM and Java
environments.
Crystal Enterprise Administrator’s Guide
15
System administration
16
Crystal Enterprise Administrator’s Guide
Administering Crystal Enterprise
3
This chapter provides a general description of system
administration as it relates to Crystal Enterprise. It then
introduces the administration tools that allow you to
manage and configure Crystal Enterprise, and it shows
how to make some common changes to the system’s default
security settings.
Crystal Enterprise Administrator’s Guide
17
Administration overview
Administration overview
The regular administrative tasks associated with Crystal Enterprise can be roughly
divided into three major categories: user management, content management, and
server management. The remainder of this guide provides technical and procedural
information corresponding to each of these management categories. This chapter
briefly introduces new Crystal Enterprise administrators to some of the available
management tools. It also shows you how to make initial security settings, such as
setting the password for the system’s default Administrator account.
You will typically use the following applications to manage Crystal Enterprise:
• Crystal Management Console (CMC)
This web application is the most powerful administrative tool provided for
managing a Crystal Enterprise system. It offers you a single interface through
which you can perform almost every task related to user management, content
management, and server management.
For an introduction to the CMC, see “Working with the Crystal Management
Console” on page 18.
• Crystal Configuration Manager (CCM)
This server administration tool is provided in two forms. In a Windows
environment, the CCM allows you to manage local and remote servers through its
Graphical User Interface (GUI) or from a command line. In a UNIX environment,
the CCM shell script (ccm.sh) allows you to manage servers from a command line.
For an introduction to the CCM, see “Working with the Crystal Configuration
Manager” on page 22.
• Crystal Publishing Wizard
This application allows you to publish your reporting content to Crystal
Enterprise quickly. It also allows you to specify a number of options on each
report that you publish. Although this application runs only on Windows, you
can use it to publish reports to Crystal Enterprise servers that are running on
Windows or on UNIX.
For more information on publishing content to Crystal Enterprise, see
“Publishing overview” on page 116.
Working with the Crystal Management Console
You will use the Crystal Management Console (CMC) extensively to manage your
Crystal Enterprise system. This tool allows you to perform user management tasks
such as setting up authentication and adding users and groups. And it allows you
to publish, organize, and set security levels for all of your Crystal Enterprise
content. Additionally, the CMC enables you to manage servers and create server
groups. Because the CMC is a web-based application, you can perform all of these
administrative tasks remotely.
Any user with valid credentials to Crystal Enterprise can log on to the CMC and
set his or her preferences. However, users who are not members of the
18
Crystal Enterprise Administrator’s Guide
3: Administering Crystal Enterprise
Administrators group cannot perform any of the available management tasks
unless they have been granted rights to do so. For complete details about object
rights, see “Controlling User Access” on page 141.
Logging on to the Crystal Management Console
There are two ways to access the CMC: type the name of the machine you are
accessing directly into your browser, or select Crystal Enterprise Admin
Launchpad from the program group on the Windows Start menu.
To log on to the CMC
1 Go to the following page:
http://webserver/crystal/enterprise10/admin/
Replace webserver with the name of the web server machine that has the Web
Connector component installed. If you changed this default virtual directory on
the web server, you will need to type your URL accordingly.
Tip: On Windows, you can click Start > Programs > Crystal Enterprise 10>
Crystal Enterprise Admin Launchpad, and then click the Crystal Management
Console link.
2 When the Log On page appears, select Enterprise in the Authentication Type
list.
Windows NT and LDAP authentication also appear in the list; however, you
must map your third-party user accounts and groups to Crystal Enterprise
before you can use these types of authentication.
3 Type your User Name and Password.
For this example, type Administrator as the User Name. This default Enterprise
account does not have a password until you create one. For details, see “Setting
the Administrator password” on page 24.
If you’re using LDAP or Windows NT authentication, you may log on using an
account that has been mapped to the Crystal Enterprise Administrators group.
4 Click Log On.
The CMC Home page appears.
Navigating within the Crystal Management Console
Because the CMC is a web-based application, you can navigate through its areas
and pages in a number of ways:
• Click the links on the Home page to go to specific “management areas.”
• Select the same “management areas” from the drop-down list in the upper-left
corner of the console. Click Go if your browser doesn’t take you directly to the
new page.
• Click hyperlinks and icons that let you to jump to other areas.
Crystal Enterprise Administrator’s Guide
19
Working with the Crystal Management Console
Once you leave the Home page, your location within the CMC is indicated by a
path that appears above the title of each page. For example, Home > Users > New
User indicates that you’re on the New User page. You can click the hyperlinked
portions of the path to jump quickly to different parts of the application. In this
example, you could click Home or Users to go to the corresponding page.
Setting console preferences
The Preferences area of the CMC allows you to customize your administrative
view of Crystal Enterprise. Log on to the CMC and click the “Preferences” button
in the upper-right corner of the CMC. Select from the following options:
• Viewer
This list sets the default report viewer that is loaded when you view a report in
the CMC. To set the available and default viewers for all users, see
“Configuring the processing tier” on page 304.
• Maximum number of objects per page
This option limits the number of objects listed on any page or tab in the CMC.
Note: This setting does not limit the number of objects displayed, simply the
number displayed per page. For details about limiting the number of objects
displayed on a page or in a search, see “Setting the Query size threshold” on
page 21.
• Maximum number of characters for each page index
When a list of objects spans multiple pages, the full list is sorted alphanumerically
and indexed before being subdivided. At the top of every page, hyperlinks are
displayed as an index to each of the remaining pages. This setting determines the
number of characters that are included in each hyperlink.
In this example, the maximum number of characters is set to 3, so threecharacter hyperlinks are used to index the report objects on each page.
20
Crystal Enterprise Administrator’s Guide
3: Administering Crystal Enterprise
•
•
•
•
Note: To specify an unlimited maximum number of characters, select the
Unlimited check box.
Measuring units for report page layout
Specify inches or millimeters as the measuring units used by default when you
customize a report’s page layout on the report object’s Print Setup tab.
Time zone
If you are managing Crystal Enterprise remotely, use this list to specify your
time zone. Crystal Enterprise synchronizes scheduling patterns and events
appropriately. For instance, if you select Eastern Time (US & Canada), and you
schedule a report to run at 5:00 a.m. every day on a server that is located in San
Francisco, then the server will run the report at 2:00 a.m. Pacific Time.
For more information about time zones, see “Supporting users in multiple time
zones” on page 405.
Menu style
These options change the ways in which menus are displayed in the CMC. You
can view buttons, text, or both.
My Password
Click the Change Password link to change the password for the account under
which you are currently logged on.
Setting the Query size threshold
By default, when you go to the Objects, Folders, Groups, or Users management
areas of the CMC, a list of objects in that management area is displayed. Because
Crystal Enterprise loads each of the objects in the list, if you have numerous objects
this can heavily tax your system resources. You can modify the number of objects
displayed by setting the Query size threshold in the Web Applications
management area of the CMC. By default the Query size threshold value is 500.
This means that Crystal Enterprise prompts users to use the search function of the
CMC if the return size exceeds 500 objects. Modify this value to specify the
maximum number of objects that displayed on the initial pages of the Objects,
Folders, Groups, and Users management areas of the CMC and when displaying
search results in these management areas.
To set the Query size threshold
1 In the CMC, go to the Crystal Applications management area by clicking its link.
2 Click the Crystal Management Console link.
Crystal Enterprise Administrator’s Guide
21
Working with the Crystal Configuration Manager
The Query size threshold page appears.
3 In the Prompt for search if the return size exceeds field, type the maximum
number of objects you want to be returned in searches and on the initial pages
of the Objects, Folders, Groups, and Users management areas.
4 Click Update.
Note: To modify the number of objects displayed on a page (rather than the total
number of objects displayed), see “Setting console preferences” on page 20.
Logging off of the Crystal Management Console
When you have finished using the CMC, end the session by logging off. The Logoff
button is located in the upper-right corner of the console.
Working with the Crystal Configuration Manager
The Crystal Configuration Manager (CCM) is a server-management tool that
allows you to configure each of your Crystal Enterprise server components. This
tool allows you to start, stop, enable, and disable servers. It also allows you to view
and to configure advanced server settings such as default port numbers, CMS
database and clustering details, SOCKS server connections, and more.
Accessing the CCM for Windows
From a Windows machine, use the CCM to manage Crystal Enterprise server
components that are running locally or on a remote Windows machine. To run the
CCM, you must have NT administrator rights on the local machine. If you are
managing servers on a remote machine, you must also have NT administrator
rights on the machine you are connecting to. Depending on the configuration of
your network, you might be prompted to enter a user name and password.
22
Crystal Enterprise Administrator’s Guide
3: Administering Crystal Enterprise
To start the CCM
From the Crystal Enterprise 10 program group, click Crystal Configuration
Manager. The servers that are available on the local machine appear in the list. A
status icon is displayed for each server:
• A green arrow indicates the server is running.
• A yellow arrow indicates the server is starting.
• A red arrow indicates the server is not running.
Note: The status icons do not indicate whether servers are enabled or disabled.
Servers must be enabled before they will respond to Crystal Enterprise requests.
Click Enable/Disable on the toolbar to log on and enable or disable servers. For
details, see “Enabling and disabling servers” on page 276.
To connect to servers on a remote machine
1 Once you have started the CCM, you can connect to a remote machine in
several ways:
• In the Computer Name field, type the name of the machine you want to
connect to; then press Enter.
• In the Computer Name field, select a remote machine from the list.
• On the toolbar, click Browse. Select the appropriate computer; then click OK.
2 If prompted, log on to the remote machine with an account holding
administrative rights.
Note: You may need to type your user name as domain\username.
The CCM lists the servers associated with this machine.
Accessing the CCM for UNIX
Run the CCM on your UNIX server to manage Crystal Enterprise server components
that are running on that machine. You can run the CCM remotely through a telnet
session or locally through a terminal window. To run the CCM, you must have
execute permissions on the ccm.sh script and on its parent crystal directory.
To run the CCM
1 Go to the crystal directory that was created by the Crystal Enterprise installation:
cd INSTALL_ROOT/crystal
2 Run ccm.sh with command-line options to manage one or more servers.
For instance, the following set of commands starts the Crystal Enterprise
servers and enables each server on its default port:
./ccm.sh -start all
./ccm.sh -enable all
Note: The main options for the CCM are covered in more detail in “UNIX
Tools” on page 435.
Crystal Enterprise Administrator’s Guide
23
Making initial security settings
To view additional help on ccm.sh
The ccm.sh script also provides a detailed description of its command-line options.
To see the command-line help, issue the following command:
./ccm.sh -help | more
Making initial security settings
This section focuses on some of the key security settings that you may want to
make immediately, before publishing content and providing users with access to
Crystal Enterprise. The list of “Related topics” shows where you can find
additional procedures and information related to security.
Related topics
• For a technical overview of security within Crystal Enterprise, see “Crystal
Enterprise Security Concepts” on page 45.
• For procedures on setting up authentication, see “Available authentication
types” on page 66.
• For details about object rights, see “Controlling User Access” on page 141.
Setting the Administrator password
As part of the installation, Crystal Enterprise creates an Administrator account and
a Guest account that do not have passwords. Log on to the Crystal Management
Console (CMC) with the Administrator account and use the following procedure
to create a secure password for the Administrator account.
Note: Do not create a password for the Guest account if you plan to use the
anonymous Single Sign On or the Sign Up features available in Crystal Enterprise.
To change the Administrator password
1 Go to the Users management area of the CMC.
2 Click the link for the Administrator account.
3 In the Enterprise Password Settings area, enter and confirm the new password.
4 If it is selected, clear the “User must change password at next logon” check box.
5 Click Update.
Disabling the Sign Up feature
When users connect to Crystal Enterprise without specifying a user name and
password, the system logs them on automatically under the Guest account. By
default, each user then has the ability to sign up and create a new account on the
system. You have the option to change this default behavior and to prevent guest
users from creating their own accounts.
24
Crystal Enterprise Administrator’s Guide
3: Administering Crystal Enterprise
To disable the Sign Up feature
1 Go to the Authorization management area of the CMC.
2 Click the Enterprise tab.
3 In the “Guest Account Restrictions” area, clear the “Guest” users can create
their own Enterprise accounts check box.
4 Click Update.
Disabling the Guest account
By disabling the Guest account, you ensure that no one can log on to Crystal
Enterprise with this account. In doing so, you also disable the anonymous Single
Sign On functionality of Crystal Enterprise, so users will be unable to access the
Crystal Enterprise web desktop without providing a valid user name and password.
To disable the Guest account
1 Go to the Users management area of the CMC.
2 In the Account Name column, click Guest.
3 On the Properties tab, select the Account is disabled check box.
4 Click Update.
5 If you are prompted for confirmation, click OK.
Modifying the default security levels
This procedure shows where you can modify the default object rights that users are
granted to the top-level Crystal Enterprise folder.
Initially, the Everyone group is granted Schedule access to the top-level folder, and
the Administrators group is granted Full Control. You can change these default
security levels to suit your needs. For a full description of object rights and
inheritance patterns, see “Controlling users’ access to objects” on page 142.
To modify top-level security settings
1 Go to the Settings management area of the CMC.
2 Click the Rights tab.
3 As required, change the entry in the Access Level list for each user or group
that is displayed.
4 Click Update.
5 Click Add/Remove to grant different levels of security to additional users or
groups.
Crystal Enterprise Administrator’s Guide
25
Managing the Crystal Enterprise web desktop
Managing the Crystal Enterprise web desktop
You can use the Crystal Applications area of the Crystal Management Console to
make minor changes to the appearance and functionality of the Crystal Enterprise
web desktop, without doing any programming. You can also configure settings
that control which viewers are available to users.
When users view a report using the Advanced DHTML viewer, the report is
processed by the Report Application Server, which is optimized for report
modification. For simple report viewing you can achieve better system
performance if users select one of the other viewers. If the ability to modify reports
is not needed at your site, you can disable the Advanced DHTML viewer.
If you are using the Java version of the Crystal Enterprise web desktop and want
users to be able to use the Active X or Java viewers, you must enter the context path
of the Web Component Adapter. Consult the Crystal Enterprise Installation Guide for
more information.
To manage settings for the Crystal Enterprise web desktop
1 In the Crystal Management Console, select Crystal Applications.
2 Select Web Desktop.
3 On the Preferences tab, select the options that you want.
4 Click Update.
26
Crystal Enterprise Administrator’s Guide
Crystal Enterprise Architecture
4
This chapter provides an overview of the Crystal Enterprise
architecture, describes the different components, and
identifies how they work together to distribute reports over
the web.
Crystal Enterprise Administrator’s Guide
27
Architecture overview and diagram
Architecture overview and diagram
Crystal Enterprise is a multi-tier system. Although the components are responsible
for different tasks, they can be logically grouped based on the type of work they
perform. If you are new to Crystal Enterprise, use this chapter to gain familiarity
with the Crystal Enterprise framework, its components, and the general tasks that
each component performs.
In Crystal Enterprise, there are five tiers: the client tier, the application tier, the
intelligence tier, the processing tier, and the data tier. To provide flexibility, the
components that make up each of these tiers can be installed on one machine, or
spread across many.
The following diagram illustrates how each of the components fits within the
multi-tier system. Other Crystal products, such as Crystal Analysis and Smart
Reporting Technology, plug in to the Crystal Enterprise framework in various
ways. This chapter describes the framework itself. Consult each product’s
installation or administration guides for details about how it integrates with the
Crystal Enterprise framework.
The “servers” run as services on Windows machines. On UNIX, the servers run as
daemons. These services can be “vertically scaled” to take full advantage of the
hardware that they are running on, and they can be “horizontally scaled” to take
28
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
advantage of multiple computers over a network environment. This means that
the services can all run on the same machine, or they can run on separate machines.
The same service can also run in multiple instances on a single machine.
For example, you can run the Crystal Management Server and the Event Server on one
machine, while you run the Page Server on a separate machine. This is called
“horizontal scaling.” If the Page Server is running on a multi-processor computer, then
you may choose to run multiple Page Servers on it. This is called “vertical scaling.” The
important thing to understand is that, even though these are called servers, they are
actually services and daemons that do not need to run on separate computers.
Note: Crystal Enterprise Standard requires all of the components, except for the
Web Connector, to be installed on one machine.
The remainder of this chapter describes each tier, the key Crystal Enterprise
components, and their primary responsibilities.
Tip: When you are familiar with the architecture and want to customize your
system configuration, see “Managing and Configuring Servers” on page 269 and
“Scaling Your System” on page 355.
Note: Crystal Enterprise supports reports created in versions 6 through 10 of
Crystal Reports. Once published to Crystal Enterprise, reports are saved,
processed, and displayed in version 10 format.
Client tier
The client tier is the only part of the Crystal Enterprise system that administrators
and end users interact with directly. This tier is made up of the applications that
enable people to administer, publish, and view reports and other objects.
Crystal Enterprise web desktop
Crystal Enterprise comes with a web-based interface that end users access to view,
schedule, and keep track of published reports. Each Crystal Enterprise request that
a user makes is directed to the Crystal Enterprise application tier. What happens
next depends upon which Crystal Enterprise Software Development Kit (SDK)
your system uses. In a Windows installation with the COM SDK (the default
Windows option), the web server passes the user request to the Web Connector.
The Web Connector then forwards the request to the WCS for processing. In an
installation that uses the Java SDK, the web server forwards the user request
directly to an application server where the request is processed by components
built on the Crystal Enterprise SDK.
Crystal Enterprise Administrator’s Guide
29
Client tier
The Crystal Enterprise web desktop also serves as a demonstration of the ways in
which you can use the Crystal Enterprise Software Development Kit (SDK) to
create a custom web application for end users. For more information, see the
developer documentation available on your product CD.
Crystal Management Console
The Crystal Management Console (CMC) allows you to perform user management
tasks such as setting up authentication and adding users and groups. It also allows
you to publish, organize, and set security levels for all of your Crystal Enterprise
content. Additionally, the CMC enables you to manage servers and create server
groups. Because the CMC is a web-based application, you can perform all of these
administrative tasks remotely. For more information, see “Working with the
Crystal Management Console” on page 18.
The CMC also serves as a demonstration of the ways in which you can use the
administrative objects and libraries in the Crystal Enterprise SDK to create custom
web applications for administering Crystal Enterprise. For more information, see
the developer documentation available on your product CD.
Crystal Configuration Manager
The Crystal Configuration Manager (CCM) is a server-management tool that
allows you to configure each of your Crystal Enterprise server components. This
tool allows you to start, stop, enable, and disable servers, and it allows you to view
and to configure advanced server settings. On Windows, these settings include
default port numbers, CMS database and clustering details, SOCKS server
connections, and more. In addition, on Windows the CCM allows you to add or
remove servers from your Crystal Enterprise system. On UNIX, some of these
functions are performed using other tools. For more information, see “Working
with the Crystal Configuration Manager” on page 22 and “Managing and
Configuring Servers” on page 269.
Crystal Publishing Wizard
The Crystal Publishing Wizard is a locally installed Windows application that
enables both administrators and end users to add reports to Crystal Enterprise. By
assigning object rights to Crystal Enterprise folders, you control who can publish
reports and where they can publish them to. For more information, see “Publishing
overview” on page 116 and “Controlling users’ access to objects” on page 142.
The Crystal Publishing Wizard publishes reports from a Windows machine to
Crystal Enterprise servers running on Windows or on UNIX.
30
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
Crystal Import Wizard
The Crystal Import Wizard is a locally installed Windows application that guides
administrators through the process of importing users, groups, reports, and folders
from an existing Crystal Enterprise or Info implementation to Crystal Enterprise.
For more information, see “Crystal Import Wizard overview” on page 130.
The Crystal Import Wizard runs on Windows, but you can use it to import
information into a new Crystal Enterprise system running on Windows or on UNIX.
Application tier
The application tier hosts the server-side components that are needed to process
requests from the client tier as well as the components that are needed to
communicate these requests to the appropriate server in the intelligence tier. The
application tier includes support for report viewing and logic to understand and
direct web requests to the appropriate Crystal Enterprise server in the intelligence tier.
Because Crystal Enterprise is designed to support a variety of web development
platforms, the components included in your application tier will vary.
Windows COM platform
The default installation of Crystal Enterprise on Windows uses the Crystal
Enterprise COM SDK. It includes a Web Connector and a Web Component Server,
and requires the use of a web server.
Web Component Server
Crystal Enterprise systems that use the Windows COM SDK include a Web
Component Server (WCS), and a Web Connector. The WCS is the gateway
between the Web Connector on the web server and the rest of the components in
Crystal Enterprise. The WCS is responsible for processing requests from your
browser, including Crystal Server Pages (.csp files), which are used to customize
your access to Crystal Enterprise. As a result, this server also acts as an application
server. For more information, see the developer documentation available on your
product CD.
Crystal Enterprise Administrator’s Guide
31
Application tier
In addition to processing CSP requests, the WCS also handles other types of
requests. These include requests from the CMC and the handling of prompts and
database logon requests.
If you are running multiple Cache Servers, the WCS automatically load-balances
reporting requests across the available servers.
Note: There is no WCS in UNIX installations of Crystal Enterprise, or in Windows
installations that use the Crystal Enterprise Java SDK. The functionality of the
WCS is provided by the Web Component Adapter (WCA).
Web Connectors
Crystal Enterprise systems that use the Windows COM SDK include a Web
Connector. In these systems, the web server uses the Web Connector to forward
user requests to the Web Component Server. Crystal Enterprise includes different
Web Connectors for different operating systems and web servers.
If you are running multiple WCS machines, the Web Connector automatically
balances the load across the available servers. For details about how the Web
Connector handles communications with the WCS, especially with respect to
security issues, see “Ticket mechanism for distributed security” on page 58.
For details on installing and configuring Web Connectors, see the Crystal Enterprise
Installation Guide.
Note: There is no Web Connector in UNIX installations of Crystal Enterprise,or in
Windows installations that use the Java SDK. In these systems the web server
communicates directly with the application server that hosts the Crystal
Enterprise SDK. Web connectors are still available for UNIX web servers that
communicate with a Windows WCS.
Java platform
All UNIX installations of Crystal Enterprise and all Windows installations
configured to use the Crystal Enterprise Java SDK include a Web Component
Adapter. In this configuration, a Java application server is required to host the Web
Component Adapter and the Crystal Enterprise Java SDK. The use of a web server
is optional as you may choose to have static content hosted by the application server.
Application server and Crystal Enterprise Java SDK
Crystal Enterprise systems that use the Crystal Enterprise Java SDK run the SDK
on a third party application server. See the Platforms.txt file included with your
product distribution for a complete list of tested application servers and version
requirements.
The application server acts as the gateway between the web server and the rest of
the components in Crystal Enterprise. The application server is responsible for
32
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
processing requests from your browser, sending Crystal Server Pages (.csp files) to
the Web Component Adapter, and using the Java SDK to interpret Crystal
components in Java Server Pages (.jsp files). The application server also supports
Java versions of the Crystal Enterprise web desktop and other Crystal applications,
and uses the SDK to convert report pages (.epf files) to HTML format when users
view pages with a DHTML viewer.
The application server replaces the Web Component Server (WCS) in Crystal
Enterprise installations that run on UNIX, and in Windows installations that use
the Crystal Enterprise Java SDK. For more information, see the developer
documentation available on your product CD.
Web Component Adapter
In UNIX installations of Crystal Enterprise, or in Windows installations that use a
Java SDK, there is no WCS and no Web Connector. Instead, the web server
communicates directly with the application server that hosts the Crystal Enterprise
SDK. The Web Component Adapter (WCA) runs within the application server and
provides all WCS services that are not directly supported by the Java SDK. Because
the WCA runs on an application server, it is not necessary to have a Web
Connector on the web server. The web server passes requests directly to the
application server, which then forwards the requests on to the WCA.
In this environment the WCA has two primary roles: it processes Crystal Server
Pages (.csp files), and it also supports Crystal applications that formerly relied upon
the WCS. These applications include the Crystal Management Console (CMC) and
Crystal report viewers (that are implemented through viewrpt.cwr requests).
Windows .NET platform
Crystal Enterprise installations that use the .NET Framework include Primary
Interop Assemblies (PIAs) that allow you to use the COM Crystal Enterprise SDK
with ASP.NET, and a set of .NET Server Components that you can optionally use
to simplify the development of custom applications. This configuration requires
the use of a Microsoft Internet Information Services (IIS) web server.
You do not need a Web Connector, Web Component Server, or a Web Component
Adapter for custom ASP.NET applications.
Web application environments
Crystal Enterprise supports Crystal Server Pages (.csp), Active Server Pages (.asp),
and Java Server Pages (.jsp). Crystal Enterprise includes web applications developed
in .csp and .jsp such as the Crystal Enterprise web desktop and the sample
applications available via the Crystal Enterprise Launchpads. It also supports the
development of custom web applications that use .csp, .asp, .jsp, and ASP.NET pages.
Crystal Enterprise Administrator’s Guide
33
Intelligence tier
Crystal Server Pages (.csp) provide functionality similar to that provided by
Microsoft’s Active Server Pages (.asp). Java Server Pages (.jsp) allow you to
develop cross-platform J2EE applications that use Crystal objects in conjunction
with your own custom objects, or a wide variety of objects from third parties.
Crystal Enterprise also includes Primary Interop Assemblies (PIAs) that enable
you to use the Crystal Enterprise SDK and Report Application Server SDK with
ASP.NET. It also includes a set of .NET Server Components which simplify
development of custom Crystal Enterprise applications in ASP.NET.
See the developer documentation for more information.
Intelligence tier
The intelligence tier manages the Crystal Enterprise system. It maintains all of the
security information, sends requests to the appropriate servers, manages audit
information, and stores report instances.
Crystal Management Server
Note: In previous versions of Crystal Enterprise, the Crystal Management Server
(CMS) was known as the Automated Process Scheduler (APS).
The CMS is responsible for maintaining a database of information about your
Crystal Enterprise system; the other components can therefore access that data as
required. The data stored by the CMS includes information about users and
groups, security levels, Crystal Enterprise content, and servers. The CMS also
maintains the Crystal Repository, and a separate audit database of information
about user actions. This data allows the CMS to perform its four main tasks:
• Maintaining security
By maintaining a database of users and their associated object rights, the CMS
enforces who has access to Crystal Enterprise and the types of tasks they are
able to perform. This also includes enforcing and maintaining the licensing
policy of your Crystal Enterprise system.
• Managing objects
The CMS keeps track of the location of objects and maintains the folder
hierarchy. By communicating with the Report and Program Job Servers, the
CMS is able to ensure that scheduled jobs run at the appropriate times.
34
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
• Managing servers
By staying in frequent contact with each of the servers in the system, the CMS is
able to maintain a list of server status. Report viewers access this list, for instance,
to identify which Cache Server is free to use for a report viewing request.
• Managing auditing
By collecting information about user actions from each Crystal Enterprise
server, and then writing these records to a central audit database, the CMS acts
as the system auditor. This audit information allows system administrators to
better manage their Crystal Enterprise deployment.
Typically, you provide the CMS with database connectivity and credentials when
you install Crystal Enterprise, so the CMS can create its own system database and
Crystal Repository database using your organization’s preferred database server.
For details about setting up CMS databases, see the Crystal Enterprise Installation
Guide, and “Configuring the auditing database” on page 334. See the
Platforms.txt file included with your product distribution for a complete list of
tested database software and version requirements.
Note:
• It is strongly recommended that you back up the CMS system database, and
the audit database frequently. The backup procedure depends upon your
database software. If you are unsure of the procedure, consult with your
database administrator.
• The CMS database should not be accessed directly. System information should
only be retrieved using the calls that are provided in the Crystal Enterprise
Software Development Kit (SDK). For more information, see the developer
documentation available on your product CD.
• You can access the audit database directly to create custom audit reports. See
“Reporting on audit results” on page 339 for more information.
On Windows, the Setup program can install and configure its own Microsoft Data
Engine (MSDE) database if necessary. MSDE is a client/server data engine that
provides local data storage and is compatible with Microsoft SQL Server. If you
already have the MSDE or SQL Server installed, the installation program uses it to
create the CMS system database. You can migrate your default CMS system
database to a supported database server later.
For details about configuring the CMS, its system database, and CMS clusters, see
“Configuring the intelligence tier” on page 284. For more information about
Auditing, see “Managing Auditing” on page 329.
File Repository Servers
There is an Input and an Output File Repository Server in every Crystal Enterprise
implementation. The Input File Repository Server manages all of the report objects
and program objects that have been published to the system by administrators or
end users (using the Crystal Publishing Wizard, the Crystal Management Console,
Crystal Enterprise Administrator’s Guide
35
Intelligence tier
the Crystal Import Wizard, or a Crystal designer component such as Crystal
Reports). The Output File Repository Server manages all of the report instances
generated by the Report Job Server and the program instances generated by the
Program Job Server.
Tip: If you use the Crystal Enterprise SDK, you can also publish reports from
within your own code.
The File Repository Servers are responsible for listing files on the server, querying
for the size of a file, querying for the size of the entire file repository, adding files
to the repository, and removing files from the repository.
Note:
• The Input and Output File Repository Servers cannot share the same
directories. This is because one of the File Repository Servers could then delete
files and directories belonging to the other.
• In larger deployments, there may be multiple Input and Output File Repository
Servers, for redundancy. In this case, all Input File Repository Servers must
share the same directory. Likewise, all Output File Repository Servers must
share a directory.
• Objects with files associated with them, such as text files, Microsoft Word files,
or PDFs, are stored on the File Repository Server.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the CMS that
the file-based event has occurred. The CMS then starts any jobs that are dependent
upon your file-based event.
After notifying the CMS of the event, the Event Server resets itself and again
monitors the directory for the appropriate file. When the file is newly created in the
monitored directory, the Event Server again triggers your file-based event.
Note: Schedule-based events, and custom events are managed by the Crystal
Management Server.
Cache Server
The Cache Server is responsible for handling all report viewing requests. The
Cache Server checks whether or not it can fulfill the request with a cached report
page. If the Cache Server finds a cached page that displays exactly the required
data, with data that has been refreshed from the database within the interval that
you have specified as the default, the Cache Server returns that cached report page.
36
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
If the Cache Server cannot fulfil the request with a cached report page, it passes the
request along to the Page Server. The Page Server runs the report and returns the
results to the Cache Server. The Cache Server then caches the report page for future
use, and returns the data to the viewer. By storing report pages in a cache, Crystal
Enterprise avoids accessing the database each and every time a report is requested.
If you are running multiple Page Servers for a single Cache Server, the Cache
Server automatically balances the processing load across Page Servers.
For more information, see “Modifying Cache Server performance settings” on
page 301.
Processing tier
The processing tier accesses the data and generates the reports. It is the only tier
that interacts directly with the databases that contain the report data.
Report Job Server
A Job Server processes scheduled actions on objects at the request of the CMS. You
can configure a Job Server to process either report objects or program objects when
you add it to your Crystal Enterprise system. If you configure a Job Server to
process report objects, it becomes a Report Job Server.
The Report Job Server processes scheduled reports, as requested by the CMS, and
generates report instances (instances are versions of a report object that contain
saved data). To generate a report instance, the Report Job Server communicates
with the database to retrieve the current data.
Program Job Server
A Job Server processes scheduled actions on objects at the request of the CMS. You
can configure a Job Server to process either report objects or program objects when
you add it to your Crystal Enterprise system. If you configure a Job Server to
process program objects, it becomes a Program Job Server.
Program objects allow you to write, publish, and schedule custom applications,
including scripts or Java programs that run against, and perform maintenance
work on, Crystal Enterprise.
The Program Job Server processes scheduled program objects, as requested by the
CMS. To run a program, the Program Job Server first retrieves the files from storage
Crystal Enterprise Administrator’s Guide
37
Processing tier
on the Input File Repository Server, and then runs the program. By definition,
program objects are custom applications. Therefore the outcome of running a
program will be dependent upon the particular program object that is run.
Unlike report instances, which can be viewed in their completed format, program
instances exist as records in the object history. Crystal Enterprise stores the
program’s standard out and standard error in a text output file. This file appears
when you click a program instance in the object History.
Page Server
The Page Server is primarily responsible for responding to page requests by
processing reports and generating Encapsulated Page Format (EPF) pages. The
EPF pages contain formatting information that defines the layout of the report. The
Page Server retrieves data for the report from an instance or directly from the
database (depending on the user’s request and the rights he or she has to the report
object). When retrieving data from the database, the Page Server automatically
disconnects from the database after it fulfills its initial request and reconnects if
necessary to retrieve additional data. (This behavior conserves database licenses.)
The Cache Server and Page Server work closely together. Specifically, the Page
Server responds to page requests made by the Cache Server. The Page Server and
Cache Server also interact to ensure cached EPF pages are reused as frequently as
possible, and new pages are generated as soon as they are required. Crystal
Enterprise takes advantage of this behavior by ensuring that the majority of reportviewing requests are made to the Cache Server and Page Server. (However, if a
user’s default viewer is the Advanced DHTML viewer, the report is processed by
the Report Application Server.)
The Page Server also supports COM, ASP.NET, and Java viewer Software
Development Kits (SDKs).
Report Application Server
The Report Application Server (RAS) processes reports that users view with the
Advanced DHTML viewer. The RAS also provides the ad hoc reporting
capabilities that allow users to create and modify reports over the Web.
The RAS is very similar to the Page Server: it too is primarily responsible for
responding to page requests by processing reports and generating EPF pages.
However, the RAS uses an internal caching mechanism that involves no
interaction with the Cache Server.
As with the Page Server, the RAS supports COM, ASP.NET, and Java viewer
SDKs. The Report Application Server also includes an SDK for report-creation and
modification, providing you with tools for building custom report interaction
interfaces.
38
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
Data tier
The data tier is made up of the databases that contain the data used in the reports.
Crystal Enterprise supports a wide range of corporate databases.
See the Platforms.txt file included with your product distribution for a complete
list of tested database software and version requirements.
Report viewers
Crystal Enterprise includes report viewers that support different platforms and
different browsers in the client tier, and which have different report viewing
functionality. (For more information on the specific functionality or platform
support provided by each report viewer, see the Crystal Enterprise User’s Guide or
the Crystal Reports Developer’s Guide.)
All of the viewers fall into two categories: client-side viewers, and zero client
viewers. Client-side viewers are downloaded and installed in the users’ web
browser while the code to support zero client viewers resides in the application tier.
client-side viewers
zero client viewers
Active X viewer
Java viewer
DHTML viewer
Advanced DHTML viewer
All report viewers help process requests for reports, and present report pages that
appear in the user’s browser.
Zero client viewers reside on the application server. When a user requests a report,
the application server processes the request, and then retrieves the report pages in
.epf format from the Crystal Enterprise framework. The SDK creates a viewer
object on the application server which processes the .epf and creates DHTML
pages that represent both the viewer controls and the report itself. The viewer
object then sends these pages through the web server to the user’s web browser.
Client-side viewers are downloaded and installed in the user’s browser. When a
user requests a report, the application server processes the request, and retrieves
the report pages in .epf format from the Crystal Enterprise framework. The
application server then passes the .epf file to the client-side viewer, which
processes the .epf files and displays them directly in the browser.
Crystal Enterprise Administrator’s Guide
39
Information Flow
If they haven’t already done so, users are prompted to download and install the
appropriate viewer software before the report is displayed in the browser. The
Active X viewer is downloaded the first time a user requests a report, and then
remains installed on the user’s machine. You will be prompted to reinstall the
ActiveX viewer only when a new version becomes available on the server.
Information Flow
This section describes the interaction of the server components in order to
demonstrate how report-processing is performed. This section covers two
different scenarios:
• “What happens when you view a report?” on page 40
• “What happens when you schedule a report?” on page 42
What happens when you view a report?
This section describes the viewing mechanisms that are implemented in the Crystal
Enterprise web desktop. The description of processing flow covers both the case
where the web desktop is implemented with Crystal Server Pages and uses the Web
Component Server (WCS) as its application server, and the case where the web
desktop is implemented in Java Server Pages and runs in a generic application server.
The processing flow for custom ASP, JSP, and ASP.NET applications may differ.
When you view a Crystal report (.rpt file) through Crystal Enterprise, the
processing flow varies depending upon your default report viewer, the type of
report, and the rights you have to the report. In all cases, however, the request that
begins at the web server must be forwarded to the application server.
The actual request is constructed as a URL that includes the report’s unique ID.
This ID is passed as a parameter to a server-side script that, when evaluated by the
application server, verifies the user’s session and retrieves the logon token from
the browser. The script then checks the user’s Crystal Enterprise web desktop
preferences and redirects the request to the viewing mechanism that corresponds
to the user’s default viewer.
Different report viewers require different viewing mechanisms:
• The zero-client DHTML viewer is implemented through viewreport.csp or
viewreport.jsp.
When evaluated by the application server, this script communicates with the
framework (through the published SDK interfaces) in order to create a viewer
object and retrieve a report source from the Cache Server and Page Server.
• The zero-client Advanced DHTML viewer is implemented through
viewreport_ia.csp or viewreport_ia.jsp.
When evaluated by the application server, this script communicates with the
framework (through the published SDK interfaces) in order to create a viewer
object and retrieve a report source from the Report Application Server.
40
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
• The client-side report viewers (the ActiveX and Java viewers) are implemented
through viewrpt.cwr, hosted by the WCA or WCS.
The Crystal Web Request is executed internally through viewer code on the
application server. The viewer code communicates with the framework in order
to retrieve a report page in .epf format from the Cache Server and Page Server.
If they haven’t already done so, users are prompted to download and install the
appropriate viewer software.
Report viewing with the Cache Server and Page Server
Upon receiving a report-viewing request, the Cache Server checks to see if it has
the requested pages cached. Cached pages are stored as Encapsulated Page Format
(.epf) files. If a cached version of the .epf file is available, the Cache Server checks
with the Crystal Management Server (CMS) to see if the user has rights to view the
report. If the user is granted the right to view the report, the Cache Server sends
the .epf file to the application server.
If a cached version of the .epf file is unavailable, the Cache Server requests new .epf
files from the Page Server. The Page Server retrieves the report from the Input File
Repository Server, first checking with the CMS to see if the user has rights to view
the report.
If the report is an instance, and the user only has View rights, the Page Server will
generate pages of the report instance using the data stored in the report object. That
is, the Page Server will not retrieve the latest data from the database. If the report
is an object, the user must have View On Demand rights to view the report
successfully (because the Page Server needs to retrieve data from the database).
If the user has sufficient rights, the Page Server generates the .epf pages and
forwards them to the Cache Server. The Cache Server then caches the .epf files and
sends them to the application server.
If the initial request was made through a Crystal Server Page (viewreport.csp), the
viewer SDK (residing on the application server) is used to generate HTML that
represents both the DHTML viewer and the report itself. The HTML pages are then
returned through the web server to the user’s web browser. If the initial request
was made through a Crystal Web Request (viewrpt.cwr), the application server
forwards the .epf pages through the web server to the report viewer software in the
user’s web browser.
Report viewing with the Report Application Server
Upon receiving a report-viewing request, the RAS checks to see if it has the
requested report data in cache. (The RAS has its own caching mechanism, which is
separate from the Cache Server.) If cached report data is available, the RAS checks
with the CMS to see if the user has rights to view the report. If the user is granted
the right to view the report, the RAS returns .epf pages to the application server.
Crystal Enterprise Administrator’s Guide
41
Information Flow
If a cached version of the page is unavailable, the RAS retrieves the report from the
Input File Repository Server, first checking with the CMS to see if the user has
rights to view the report. The RAS then processes the report and returns the .epf
pages to the application server.
If the user is granted View rights to the report object, then the RAS will only ever
generate pages of the latest report instance. That is, the RAS will not retrieve the
latest data from the database. If, however, the user is granted View On Demand
rights to the report object, then the RAS will refresh the report against the database.
Note: The interactive search and filter features provided by the Advanced
DHTML viewer are available only if the user has View On Demand rights (or
greater) to the report object.
When the application server receives the .epf pages from the RAS, the viewer SDK
is used to generate HTML that represents both the Advanced DHTML viewer and
the report itself. The HTML pages are then returned through the web server to the
user’s web browser.
What happens when you schedule a report?
When you schedule a report, you instruct Crystal Enterprise to process a report
object at a particular point in time, or on a recurring schedule. For example, if you
have a report based off of your web server logs, you can schedule the report to run
every night on a recurring basis.
Tip: Crystal Enterprise also allows you to schedule jobs that are dependent upon
other events. For details, see “Managing events overview” on page 262.
When a user schedules a report using the Crystal Enterprise web desktop, the web
desktop sends the request to the application tier.
• In a Crystal Enterprise system that uses the COM SDK, the web server passes
the web desktop request to the Web Connector. The Web Connector then
passes the request to the Web Component Server (WCS), which communicates
with the rest of Crystal Enterprise. Since the request was to schedule a report,
the WCS passes the request to the Crystal Management Server.
• In a Crystal Enterprise system that uses the Java SDK, the web server passes
the web desktop request directly to the application server. The request is
evaluated by the Java SDK. Since the request was to schedule a report, the SDK
passes the request to the Crystal Management Server.
When the CMS gets the request, it checks to see if the user has sufficient rights to
schedule the report. If the user has sufficient rights, the CMS schedules the report
to run at the specified time(s). When the time occurs, the CMS passes the job to the
Report Job Server. The Report Job Server retrieves the report from the Input File
Repository Server and runs the report against the database, thereby creating an
instance of the report. The Report Job Server then saves the report instance to the
42
Crystal Enterprise Administrator’s Guide
4: Crystal Enterprise Architecture
Output File Repository Server, and tells the CMS that it has completed the job
successfully.
Tip: For details about multiple time zones, see “Supporting users in multiple time
zones” on page 405.
Note:
• The Cache Server and the Page Server do not participate in scheduling reports
or in creating instances of scheduled reports. This can be an important
consideration when deciding how to configure Crystal Enterprise, especially
in large installations. See “Scaling Your System” on page 355.
• When you schedule program objects or object packages, the interaction
between servers follows the same pattern as it does for reports. However,
program objects are processed by the Program Job Server.
• Users without schedule rights on an object will not see the schedule option in
Crystal Enterprise.
Choosing between live and saved data
When reporting over the Web, the choice to use live or saved data is one of the
most important decisions you’ll make. Whichever choice you make, however,
Crystal Enterprise displays the first page as quickly as possible, so you can see
your report while the rest of the data is being processed.
Live data
On-demand reporting gives users real-time access to live data, straight from the
database server. Use live data to keep users up-to-date on constantly changing data,
so they can access information that’s accurate to the second. For instance, if the
managers of a large distribution center need to keep track of inventory shipped on a
continual basis, then live reporting is the way to give them the information they need.
Before providing live data for all your reports, however, consider whether or not
you want all of your users hitting the database server on a continual basis. If the
data isn’t rapidly or constantly changing, then all those requests to the database do
little more than increase network traffic and consume server resources. In such
cases, you may prefer to schedule reports on a recurrent basis so that users can
always view recent data (report instances) without hitting the database server.
For more information about optimizing the performance of reports that are viewed
on demand, see the “Designing Optimized Web Reports” section in the Crystal
Reports User’s Guide (version 8.5 and later).
Tip: Users require View On Demand access to refresh reports against the database.
Crystal Enterprise Administrator’s Guide
43
Choosing between live and saved data
Saved data
Report instances are useful for dealing with data that isn’t continually updated.
When users navigate through report instances, and drill down for details on
columns or charts, they don’t access the database server directly; instead, they
access the saved data. Consequently, reports with saved data not only minimize
data transfer over the network, but also lighten the database server’s workload.
You can schedule these reports within Crystal Enterprise so that they automatically
refresh from the database on a predetermined basis. For example, if your sales
database is only updated once a day, or once a week, then you can run the report
on a similar schedule. Sales representatives then always have access to current sales
data, but they are not hitting the database every time they open a report.
Tip: Users require only View access to display report instances.
Related topics
• “Scaling Your System” on page 355
44
Crystal Enterprise Administrator’s Guide
Crystal Enterprise Security Concepts
5
This chapter details the ways in which Crystal Enterprise
addresses enterprise security concerns, thereby providing
administrators and system architects with answers to
typical questions regarding security.
Crystal Enterprise Administrator’s Guide
45
Security overview
Security overview
The Crystal Enterprise architecture addresses the many security concerns that affect
today’s businesses and organizations. The current release supports features such as
distributed security, Single Sign On (SSO), resource access security, granular object
rights, and third-party Windows NT, LDAP, and Windows AD authentication in
order to protect against unauthorized access. To allow for further customization of
security, Crystal Enterprise supports dynamically loaded processing extensions.
And, for monitoring and auditing purposes, Crystal Enterprise allows you to log
various web statistics, thus enabling you to detect potential security concerns.
Because Crystal Enterprise provides the framework for an increasing number of
components from the Enterprise family of Crystal products, this chapter details the
security features and related functionality to show how the framework itself
enforces and maintains security. As such, this chapter does not provide explicit
procedural details; instead, it focuses on conceptual information and provides
links to key procedures.
Related topics
• For key procedures that show how to modify the default accounts, passwords,
and other security settings, see “Making initial security settings” on page 24.
• For procedures that show how to set up authentication, users, and groups, see
“Managing User Accounts and Groups” on page 63.
• For procedures that show how to set object rights for your Crystal Enterprise
content, see “Controlling User Access” on page 141.
How Crystal Enterprise authenticates and authorizes
Authentication is the process of verifying the identity of a user who attempts to
access the system, and authorization is the process of verifying that the user has
been granted sufficient rights to perform the requested action upon the specified
object. This section describes the authentication and authorization processes in
order to provide a general idea of how system security works within Crystal
Enterprise. Each of the components and key terms is discussed in greater detail
later in this chapter.
Because Crystal Enterprise is fully customizable, the authentication and
authorization processes may vary from system to system. This section uses the
Crystal Enterprise web desktop as a model and describes its default behavior. If
you are developing your own Crystal Enterprise end-user or administrative
applications using the Crystal Enterprise Software Development Kit (SDK), you
can customize the system’s behavior to meet your needs. For complete details, see
the Crystal Enterprise Web Developer's Guide.
For procedures that show how to set up the different authentication types, see
“Available authentication types” on page 66.
46
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
Primary authentication
Primary authentication occurs when a user first attempts to access the system. The
user provides a user name and password and specifies an authentication type. The
authentication type may be Enterprise, Windows NT, LDAP, or Windows AD
authentication, depending upon which type(s) you have enabled and set up in the
Authorization management area of the Crystal Management Console (CMC). The
user’s web browser sends the information by HTTP to your web server, which routes
the information through the Web Connector to the Web Component Server (WCS).
Note:
• All communication between the user’s web browser and the WCS is similarly
routed through the web server and the Web Connector. For clarity, the web
server and the Web Connector are explicitly discussed only when necessary.
• In a UNIX installation of Crystal Enterprise (or in a Windows installation that
uses the Crystal Enterprise Java SDK), there is no Web Connector, and no Web
Component Server. All communication between the user’s web browser and
the rest of Crystal Enterprise is handled by the Java application server and
Crystal Enterprise Java SDK.
The WCS passes the user’s information to logon.csp and runs the script. Internally,
this script communicates with the SDK and, ultimately, the appropriate security
plug-in to authenticate the user against the user database.
For instance, if the user specifies Enterprise Authentication, the SDK ensures that
the Crystal Enterprise security plug-in performs the authentication. The Crystal
Management Server (CMS) uses the Crystal Enterprise security plug-in component
to verify the user name and password against the system database. Alternatively,
if the user specifies Windows NT, LDAP, or Windows AD Authentication, the SDK
uses the corresponding security plug-in to authenticate the user.
If the security plug-in reports a successful match of credentials (including a match
to an appropriate group membership for Windows NT, Windows AD, or LDAP
authentication), the CMS grants the user an active identity on the system and the
system performs several actions:
• The CMS stores the user’s information in memory in a CMS session variable.
While active, this session consumes one user license on the system.
• The CMS generates and encodes a logon token and sends it to the WCS.
• The WCS stores the user’s information in memory in a WCS session variable.
While active, this session stores information that allows Crystal Enterprise to
respond to the user’s requests.
Note:
• If you are familiar with the SDK, you should note that the WCS here
instantiates the InfoStore object and stores it in the WCS session variable.
• The session variable does not contain the user’s password.
Crystal Enterprise Administrator’s Guide
47
How Crystal Enterprise authenticates and authorizes
• The WCS sends the logon token to the user’s web browser, and the web
browser caches the token in a cookie. Until the logon token expires, its
encoded information serves as the user’s valid ticket for the system.
Each of these steps contributes to the distributed security of Crystal Enterprise,
because each step consists of storing information that is used for secondary
identification and authorization purposes. This is the model used in the Crystal
Enterprise web desktop. However, if you are developing your own client
application and you prefer not to store session state on the WCS, you can design
your application such that it avoids using WCS session variables.
Note:
• The third-party Windows NT, LDAP, and Windows AD security plug-ins
work only once you have mapped groups from the external user database to
Crystal Enterprise. For details, see “Available authentication types” on
page 66.
• In a Single Sign On situation, Crystal Enterprise retrieves users’ credentials
and group information directly from the Windows NT or Windows AD
system. Hence, users are not prompted for their credentials.
Secondary authentication and authorization
Secondary authentication is the process of double-checking the identity of each
user who attempts to view, run, schedule, or otherwise act upon an object that is
managed by Crystal Enterprise. Authorization is the process of verifying that the
user has been granted sufficient rights to perform the requested action upon the
specified object.
When a user attempts to access an object on the system, the web browser sends the
request by HTTP to the WCS. Before fulfilling the user’s request, the WCS
performs a series of security-related steps.
First, the WCS ensures that the user has a valid logon token:
• If there is a valid logon token, the WCS proceeds to its next task.
• If there is no valid logon token, the primary authentication process is repeated.
For more information about logon tokens, see “Logon tokens” on page 57.
Second, the WCS checks internally for an active WCS session that matches the
user’s logon token:
• If the corresponding WCS session variable remains in memory, the WCS
proceeds to its next task.
• If the WCS session variable has timed out, the user is logged back on with the
logon token. The SDK authenticates the user against the appropriate user
database, and the CMS and the WCS recreate the required session variables. In
this case, Crystal Enterprise does not have to prompt the user for credentials,
because the encoded logon token contains the required information.
48
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
Third, the WCS ensures that the appropriate server component actually processes
the user’s request:
• If the WCS can process the request itself, it queries the CMS database for the
rights associated with the object that the user requested.
For instance, if the user requests a list of reports in a specific folder, the WCS
queries the CMS database for a list of the reports that the user is authorized to
see. The WCS then dynamically lists the reports in an HTML page, and sends
the page to the user’s browser.
• If a different server component must process the request, the WCS sends the
request and the user’s logon token to the appropriate server component. That
server component then queries the CMS database for the rights associated
with the object that the user requested.
For instance, if the user attempts to refresh a report’s data, the WCS passes the
request along to the Page Server. The Page Server passes the logon token to the
CMS to ensure that the user is authorized to refresh the report.
For details about how the CMS calculates a user’s effective rights to an object,
see “Calculating a user’s effective rights” on page 152.
This secondary authentication and authorization process begins similarly to initial
identification; here, however, the authentication algorithm followed by the WCS
maintains system security in the fewest number of steps, thereby providing the
most efficient response to the user’s initial request.
Note: If the user does not have the right to perform the requested action, the WCS
displays an appropriate message. For details about setting object rights, see
“Controlling User Access” on page 141.
Security management components
System security within Crystal Enterprise is distributed across most components,
but it is managed primarily by the WCS, the CMS, and the security plug-ins. These
components work together to authenticate and to authorize users who access
Crystal Enterprise, its folders, and its other objects.
This section discusses the key components as they relate to system security.
Because they are responsible for additional tasks, several of the components
discussed in this section are described in additional detail in “Crystal Enterprise
Architecture” on page 27.
Web Component Server
The WCS is the gateway between the web server/Web Connector machine and the
remaining Crystal Enterprise components. As such, the WCS receives all HTTP
requests that are sent to Crystal Enterprise from users’ web browsers.
Crystal Enterprise Administrator’s Guide
49
Security management components
The WCS ensures that each user has a valid logon token for the system. If the logon
token is missing, or if it has expired, the WCS initiates the primary authentication
process. For details, see “Primary authentication” on page 47.
The WCS is also responsible for maintaining the user’s session state in the WCS
session variable. This session variable contains information that Crystal Enterprise
uses when fulfilling user’s requests. For details, see “Sessions and session
tracking” on page 59.
Crystal Management Server
In relation to system security, the CMS performs a number of important tasks. The
majority of these tasks rely upon the database that the CMS uses to keep track of
Crystal Enterprise system data. This data includes security information, such as
user accounts, group memberships, and object rights that define user and group
privileges.
When you first set up your system, the CMS allows you to create user accounts and
groups within Crystal Enterprise. And, with its third-party security plug-ins, the
CMS allows you to reuse existing user accounts and groups that are stored in a
third-party system (a Windows NT user database, an LDAP directory server, or a
Windows AD server). The CMS supports third-party authentication, so users can
log on to Crystal Enterprise with their current Windows NT, LDAP, or Windows
AD credentials.
When users log on, the CMS coordinates the authentication process with its
security plug-ins; the CMS then grants the user a logon token and an active session
on the system. The CMS also responds to authorization requests made by the rest
of the system. When a user requests a list of reports in a particular folder, the CMS
authorizes the request only when it has verified that the user’s account or group
membership provides sufficient privileges.
For details about the CMS and how it calculates a user’s effective rights to an
object, see “Calculating a user’s effective rights” on page 152.
For more information about the CMS and the CMS database, see “Crystal
Management Server” on page 34.
Security plug-ins
Security plug-ins expand and customize the ways in which Crystal Enterprise
authenticates users. Crystal Enterprise currently ships with the system default
Crystal Enterprise security plug-in and with the Windows NT, LDAP, or Windows
AD security plug-ins. Each security plug-in offers several key benefits.
Security plug-ins facilitate account creation and management by allowing you to
map user accounts and groups from third-party systems into Crystal Enterprise.
You can map third-party user accounts or groups to existing Crystal Enterprise
50
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
user accounts or groups, or you can create new Enterprise user accounts or groups
that corresponds to each mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings.
So, once you map a Windows NT, LDAP, or Windows AD group into Crystal
Enterprise, all users who belong to that group can log on to Crystal Enterprise.
When you make subsequent changes to the third-party group membership, you
need not update or refresh the listing in Crystal Enterprise. For instance, if you
map a Windows NT group to Crystal Enterprise, and then you add a new NT user
to the NT group, the security plug-in dynamically creates an alias for that new user
when he or she first logs on to Crystal Enterprise with valid NT credentials.
Moreover, security plug-ins enable you to assign rights to users and groups in a
consistent manner, because the mapped users and groups are treated as if they
were Enterprise accounts. For example, you might map some user accounts or
groups from Windows NT, and some from an LDAP directory server. Then, when
you need to assign rights or create new, custom groups within Crystal Enterprise,
you make all of your settings in the CMC.
Each security plug-in acts as an authentication provider that verifies user credentials
against the appropriate user database. When users log on to Crystal Enterprise,
they choose from the available authentication types that you have enabled and set
up in the Authorization management area of the CMC: Enterprise (the system
default), Windows NT, LDAP, or Windows AD.
Note: The Windows NT and Windows AD security plug-ins cannot authenticate
users if the Crystal Enterprise server components are running on UNIX.
Crystal Enterprise security plug-in
The Crystal Enterprise security plug-in (secEnterprise.dll) is installed and
enabled by default when you install Crystal Enterprise. This plug-in allows you to
create and maintain user accounts and groups within Crystal Enterprise; it also
enables the system to verify all logon requests that specify Enterprise
Authentication. In this case, user names and passwords are authenticated against
the Crystal Enterprise user list, and users are allowed or disallowed access to the
system based solely on that information. For details on setting up Enterprise users
and groups, see “Managing Enterprise and general accounts” on page 67.
Default accounts
When you first install Crystal Enterprise, this plug-in sets up two default Enterprise
accounts: Administrator and Guest. Neither account has a default password. For
details on setting these passwords, see “Making initial security settings” on page 24.
Crystal Enterprise Administrator’s Guide
51
Security management components
Single Sign On
The Crystal Enterprise authentication provider supports anonymous Single Sign On
for the Guest account. Thus, when users connect to Crystal Enterprise without
specifying a user name and password, the system logs them on automatically under
the Guest account. If you assign a secure password to the Guest account, or if you
disable the Guest account entirely, you disable this default behavior. For details, see
“Disabling the Guest account” on page 25.
Sign Up
By default, users who are logged on under the Guest account also have the ability
to sign up and create their own, new accounts on the system. To disable this default
behavior, see “Disabling the Sign Up feature” on page 24.
Windows NT security plug-in
The Windows NT security plug-in (secWindowsNT.dll) allows you to map user
accounts and groups from your Windows NT user database to Crystal Enterprise;
it also enables Crystal Enterprise to verify all logon requests that specify Windows
NT Authentication. Users are authenticated against the Windows NT user
database, and have their membership in a mapped NT group verified before the
CMS grants them an active Crystal Enterprise session.
This plug-in is compatible with NT 4 and Windows 2000 Active Directory user
databases (when Windows 2000 Active Directory is configured in non-native
mode only). If a Windows 2000 Active Directory user database is configured in
native mode and contains universal groups that span several domains, you must
use the Windows AD security plug-in. For information on mapping Windows NT
users and groups to Crystal Enterprise, see “Managing NT accounts” on page 74.
For information on the Windows AD security plug-in, see “Windows AD security
plug-in” on page 55.
Once you have mapped your NT users and groups, all of the Crystal Enterprise client
tools support NT authentication, except for the Crystal Import Wizard. You can also
create your own applications that support NT authentication. For more information,
see the developer documentation available on your product CD.
Note: The Windows NT and Windows AD security plug-ins cannot authenticate
users if the Crystal Enterprise server components are running on UNIX.
Default account
If you install Crystal Enterprise on Windows NT/2000 as an Administrator of the
local machine, then this plug-in is enabled by default. A new NT group (called
Crystal NT Users) is created on the local machine, and your NT user account is
added to the group. The Crystal NT Users group is then mapped to Crystal
Enterprise. The result is that you can log on to Crystal Enterprise with your usual
NT user credentials.
52
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
Single Sign On
The Windows NT security plug-in supports Single Sign On, thereby allowing
authenticated NT users to log on to Crystal Enterprise without explicitly entering
their credentials. The Single Sign On requirements depend upon the way in which
users access Crystal Enterprise: either via a thick client, or over the Web. In both
scenarios, the security plug-in obtains the security context for the user from the
authentication provider, and grants the user an active Crystal Enterprise session if
the user is a member of a mapped NT group:
• To obtain NT Single Sign On functionality from a thick-client application (such
as the Crystal Publishing Wizard), the user must be running a Windows
operating system, and the application must use the Crystal Enterprise SDK.
In this scenario, the Windows NT security plug-in queries the operating system
for the current user’s credentials when the client is launched.
• To obtain Single Sign On functionality over the Web, the system must use
Microsoft components only. Specifically, the user must be running Internet
Explorer on a Windows operating system, and the web server must be running
Internet Information Server (IIS).
In this scenario, Internet Explorer and IIS engage in Windows NT Challenge/
Response authentication before IIS forwards the user’s credentials to Crystal
Enterprise.
Note: IIS performs the Challenge/Response authentication for every web page
viewed. This can result in severe performance degradation.
For details on configuring IIS for Single Sign On, see “Setting up NT Single Sign
On” on page 83.
Note: The Crystal Enterprise web desktop provides its own form of “anonymous
Single Sign On,” which uses Enterprise authentication, as opposed to Windows
NT authentication. Design your own web applications accordingly (or modify the
Crystal Enterprise web desktop) if you want to use NT Single Sign On. For
information on NT Single Sign On, see “Setting up NT Single Sign On” on page 83.
LDAP security plug-in
The LDAP security plug-in (secLDAP.dll) allows you to map user accounts and
groups from your LDAP directory server to Crystal Enterprise; it also enables the
system to verify all logon requests that specify LDAP Authentication. Users are
authenticated against the LDAP directory server, and have their membership in a
mapped LDAP group verified before the CMS grants them an active Crystal
Enterprise session. User lists and group memberships are dynamically maintained by
Crystal Enterprise. You can specify that Crystal Enterprise use a Secure Sockets Layer
(SSL) connection to communicate to the LDAP directory server for additional security.
LDAP authentication for Crystal Enterprise is similar to NT and AD authentication
in that you can map groups and set up authentication, authorization, and alias
creation. Also as with NT or AD authentication, you can create new Enterprise
Crystal Enterprise Administrator’s Guide
53
Security management components
accounts for existing LDAP users, and can assign LDAP aliases to existing users if
the user names match the Enterprise user names. In addition, you can do the
following:
• Implement LDAP authentication when Crystal Enterprise is running on
Windows or on UNIX.
• Map users and groups from the LDAP directory service.
• Specify multiple host names and their ports.
For information on mapping your LDAP users and groups to Crystal Enterprise,
see “Managing LDAP accounts” on page 84.
Once you have mapped your LDAP users and groups, all of the Crystal Enterprise
client tools support LDAP authentication, except for the Crystal Import Wizard.
You can also create your own applications that support LDAP authentication. For
more information, see the developer documentation available from the Crystal
Enterprise Launchpad.
More about LDAP
Lightweight Directory Access Protocol (LDAP), a common, application-independent
directory, enables users to share information among various applications. Based on
an open standard, LDAP provides a means for accessing and updating information
in a directory.
LDAP is based on the X.500 standard, which uses a directory access protocol
(DAP) to communicate between a directory client and a directory server. LDAP is
an alternative to DAP because it uses fewer resources and simplifies and omits
some X.500 operations and features.
The directory structure within LDAP has entries arranged in a specific schema.
Each entry is identified by its corresponding distinguished name (DN) or common
name (CN). Other common attributes include the organizational unit name (OU),
and the organization name (O). For example, a member group may be located in a
directory tree as follows: cn=Crystal Enterprise Users, ou=Enterprise Users A,
o=Research. Refer to your LDAP documentation for more information.
Because LDAP is application-independent, any client with the proper
authorization can access its directories. LDAP offers you the ability to set up users
to log on to Crystal Enterprise through LDAP authentication. It also enables users
to be authorized when attempting to access objects in Crystal Enterprise. As long
as you have an LDAP server (or servers) running, and use LDAP in your existing
networked computer systems, you can use LDAP authentication (along with
Enterprise, NT, and Windows AD authentication).
If desired, the LDAP security plug-in provided with Crystal Enterprise can
communicate with your LDAP server using an SSL connection established using
either server authentication or mutual authentication. With server authentication,
the LDAP server has a security certificate which Crystal Enterprise uses to verify
that it trusts the server, while the LDAP server allows connections from
54
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
anonymous clients. With mutual authentication, both the LDAP server and Crystal
Enterprise have security certificates, and the LDAP server must also verify the
client certificate before a connection can be established.
Note: The LDAP security plug-in provided with Crystal Enterprise can be
configured to communicate with your LDAP server via SSL, but always performs
basic authentication when verifying users’ credentials. Before deploying LDAP
authentication in conjunction with Crystal Enterprise, ensure that you are familiar
with the differences between these LDAP types. For details, see RFC2251, which
is currently available at http://www.faqs.org/rfcs/rfc2251.html
Windows AD security plug-in
Windows AD security plug-in enables you to map user accounts and groups from
your Windows 2000 Active Directory (AD) user database to Crystal Enterprise; it
also enables Crystal Enterprise to verify all logon requests that specify Windows AD
Authentication. Users are authenticated against the Windows AD user database,
and have their membership in a mapped AD group verified before the Crystal
Management Server (CMS) grants them an active Crystal Enterprise session.
This plug-in is compatible with Windows 2000 Active Directory domains running
in either native mode or mixed mode. Note that in order to use the Windows AD
security plug-in, the CMS needs to run under a user account that has the “Act as
Part of the Operating System” right. See your Windows 2000 documentation for
more information.For information on mapping Windows AD users and groups to
Crystal Enterprise, see “Managing AD accounts” on page 95.
Once you have mapped your AD users and groups, all of the Crystal Enterprise
client tools support AD authentication, except for the Crystal Import Wizard. You
can also create your own applications that support AD authentication. For more
information, see the developer documentation available on your product CD. For
information on mapping Windows AD users and groups to Crystal Enterprise, see
“Managing AD accounts” on page 95.
Note:
• AD authentication only works for servers running on Windows systems.
• AD authentication and aggregation is not functional without a network
connection.
• AD authentication and aggregation may not continue to function if the
administration credentials become invalid (for example, if the administrator
changes his or her password or if the account becomes disabled).
Single Sign On
The Windows AD security plug-in supports Single Sign On, thereby allowing
authenticated AD users to log on to Crystal Enterprise without explicitly entering
their credentials. The Single Sign On requirements depend upon the way in which
users access Crystal Enterprise: either via a thick client, or over the Web. In both
Crystal Enterprise Administrator’s Guide
55
Security management components
scenarios, the security plug-in obtains the security context for the user from the
authentication provider, and grants the user an active Crystal Enterprise session if
the user is a member of a mapped AD group:
• To obtain AD Single Sign On functionality from a thick-client application
(such as the Crystal Publishing Wizard), the user must be running a Windows
operating system, and the application must use the Crystal Enterprise SDK.
In this scenario, the Windows AD security plug-in queries the operating system
for the current user’s credentials when the client is launched.
• To obtain Single Sign On functionality over the Web, the system must use
Microsoft components only. Specifically, the user must be running Internet
Explorer on a Windows operating system, and the web server must be running
Internet Information Server (IIS).
Note: Crystal Enterprise provides its own form of “anonymous Single Sign On,”
which uses Enterprise authentication, as opposed to Windows AD authentication.
Design your own web applications accordingly (or modify the Crystal Enterprise
web desktop) if you want to use AD Single Sign On. For information on AD
Single Sign On, see “Using AD Single Sign On” on page 102.
Processing extensions
Crystal Enterprise offers you the ability to further secure your reporting environment
through the use of customized processing extensions. A processing extension is a
dynamically loaded library of code that applies business logic to particular Crystal
Enterprise view or schedule requests before they are processed by the system.
Note: On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded
libraries are often referred to as shared libraries (.so file extension). You must
include the file extension when you name your processing extensions.
Through its support for processing extensions, the Crystal Enterprise
administration SDK essentially exposes a “handle” that allows developers to
intercept the request. Developers can then append selection formulas to the
request before the report is processed.
A typical example is a report-processing extension that enforces row-level
security. This type of security restricts data access by row within one or more
database tables. The developer writes a dynamically loaded library that intercepts
view or schedule requests for a report (before the requests are processed by the Job
Server, Page Server, or Report Application Server). The developer’s code first
determines the user who owns the processing job; then it looks up the user’s dataaccess privileges in a third-party system. The code then generates and appends a
record selection formula to the report in order to limit the data returned from the
database. In this case, the processing extension serves as a way to incorporate
customized row-level security into the Crystal Enterprise environment.
Tip: In Crystal Enterprise 10, you can also set and enforce row-level security
56
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
through the use of Business Views. For more information, see the Business Views
Administrator's Guide.
The CMC provides methods for registering your processing extensions with
Crystal Enterprise and for applying processing extensions to particular object. For
details, see “Applying processing extensions to reports” on page 189.
By enabling processing extensions, you configure the appropriate Crystal
Enterprise server components to dynamically load your processing extensions at
runtime. Included in the SDK is a fully documented API that developers can use
to write processing extensions. For more information, see the developer
documentation available on your product CD.
Note: In the current release, processing extensions can be applied only to Crystal
report (.rpt) objects.
Active trust relationship
In a networked environment, a trust relationship between two domains is generally
a connection that allows one domain accurately to recognize users who have been
authenticated by the other domain. While maintaining security, the trust
relationship allows users to access resources in multiple domains without
repeatedly having to provide their credentials.
Within the Crystal Enterprise environment, the active trust relationship works
similarly to provide each user with seamless access to resources across the system.
Once the user has been authenticated and granted an active session, all other
Crystal Enterprise components can process the user’s requests and actions without
prompting for credentials. As such, the active trust relationship provides the basis
for Crystal Enterprise’s distributed security.
Tip: When combined with Single Sign On functionality, the active trust
relationship allows users to access their Crystal Enterprise resources without ever
having to explicitly provide credentials to Crystal Enterprise.
Logon tokens
A logon token is an encoded string that defines its own usage attributes and
contains a user’s session information. The logon token’s usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users. The current logon token usage attributes are:
• Number of minutes
This attribute restricts the lifetime of the logon token.
• Number of logons
This attribute restricts the number of times that the logon token can be used to
log on to Crystal Enterprise.
Crystal Enterprise Administrator’s Guide
57
Active trust relationship
Both attributes hinder malicious users from gaining unauthorized access to Crystal
Enterprise with logon tokens retrieved from legitimate users.
Ticket mechanism for distributed security
Enterprise systems dedicated to serving a large number of users typically require some
form of distributed security. An enterprise system may require distributed security,
for instance, to support features such as load balancing, stateless environments, or
transfer of trust (the ability to allow another component to act on behalf of the user).
Crystal Enterprise addresses distributed security by implementing a ticket
mechanism (one that is similar to the Kerberos ticket mechanism). The CMS grants
tickets that authorize components to perform actions on behalf of a particular user.
In Crystal Enterprise, the ticket is referred to as the logon token.
This logon token is most commonly used over the Web. When a user is first
authenticated by Crystal Enterprise, he or she receives a logon token from the
CMS. The user’s web browser caches this logon token. When the user makes a new
request, other Crystal Enterprise components can read the logon token from the
user’s web browser.
This use of the logon token provides the distributed security that is required for
load balancing to be implemented in conjunction with effective fault-protection. For
instance, suppose that you are running one web server and two Web Component
Servers, and each of the three components is running on a separate machine. The
Web Connector is installed on the web server, so as to direct all Crystal Enterprise
requests to the Web Component Servers. By default, the Web Connector balances
all Crystal Enterprise traffic across the two Web Component Servers: when a user
first connects to Crystal Enterprise, the Web Connector passes the logon request to
whichever Web Component Server has the most resources available. If the log on is
successful, the user is granted a logon token and an active identity on the system.
The user’s active identity is stored as a session variable on the Web Component
Server that processed the request; consequently, the user’s active identity is not
immediately accessible by the other Web Component Server. For this reason, the
Web Connector uses the user’s logon token to route all of the user’s requests to the
Web Component Server that is storing the user’s session. By doing so, the Web
Connector maintains security while providing optimal performance: the user’s
identity is verified, but the system does not have to repeatedly prompt the user for
his or her credentials; in addition, the user is prevented from unnecessarily
consuming resources on both Web Component Servers.
If the Web Component Server that is storing the user’s active session is taken
offline, the logon token again serves a critical purpose. If one Web Component
Server ceases to respond to a user’s requests, the Crystal Enterprise web desktop
and the CMC are designed such that the Web Connector is instructed to redirect
the request to the remaining Web Component Server. The client application logs
the user on with the valid logon token, and the remaining Web Component Server
58
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
is able to authenticate the user and create a new, active session without prompting
the user for his or her credentials. The remaining Web Component Server can then
authorize and carry out the user’s request. In this way, the logon token enables the
system’s load-balancing and fault-tolerance mechanisms to maintain a secure
environment without affecting the user’s experience.
In this scenario, when the original Web Component Server is brought back online,
the Web Connector automatically resumes its load-balancing responsibilities by
routing each subsequent request to the least used Web Component Server.
Sessions and session tracking
In general, a session is a client-server connection that enables the exchange of
information between the two computers. A session’s state is a set of data that
describes the session’s attributes, its configuration, or its content. When you
establish a client-server connection over the Web, the nature of HTTP limits the
duration of each session to a single page of information; thus, your web browser
retains the state of each session in memory only for as long as any single Web page
is displayed. As soon as you move from one web page to another, the state of the
first session is discarded and replaced with the state of the next session.
Consequently, Web sites and Web applications must somehow store the state of
one session if they need to reuse its information in another.
Crystal Enterprise uses two common methods to store session state: cookies and
session variables. A cookie is a small text file that stores session state on the client
side: the user’s web browser caches the cookie for later use. The Crystal Enterprise
logon token is an example of this method. A session variable is a portion of memory
that stores session state on the server side. When Crystal Enterprise grants a user
an active identity on the system, information such as the user’s authentication type
is stored in a session variable. So long as the session is maintained, the system
neither has to prompt the user for the information a second time nor has to repeat
any task that is necessary for the completion of the next request.
Ideally, the system should preserve the session variable while the user is active on the
system. And, to ensure security and to minimize resource usage, the system should
destroy the session variable as soon as the user has finished working on the system.
However, because the interaction between a web browser and a web server can be
stateless, it can be difficult to know when users leave the system, if they do not log
off explicitly. To address this issue, Crystal Enterprise implements session tracking.
WCS session tracking
The WCS implements session tracking similarly to most web servers. The serverside script pages (Crystal Server Pages) programmatically save variables to the
WCS session. By default, the WCS retains the session until the user explicitly logs
off, or until 20 minutes after the user’s last request (whichever occurs first).
Crystal Enterprise Administrator’s Guide
59
Environment protection
Note:
• If you are familiar with the SDK, you should note that a WCS session is an
instance of an InfoStore object.
• The WCS session timeout can be programmatically configured in the serverside .csp pages to timeout earlier if the default of 20 minutes is not desired.
CMS session tracking
The CMS implements a simple tracking algorithm. When a user logs on, he or she
is granted a CMS session, which the CMS preserves until the user logs off, or until
the WCS session variable is released.
The WCS session is designed to notify the CMS on a recurring basis that it is still
active, so the CMS session is retained so long as the WCS session exists. If the WCS
session fails to communicate with the CMS for a ten-minute time period, the CMS
destroys the CMS session. This handles scenarios where client-side components
shut down irregularly.
Note: If you are familiar with the SDK, you should note that a CMS session is an
instance of an EnterpriseSession object.
Environment protection
Environment protection refers to the security of the overall environment in which
client and server components communicate. Although the Internet and web-based
systems are increasingly popular due to their flexibility and range of functionality, they
operate in an environment that can be difficult to secure. When you deploy Crystal
Enterprise, environment protection is divided into two areas of communication:
• Web browser to web server
• Web server to Crystal Enterprise
Web browser to web server
When sensitive data is transmitted between the web browser and the web server,
some degree of security is usually required. Relevant security measures usually
involve two general tasks:
• Ensuring that the communication of data is secure.
• Ensuring that only valid users retrieve information from the web server.
These tasks are typically handled by web servers through various security
mechanisms, including the Secure Sockets Layer (SSL) protocol, Windows NT
Challenge/Response authentication, and other such mechanisms.
You must secure communication between the web browser and the web server
independently of Crystal Enterprise. For details on securing client connections,
refer to your web server documentation.
60
Crystal Enterprise Administrator’s Guide
5: Crystal Enterprise Security Concepts
Web server to Crystal Enterprise
Firewalls are commonly used to secure the area of communication between the
web server and the rest of the corporate intranet (including Crystal Enterprise).
Crystal Enterprise supports firewalls that use IP filtering, static network address
translation (NAT), or SOCKS proxy servers, and it supports a multitude of
configurations. Supported environments can involve multiple firewalls, web
servers, or Web Component Servers.
For complete details on Crystal Enterprise and firewall interaction, see “Working
with Firewalls” on page 367.
Auditing web activity
Crystal Enterprise provides insight into your system by recording web activity and
allowing you to inspect and to monitor the details. The WCS allows you to select
the web attributes—such as time, date, IP address, port number, and so on—that
you want to record. The auditing data is logged to disk and stored in commadelimited text files, so you can easily report off the data or import it into other
applications. For more information, see “Configuring properties for the Web
Component Server” on page 279.
Protection against malicious logon attempts
No matter how secure a system is, there is often at least one location that is
vulnerable to attack: the location where users connect to the system. It is nearly
impossible to protect this location completely, because the process of simply
guessing a valid user name and password remains a viable way to attempt to
“crack” the system.
Crystal Enterprise implements several techniques to reduce the probability of a
malicious user achieving access to the system. The various restrictions listed below
apply only to Enterprise accounts—that is, the restrictions do not apply to accounts
that you have mapped to an external user database (Windows NT, LDAP, or
Windows AD). Generally, however, your external system will enable you to place
similar restrictions on the external accounts.
Password restrictions
Password restrictions ensure that Enterprise users create passwords that are
relatively complex. You can enable the following options:
• Enforce mixed-case passwords
This option ensures that passwords contain at least two of the following
character classes: upper case letters, lower case letters, numbers, or punctuation.
Crystal Enterprise Administrator’s Guide
61
Protection against malicious logon attempts
• Must contain at least N characters
By enforcing a minimum complexity for passwords, you decrease a malicious
user’s chances of simply guessing a valid user’s password.
Logon restrictions
Logon restrictions serve primarily to prevent dictionary attacks (a method
whereby a malicious user obtains a valid user name and attempts to learn the
corresponding password by trying every word in a dictionary). With the speed of
modern hardware, malicious programs can guess millions of passwords per
minute. To prevent dictionary attacks, Crystal Enterprise has an internal
mechanism that enforces a time delay (0.5–1.0 second) between logon attempts. In
addition, Crystal Enterprise provides several customizable options that you can
use to reduce the risk of a dictionary attack:
• Disable accounts after N failed attempts to log on
• Reset failed logon count after N minute(s)
• Re-enable account after N minute(s)
User restrictions
User restrictions ensure that Enterprise users create new passwords on a regular
basis. You can enable the following options:
• Must change password every N day(s)
• Cannot reuse the N most recent password(s)
• Must wait N minute(s) to change password
These options are useful in a number of ways. Firstly, any malicious user
attempting a dictionary attack will have to recommence every time passwords
change. And, because password changes are based on each user’s first logon time,
the malicious user cannot easily determine when any particular password will
change. Additionally, even if a malicious user does guess or otherwise obtain
another user’s credentials, they are valid only for a limited time.
Guest account restrictions
By default, users who are logged on under the Guest account also have the ability
to sign up and create their own, new accounts on the system. The Guest account
restrictions allow you to disable this default behavior. For details, see “Disabling
the Sign Up feature” on page 24.
The Crystal Enterprise authentication provider supports anonymous Single Sign
On for the Guest account. Thus, when users connect to Crystal Enterprise without
specifying a user name and password, the system logs them on automatically
under the Guest account. If you assign a secure password to the Guest account, or
if you disable the Guest account entirely, you disable this default behavior. For
details, see “Disabling the Guest account” on page 25.
62
Crystal Enterprise Administrator’s Guide
Managing User Accounts and Groups
6
This chapter describes the tasks related to account
management for users and groups. It includes instructions
that describe how to add, modify, and remove accounts
within Crystal Enterprise. It also details how to use and
integrate NT, LDAP, and AD authentication with Crystal
Enterprise.
Crystal Enterprise Administrator’s Guide
63
What is account management?
What is account management?
Account management can be thought of as all of the tasks related to creating,
mapping, changing, and organizing user and group information. The Users and
Groups management areas of the Crystal Management Console (CMC) provide
you with a central place to perform all of these tasks.
In the Users area, you can specify everything required for a user to access Crystal
Enterprise. To create user accounts, specify the following:
• Account name (required)
• Full name
• Email
• Description
• Password settings
• Connection type
• Group membership
In the Groups area, you can create groups that give a number of people access to
the report or folder. This enables you to make changes in one place instead of
modifying each user account individually. To create groups, specify the following:
• Group name (required)
• Description
• Users who belong to the group
• Subgroups that belong to the group
• Group membership
After the user accounts and groups have been created, you can add report objects and
specify rights to them. When the users log on, they can view the reports using the
Crystal Enterprise web desktop or their custom web application. For more information
on objects and rights, see “Controlling users’ access to objects” on page 142.
Crystal Enterprise default users and groups
This section lists and describes the different types of default users and groups that
are found within Crystal Enterprise. Users are members of a group or groups—
their rights are determined by which group or groups they are associated with
(and also by their user rights).
Default users
There are two default users included with Crystal Enterprise: Administrator and
Guest. These users and any new users (created or mapped users) are members of
a group or groups. For procedures on managing users, see “Managing Enterprise
and general accounts” on page 67.
64
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Administrator
The Administrator user belongs to the Administrators and Everyone groups. This
user is able to perform all of the tasks in all of the Crystal Enterprise applications
(for example, the Crystal Management Console, Crystal Configuration Manager,
Crystal Publishing Wizard, and the Crystal Enterprise web desktop). By default,
the administrator is not assigned a password. To assign a password, see “Setting
the Administrator password” on page 24.
Guest
The Guest user is a member of the Everyone group. This user can view reports that are
found within the Report Samples folder. Generally, the Guest user accesses reports
through the Crystal Enterprise web desktop. This account is enabled by default. To
disable this default setting, see “Disabling the Guest account” on page 74.
Note: If users in multiple time zones use the Guest account, see “Supporting users
in multiple time zones” on page 405.
Default groups
There are three default groups created in Crystal Enterprise: Administrators,
Everyone, and New Sign-Up Accounts. In addition to organizing users and
simplifying administration, groups enable you to determine the functionality a
user has access to. For procedures on managing groups, see “Managing Enterprise
and general accounts” on page 67.
Administrators
Users who belong to the Administrators group are able to perform all tasks in all
of the Crystal Enterprise applications (Crystal Management Console, Crystal
Configuration Manager, Crystal Publishing Wizard, and the Crystal Enterprise
web desktop).
Note: To use the Crystal Configuration Manager, you may be required to have
additional rights on the local machine. For more information, see “Working with
the Crystal Configuration Manager” on page 22.
Everyone
Each user is a member of the Everyone group by default. Users are able to access
all of the Crystal Enterprise applications. By default, the Everyone group allows
access to all the reports that are found in the Report Samples folder.
Crystal Enterprise Administrator’s Guide
65
Available authentication types
New Sign-Up Accounts
Users who belong to the New Sign-up Accounts group have created their own
accounts through the sign-up feature in the Crystal Enterprise web desktop. See
“Disabling the Sign Up feature” on page 73 if you would like to disable this signup feature.
By default, members of this group are able to view reports specified by the
administrator and perform report and folder tasks. The purpose of this group is to
enable automatic tracking of users who have signed themselves up through the
sign-up feature in the Crystal Enterprise web desktop.
Note: Members of the New Sign-Up Accounts group also belong to the Everyone
group. If you restrict access to the New Sign-Up accounts group, ensure that the
change is also made for the Everyone group. You can also restrict access by
specifying the Advanced rights for the New Sign-Up Accounts group. For more
information on rights, see “Setting advanced object rights” on page 146.
Default Windows NT group
When you install Crystal Enterprise on Windows NT/2000, by default, Crystal
Enterprise creates a Crystal NT Users group—this group is also added to Windows
NT/2000.
Crystal NT Users
When NT authentication is enabled, Crystal NT Users can use their NT accounts to
log on to Crystal Enterprise. By default, members of this group are able to view
folders and reports.
Available authentication types
Before setting up user accounts and groups within Crystal Enterprise, decide
which of the three authentication types you want to use:
• Enterprise authentication
Use the system default Enterprise Authentication if you prefer to create distinct
accounts and groups for use with Crystal Enterprise, or if you have not already set
up a hierarchy of users and groups in a Windows NT user database, an LDAP
directory server, or a Windows AD server. See “Managing Enterprise and
general accounts” on page 67.
• Windows NT authentication
If you are working in a Windows NT environment (Windows NT/2000), you
can use existing NT user accounts and groups in Crystal Enterprise. When you
map NT accounts to Crystal Enterprise, users are able to log on to the Crystal
Enterprise web desktop with their NT user name and password. This eliminates
66
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
the need to recreate individual user and group accounts within Crystal
Enterprise. For more information, see “Managing NT accounts” on page 74.
• LDAP authentication
If you set up an LDAP directory server, you can use existing LDAP user
accounts and groups in Crystal Enterprise. When you map LDAP accounts to
Crystal Enterprise, users are able to access the Crystal Enterprise web desktop
with their LDAP user name and password. This eliminates the need to recreate
individual user and group accounts within Crystal Enterprise. For more
information, see “Managing LDAP accounts” on page 84.
• Windows AD authentication
If you are working in a Windows 2000 environment, you can use existing AD
user accounts and groups in Crystal Enterprise. When you map AD accounts to
Crystal Enterprise, users are able to log on to the Crystal Enterprise web
desktop with their AD user name and password. This eliminates the need to
recreate individual user and group accounts within Crystal Enterprise. For
more information, see “Managing AD accounts” on page 95.
Note: You can use Enterprise Authentication in conjunction with either NT,
LDAP, or AD authentication, or with all of the three authentication plug-ins.
Managing Enterprise and general accounts
Since Enterprise authentication is the default authentication method for Crystal
Enterprise, it is automatically enabled when you first install Crystal Enterprise.
When you add and manage users and groups, Crystal Enterprise maintains the
user and group information within its database.
This section focuses on the following account management tasks:
• “Creating an Enterprise user account” on page 68
• “Modifying a user account” on page 69
• “Deleting a user account” on page 69
• “Changing password settings” on page 70
• “Creating a group” on page 71
• “Modifying a group” on page 72
• “Viewing group members” on page 73
• “Deleting a group” on page 73
• “Disabling the Sign Up feature” on page 73
• “Disabling the Guest account” on page 74
• “Granting access to users and groups” on page 74
Note: In many cases, these procedures also apply to NT, LDAP, and AD account
management. For specific information on NT authentication, see “Managing NT
accounts” on page 74. For specific information on LDAP authentication, see
“Managing LDAP accounts” on page 84. For specific information on AD
authentication, see “Managing AD accounts” on page 95.
Crystal Enterprise Administrator’s Guide
67
Managing Enterprise and general accounts
Creating an Enterprise user account
When you create a new user, you specify the user’s properties and select the group
or groups for the user. For information on setting rights for the user, see “Granting
access to users and groups” on page 74.
To create a user account
Creating a user account is made up of two processes: defining the property
information, and adding the user to a group or groups.
Defining the property information
1 Go to the Users management area of the CMC.
2 Click New User.
3 Select the Enterprise authentication type.
4 Type the account name, full name, email, and description information.
Use the description area to include extra information about the user or account.
5 Specify the password information and settings. Options include:
• Password
Enter the password and confirm. This is the initial password that you
assign to the user. The maximum password length is 64 characters.
• Password never expires
Select the check box.
• User must change password at next logon
This check box is selected by default. If you do not want to force users to
change the password the first time they log on, clear the check box.
• User cannot change password
Select the check box.
6 Select the connection type.
• Concurrent User
Choose Concurrent user if this user belongs to a license agreement that
states the number of users allowed to be connected at one time.
• Named User
Choose Named user if this user belongs to a license agreement that
associates a specific user with a license. Named user licenses are useful for
people who require access to Crystal Enterprise regardless of the number of
other people who are currently connected.
7 Click OK.
The “Member of” and “Rights” tabs appear for the user. (For more information
on setting Rights, see “Controlling User Access” on page 141.)
68
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Adding the user to groups
1 Click the Member of tab to specify the group or groups the user should belong to.
Note: By default, all Crystal Enterprise users of the system are part of the
Everyone group.
2 Click the Member of button to view the available groups.
3 In the Available groups area, select the group(s) that the new user should be a
member of.
Use SHIFT+click or CTRL+click to select multiple groups.
4 Click the > arrow to add the group(s); click the < arrow to remove the group(s).
5 Click OK.
The “Member of” tab appears and lists the groups in which the user is a member.
Modifying a user account
Use this procedure to modify a user’s properties or group membership.
Note: The user will be affected if he or she is logged on when you are making the
change.
To modify a user account
1 Go to the Users management area of the CMC.
2 Under Account Name, click the link to the user whose properties you want to
change.
3 Make the required changes, as necessary, in the available fields.
In addition to all of the options that were available when you initially created
the account, you now can disable the account by selecting the “Account is
disabled” check box. You can also assign aliases—for more information, see
“Using account aliases for NT” on page 80, “Using account aliases for LDAP”
on page 92, or “Using account aliases for AD” on page 99.
4 Click Update.
Deleting a user account
Use this procedure to delete a user’s account. The user might receive an error if
they are logged on when their account is deleted.
Tip: You can also delete users with the User Administrative Tool. You can also use
this tool to reassign a user’s objects to another user. The User Administrative Tool
is available from the Administrative Tools area in the Crystal Enterprise Admin
Launchpad.
Crystal Enterprise Administrator’s Guide
69
Managing Enterprise and general accounts
To delete a user account
Use the delete function to remove the account permanently. If you think the user
might require access to the account again in the future, select the “Account is
disabled” check box in the Properties page of the selected user. For procedural
information, see “Modifying a user account” on page 69.
1 Go to the Users management area of the CMC.
2 Select the check box associated with the user you want to delete.
3 Click Delete.
The delete confirmation dialog box appears.
4 Click OK.
The user account is deleted.
Note: If your implementation supports the sign-up feature, users who have had
their accounts deleted are able to create a new account for themselves in the
Crystal Enterprise web desktop.
Changing password settings
Within the Crystal Management Console, you can change the password settings
for a specific user or for all users in the system. For information, see “Protection
against malicious logon attempts” on page 61.
The various restrictions listed below apply only to Enterprise accounts—that is, the
restrictions do not apply to accounts that you have mapped to an external user
database (Windows NT, LDAP, or Windows AD). Generally, however, your
external system will enable you to place similar restrictions on the external accounts.
To change user password settings
1 Go to the Users management area of the CMC.
2 Click the user whose password settings you want to change.
The Properties tab appears.
3 Select or clear the check box associated with the password setting you wish to
change.
The available options are:
• Password never expires
• User must change password at next logon
• User cannot change password
4 Click Update.
To change password settings
1 Go to the Authentication management area of the CMC.
2 Click the Enterprise tab.
70
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
3 Select the check box and enter the value related to the password setting.
The table below identifies the minimum and maximum values for each of the
settings you can configure:
Password Setting
Minimum
Recommended
Maximum
Must contain at least N characters
0 characters
64 characters
Must change password every N days
1 day
100 days
Cannot reuse the N most recent passwords
1 password
100 passwords
Must wait N minutes to change password
0 minutes
100 minutes
Disable account after N failed attempts to log on 1 failed
100 failed
Reset failed logon count after N minutes
1 minute
100 minutes
Re-enable account after N minutes
0 minutes
100 minutes
4 Click Update.
Creating a group
Groups are collections of users who share the same account privileges. For instance,
you may create groups that are based on department, role, or location. Groups
enable you to make changes in one place (a group) instead of modifying each user
account individually. Also, you can assign object rights to a group or groups. For
information on object rights, see “Managing objects overview” on page 178. For
information on granting users and groups administrative rights to other groups,
see “Granting access to users and groups” on page 74.
After creating a new group, you can add users, add subgroups, or specify group
membership so that the new group is actually a subgroup. Because subgroups
provide you with additional levels of organization, they are useful when you set
object rights to control users’ access to your Crystal Enterprise content.
To create a new group
1 Go to the Groups management area of the CMC.
2 Click New Group.
3 On the Properties tab, enter the group name and description.
4 Click OK.
Adding users
1 Click the Users tab.
2 Click Add Users.
Crystal Enterprise Administrator’s Guide
71
Managing Enterprise and general accounts
3 Select the users to add to the group; then click the > arrow.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
4 Click OK.
The Users tab appears. It lists all of the users who belong to this group.
Adding subgroups
1 Click the Subgroups tab.
2 Click Add/Remove Subgroups.
3 Select the groups that should be members of this new group; then click the > arrow.
4 Click OK.
Specifying group membership
1 Click the Member of tab.
2 Click the Member of button.
3 Select the parent groups that this new group will be a member of; then click
the > arrow.
Any rights associated with the parent group will be inherited by the new group
you have created.
4 Click OK.
Modifying a group
You can modify a group by making changes to any of the settings.
Note: The users who belong to the group will be affected by the modification if
they are logged on when you are making changes.
To modify a group
1 Go to the Groups management area of the CMC.
2 Under the Group Name column, click the link to the group whose configuration
you want to change.
3 Make the necessary changes in one of the four tabs:
• Properties
• Users
• Subgroups
• Member of
72
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
4 Depending on which tab you have selected, click OK or Update after you have
made your changes.
Viewing group members
You can use this procedure to view the users who belong to a specific group.
To view group members
1 Go to the Groups management area of the CMC.
2 Under Group Name, click the desired group.
3 Click Users.
4 Click Refresh.
Note: It may take a few minutes for your list to refresh if you have a large
number of users in the group or if your group is mapped to an NT user
database, LDAP user directory, or AD user directory.
Deleting a group
You can delete a group when that group is no longer required.
Note: The users who belong to the group will be affected by the change if they are
logged on when the group is deleted.
To delete a group
1 Go to the Groups management area of the CMC.
2 Select the check box associated with the group you want to delete.
3 Click Delete.
The delete confirmation dialog box appears.
4 Click OK.
Disabling the Sign Up feature
When users connect to the Crystal Enterprise web desktop without specifying a
user name and password, the system logs them on automatically under the Guest
account. By default, each user then can sign up and create a new account on the
system. You have the option to change this default behavior and to prevent guest
users from creating their own accounts.
To disable the Sign Up feature
1 Go to the Authentication management area of the CMC.
2 Click the Enterprise tab.
Crystal Enterprise Administrator’s Guide
73
Managing NT accounts
3 In the “Guest Account Restrictions” area, clear the “Guest” users can create
their own Enterprise accounts check box.
4 Click Update.
Disabling the Guest account
By disabling the Guest account, you ensure that no one can log on to Crystal
Enterprise with this account. By disabling the Guest account, you also disable the
anonymous Single Sign On functionality of Crystal Enterprise, so users will be
unable to access the Crystal Enterprise web desktop without providing a valid user
name and password.
To disable the Guest account
1 Go to the Users management area of the CMC.
2 In the Account Name column, click Guest.
3 On the Properties tab, select the Account is disabled check box.
4 Click Update.
5 If you are prompted for confirmation, click OK.
Granting access to users and groups
You can grant users and groups administrative access to other users and groups.
Administrative rights include: viewing, editing, and deleting objects; viewing and
deleting object instances; and pausing object instances. For example, for
troubleshooting and system maintenance, you may want to grant your IT
department access to edit and delete objects.
For more information about granting rights to users and groups, see “Controlling
access to users and groups” on page 175.
Managing NT accounts
This section provides an overview of NT authentication and the tasks related to
managing it. For information on how NT authentication works in conjunction with
Crystal Enterprise, see “Windows NT security plug-in” on page 52.
Note:
• NT authentication only works for servers running on Windows systems. If you
install Crystal Enterprise on a Windows NT/2000 machine, NT authentication
is installed and enabled by default.
• NT accounts refer to both Windows NT and 2000 accounts.
74
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Mapping NT accounts
To simplify administration, Crystal Enterprise supports user and group accounts
that are created using Windows NT/2000. However, before users can use their NT
user name and password to log on to Crystal Enterprise, their NT user account
needs to be mapped to Crystal Enterprise. When you map an NT account, you can
choose to create a new Crystal Enterprise account or link to an existing Crystal
Enterprise account.
There are two ways to map NT accounts to Crystal Enterprise: you can use either
the User Manager in Windows NT or Computer Management in Windows 2000,
or you can use the Crystal Management Console in Crystal Enterprise.
To map NT users and groups using Windows NT
1 From the Windows Administrative Tools program group, click User Manager.
Note: Ensure that you have selected the domain that contains the Crystal NT
Users group.
2 Select the Crystal NT Users group.
Note: The Crystal NT Users group is created automatically in Windows NT/
2000 when you install Crystal Enterprise on Windows NT/2000.
3 From the User menu, click Properties.
4 Click Add.
5 Select the group(s) and/or user(s); then click Add.
6 Click OK to add the group(s) and/or user(s).
7 Click OK to complete the process.
Tip: Users will now be able to log on to the Crystal Enterprise web desktop
using their NT account if they use the following format:
\\NTDomainName\NTusername or
\\NTMachineName\LocalUserName
Users do not have to specify the NT Domain Name if it is specified in the
“Default NT Domain” field on the Windows NT tab.
To map NT users and groups using Windows 2000
1 From the Windows Administrative Tools program group, click Computer
Management.
2 Under System Tools, select Local Users and Groups.
3 Click the Groups folder.
4 Select the Crystal NT Users and from the Action menu, select Properties.
5 Click Add.
6 Select the group(s) and/or user(s); then click Add.
Crystal Enterprise Administrator’s Guide
75
Managing NT accounts
7 Click OK to add the group(s) and/or user(s).
8 Click OK or Apply (and then Close) to complete the process.
Tip: Users will now be able to log on to the Crystal Enterprise web desktop
using their NT account if they use the following format:
\\NTDomainName\NTusername or
\\NTMachineName\LocalUserName
Users do not have to specify the NT Domain Name if it is specified in the
“Default NT Domain” field on the Windows NT tab.
To map NT users and groups using Crystal Enterprise
Before starting this procedure, ensure you have the NT domain and group
information.
1 Go to the Authentication management area of the CMC.
2 Click the Windows NT tab.
3 Ensure that the NT Authentication is enabled check box is selected.
4 To change the Default NT domain, click the domain name. Complete the
Default NT Domain field.
76
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Note: By typing the default NT Domain Name, users do not have to specify the
NT Domain Name when they log on to Crystal Enterprise via NT authentication.
5 In the Mapped NT Member Groups area, enter the NT domain\group in the
Add NT Group (NT Domain\Group) field.
Note: If you want to map a local NT group, you must type
\\NTmachinename\groupname.
6 Click Add.
The group is added to the list.
7 New Alias Options allow you to specify how NT aliases are mapped to Enterprise
accounts. Select either:
• Assign each added NT alias to an account with the same name
Use this option when you know users have an existing Enterprise account
with the same name; that is, NT aliases will be assigned to existing users
(auto alias creation is turned on). Users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and NT account, are added as new NT users.
or
• Create a new account for every added NT alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in the
Crystal Enterprise web desktop, the user will have separate NT and
Enterprise accounts.
8 Update Options allow you to specify if NT aliases are automatically created for
all new users. Select either:
• New aliases will be added and new users will be created
Use this option to automatically create a new alias for every NT user
mapped to Crystal Enterprise. New NT accounts are added for users
without Crystal Enterprise accounts, or for all users if you selected the
“Create a new account for every added NT alias” option.
or
• No new aliases will be added and new users will not be created
Use this option when the NT directory you are mapping contains many
users, but only a few of them will use Crystal Enterprise. Crystal Enterprise
does not automatically create aliases and Enterprise accounts for all users.
Instead, it creates aliases (and accounts, if required) only for users who log
on to Crystal Enterprise.
9 New User Options allow you to specify properties of the new Enterprise
accounts that are created to map to NT accounts. Select either:
• New users are created as named users
New user accounts are configured to use named user licenses. Named user
licenses are associated with specific users and allow people to access the
system based on their user name and password. This provides named users
Crystal Enterprise Administrator’s Guide
77
Managing NT accounts
with access to the system regardless of how many other people are
connected. You must have a named user license available for each user
account created using this option.
• New users are created as concurrent users
New user accounts are configured to use concurrent user licenses.
Concurrent licenses specify the number of people who can connect to
Crystal Enterprise at the same time. This type of licensing is very flexible
because a small concurrent license can support a large user base. For
example, depending on how often and how long users access Crystal
Enterprise, a 100 user concurrent license could support 250, 500, or 700 users.
10 Click Update.
A message appears stating that it will take several seconds to update the
member groups.
11 Click OK.
Unmapping NT users and groups
Similar to mapping, it is possible to unmap users and groups using the administrative
tool in Windows NT/2000, or Crystal Enterprise.
To unmap NT users and groups using Windows NT
1 From the Administrative Tools program group, click User Manager.
2 Select Crystal NT Users.
3 From the User menu, click Properties.
4 Select the user(s) or group(s); then click Remove.
5 Click OK.
The user or group will no longer be able to access Crystal Enterprise.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their own
accounts through the sign-up feature. To restrict access, disable or delete the
user’s Enterprise account and disable the ability for guests to add users
anonymously. For more information, see “Managing Enterprise and general
accounts” on page 67.
To unmap NT users and groups using Windows 2000
1 From the Administrative Tools program group, click Computer Management.
2 Under System Tools, select Local Users and Groups.
3 Click the Groups folder.
78
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
4 Select Crystal NT Users.
5 From the Action menu, click Properties.
6 Select the user(s) or group(s); then click Remove.
7 Click OK or Apply (and then Close) to complete the process.
The user or group will no longer be able to access Crystal Enterprise.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their own
accounts through the sign-up feature. To restrict access, disable or delete the
user’s Enterprise account and disable the ability for guests to add users
anonymously. For more information, see “Managing Enterprise and general
accounts” on page 67.
To unmap NT groups using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the Windows NT tab.
3 In the Mapped NT Member Groups area, select the NT group you would like
to remove.
4 Click Delete.
5 Click Update.
The users in this group will not be able to access Crystal Enterprise.
Tip: To deny NT Authentication for all groups, clear the “NT Authentication is
enabled” check box and click Update.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their own
accounts through the sign-up feature. To restrict access, disable or delete the
user’s Enterprise account and disable the ability for guests to add users
anonymously. For more information, see “Managing Enterprise and general
accounts” on page 67.
To unmap NT users using Crystal Enterprise
1 Go to the Users management area of the CMC.
2 Click the name of the user whose account you want to unmap.
3 On the Properties tab, for the user’s NT alias clear the Enabled check box.
4 Click Update.
This user can no longer log on using NT authentication. To further restrict
access, disable or delete the user’s other aliases, their Enterprise account, and
disable the ability for guests to add users anonymously. For more information,
see “Managing Enterprise and general accounts” on page 67.
Crystal Enterprise Administrator’s Guide
79
Managing NT accounts
Viewing mapped NT users and groups in Crystal Enterprise
There are two methods to view mapped users and groups in Crystal Enterprise.
The method you use depends on the way the groups and users have been mapped.
To view users and groups that have been added using Windows NT/2000
or Crystal Enterprise
1 Go to the Groups management area of the CMC.
2 If you added users and groups through Windows NT/2000, then click Crystal
NT Users.
If you added users and groups through the CMC, then select the appropriate
group.
3 Click the Users tab.
4 Click OK to the message which states that accessing the user list may take
several seconds.
5 Click Refresh.
6 Click OK.
To view users and groups that have been added using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the Windows NT tab.
The “Mapped NT Member Groups” area displays the groups that have been
mapped to Crystal Enterprise.
Note: You can view the groups and users by selecting the appropriate group
from the Groups management area and then clicking the Users tab.
Using account aliases for NT
If a user has multiple accounts in Crystal Enterprise, you can link them using the
assign alias feature. This is useful when you are aware of a user who has an NT
account mapped to Enterprise and an Enterprise account. By using an alias, the
user is able to use either an NT user name and password or an Enterprise user
name and password to log on. Thus, an alias enables a user to log on via more than
one authentication type.
You can also reassign an alias in Crystal Enterprise. For example, when you map
your NT accounts to Crystal Enterprise, if an alias is auto-mapped incorrectly, you
can use the Reassign Alias feature to update the mapped account information. This
occurs when the NT user name is different from the Enterprise account user name;
that is, if a user has the name “Test User 1” in NT and the name “1234 User Test” in
Crystal Enterprise, the auto-mapping feature (when you map your NT account to
Crystal Enterprise) will not assign “Test User 1” the “1234 User Test” alias. This
scenario only occurs when you choose the “Assign each added NT alias to an account
with the same name” option when you map your NT accounts to Crystal Enterprise.
80
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
This section describes how to assign an NT alias, reassign an NT alias, and view
alias information.
To assign an NT alias
1 Go to the Users management area of the CMC.
2 Select the user you want to create an alias for.
3 Click the Assign Alias button.
4 Select the appropriate NT alias or aliases.
5 Click the > arrow.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the user’s account will be deleted.
The Properties tab appears with the new alias listed. By default, NT, LDAP, AD,
and Enterprise authentication methods are available.
To reassign an NT alias
1 Go to the Users management area of the CMC.
2 Select the user whose alias you would like to change.
3 Click the Reassign Alias button.
Note: If there is only one alias for the user, you will receive a message asking
you to confirm that you wish to continue.
4 Click either Assign the Alias to a new user or select an existing user.
Note:
• If you choose to assign the alias to a different user, and the original user has
only one NT alias and does not have other aliases, the user’s account and
original favorites folder will be deleted. As a result, the user will not be able
to access any reports that used to be in the original favorites folder.
• When you assign an alias, you are moving an alias to the current user; when
you reassign an alias, you are moving the alias away from the current user.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
Crystal Enterprise Administrator’s Guide
81
Managing NT accounts
5 Click OK.
To view alias information
1 In the Account Management area, click Users.
2 Select the user whose alias information you would like to view.
The bottom portion of the properties page contains the alias information. A user
can have any combination of Crystal Enterprise aliases, NT aliases, LDAP
aliases, or AD aliases. A Crystal Enterprise alias is generated when a new
account is created. An NT alias is created when users are mapped from NT to
Crystal Enterprise. Users will have both a Crystal Enterprise alias and an NT
alias when their NT accounts have been assigned to a Crystal Enterprise user.
Troubleshooting NT accounts
Creating a new NT user account
• If you create a new NT user account, and the account does not belong to a
group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see “Mapping NT accounts” on page 75.
• If you create a new NT user account, and the account belongs to a group account
that is mapped to Crystal Enterprise, refresh the user list. For more information,
see “Viewing mapped NT users and groups in Crystal Enterprise” on page 80.
Creating a new NT group account
• If you create a new NT group account, and the group account does not belong
to a group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see “Mapping NT accounts” on page 75.
• If you create a new NT group account, and the account belongs to a group account
that is mapped to Crystal Enterprise, refresh the group list. For more information,
see “Viewing mapped NT users and groups in Crystal Enterprise” on page 80.
Disabling an NT user account
• If you disable an NT user account (using Windows Administrative Tools), the
user will not be able to log on to Crystal Enterprise using the mapped NT
account. However, if the user also has an account that uses Enterprise
authentication, the user can still access Crystal Enterprise using that account.
Disabling an NT group account
• If you disable an NT group account (using Windows Administrative Tools),
the users who belong to that group will not be able to log on to Crystal
Enterprise using their mapped NT accounts. However, those users who also
have an account that uses Enterprise authentication will still be able to log on
to Crystal Enterprise.
82
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Setting up NT Single Sign On
You can configure Crystal Enterprise to allow users to use various Crystal
Enterprise applications without being prompted to log on. Users need only to enter
their NT user name and password information once at the beginning of the NT
session. For instance, if you have set up NT Single Sign On, when you launch the
CMC, NT authentication occurs in the background. You are not required to enter
any additional information.
Note: This feature is available if you are using a Microsoft Internet Information
Server (IIS) web server and users are using Internet Explorer as their web
browser. See the Platforms.txt file included with your product distribution for a
complete list of version requirements.
Crystal Enterprise provides its own form of “anonymous Single Sign On,” which
uses Enterprise authentication, as opposed to Windows NT authentication. Design
your own web applications accordingly (or modify the Crystal Enterprise web
desktop) if you want to use NT Single Sign On. By default, when a user launches
Crystal Enterprise, he or she will be automatically logged on using the Guest
account (Enterprise authentication). You can disable this feature—for more
information, see “Disabling the Sign Up feature” on page 73. However, even when
you disable the Sign Up feature, Crystal Enterprise is designed to display a logon
page. With Single Sign On enabled, the user can select Windows NT from the
Authentication list and click Log On without entering his or her user name or
password. In the developer documentation, refer to the tutorial for an example on
creating a web application that uses Single Sign On.
Setting up NT Single Sign On involves two processes:
• Configuring the IIS web server
Using the documentation included with your IIS server, change the access and
authentication settings for the Enterprise virtual directory. Disable the settings
for allowing “Anonymous access” and “Basic authentication” options. Ensure
that the setting for Windows NT Challenge/Response (also referred to as
Integrated Windows authentication) is enabled.
Note: Crystal Enterprise does not support the Kerberos protocol.
• Configuring the Web Component Server
Use the Crystal Configuration Manager (CCM) to configure the Web
Component Server.
To configure the Web Component Server using the CCM
1 From the Crystal Enterprise program group, click Crystal Configuration
Manager.
Note: To use the CCM, you must have NT administrator rights on the local
machine. If you are managing servers on a remote machine, you must also
have NT administrator rights on the machine you are connecting to.
Crystal Enterprise Administrator’s Guide
83
Managing LDAP accounts
Depending on the configuration of your network, you might be prompted to
enter a user name and password.
2 Select the Crystal Web Component Server; then click the Stop button.
3 Either double-click the Crystal Web Component Server or right-click the
Crystal Web Component Server and select Properties.
4 Click the Configuration tab.
5 Select the Use Windows NT Integrated security check box.
6 Click OK.
7 Restart the Web Component Server by selecting the Crystal Web Component
Server and then clicking the Start button.
Managing LDAP accounts
Since Enterprise authentication is the default authentication method for Crystal
Enterprise, it is automatically enabled when you first install Crystal Enterprise.
When you add and manage users and groups, Crystal Enterprise maintains the user
and group information within its database. To use LDAP authentication, you need
to first ensure that you have your respective LDAP directory set up. For more
information about LDAP, refer to your LDAP documentation. For more information
on the LDAP security plug-in, see “LDAP security plug-in” on page 53.
Note: When you install Crystal Enterprise, the LDAP authentication plug-in is
installed automatically, but not enabled by default.
84
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Configuring LDAP authentication and mapping LDAP accounts
To simplify administration, Crystal Enterprise supports LDAP authentication for
user and group accounts. Before users can use their LDAP user name and
password to log on to Crystal Enterprise, you need to map their LDAP account to
Crystal Enterprise. When you map an LDAP account, you can choose to create a
new Crystal Enterprise account or link to an existing Crystal Enterprise account.
Before setting up and enabling LDAP authentication, ensure that you have your
LDAP directory set up. For more information, refer to your LDAP documentation.
To set up LDAP authentication using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the LDAP tab, and then click “Start LDAP Configuration Wizard”.
The LDAP Configuration Wizard will lead you through the setup of LDAP
authentication, step by step.
3 The first screen of the wizard asks for information about your LDAP host.
Type your LDAP host and port information in the Add LDAP host
(hostname:port) field (for example, “myserver:123”); then click Add.
Repeat this step to add more than one LDAP host of the same server type if you
want to add hosts that can act as failover servers. If you want to remove a host,
highlight the host name and click Delete. For more information on multiple
hosts, refer to “Managing multiple LDAP hosts” on page 92.
4 Click Next.
5 Select your server type from the LDAP Server Type list. Click Show Attribute
Mappings if you want to view or change any of the LDAP Server Attribute
Mappings or the LDAP Default Search Attributes.
By default, each supported server type’s server attribute mappings and search
attributes are already set.
6 Click Next.
7 In the Base LDAP Distinguished Name field, type the distinguished name
(for example, o=SomeBase).
8 Click Next.
9 Enter the credentials required by the LDAP hosts.
• In the “LDAP Server Administration Credentials” area, type the distinguished
name and password for a user account that is authorized to administer your
LDAP server.
If your LDAP Server allows anonymous binding, leave this area blank—Crystal
Enterprise servers and clients will bind to the primary host via anonymous logon.
• Enter another distinguished name and password in the “LDAP Referral
Credentials” area if all of the following apply:
• The primary host has been configured to refer to another directory server
that handles queries for entries under a specified base.
Crystal Enterprise Administrator’s Guide
85
Managing LDAP accounts
• The host being referred to has been configured to not allow anonymous
binding.
• A group from the host being referred to will be mapped to Crystal Enterprise.
Although groups can be mapped from multiple hosts, only one set of referral
credentials can be set. Therefore if you have multiple referral hosts, you must
create a user account on each host that uses the same distinguished name and
password.
10 Enter the number of referral hops in the Maximum Referral Hops field.
If this field is set to zero, no referrals will be followed.
11 Click Next.
12 Select the type of SSL authentication (none, Server Authentication, or Mutual
Authentication) your LDAP hosts uses to establish a connection with Crystal
Enterprise. Click Next.
13 If you selected Server Authentication or Mutual Authentication, choose one of
the following options:
• Always accept server certificate
This is the lowest security option. Before Crystal Enterprise can establish an
SSL connection with the LDAP host (to authenticate LDAP users and
groups), it must receive a security certificate from the LDAP host. Crystal
Enterprise does not verify the certificate it receives.
• Accept server certificate if it comes from a trusted Certificate Authority
This is a medium security option. Before Crystal Enterprise can establish an
SSL connection with the LDAP host (to authenticate LDAP users and
groups), it must receive and verify a security certificate sent to it by the
LDAP host. To verify the certificate, Crystal Enterprise must find the
Certificate Authority that issued the certificate in its certificate database.
Tip: Java applications (such as the Java version of the Crystal Enterprise web
desktop) always use this option, regardless of the setting you choose.
• Accept server certificate if it comes from a trusted Certificate Authority and
the CN attribute of the certificate matches the DNS hostname of the server
This is the highest security option. Before Crystal Enterprise can establish
an SSL connection with the LDAP host (to authenticate LDAP users and
groups), it must receive and verify a security certificate sent to it by the
LDAP host. To verify the certificate, Crystal Enterprise must find the
Certificate Authority that issued the certificate in its certificate database. It
must also be able to confirm that the CN attribute on the server certificate
exactly matches the host name of the LDAP host as you typed it in the
“Add LDAP host” field in the first step of the wizard. That is, if you entered
the LDAP host name as ABALONE.rd.crystald.net:389, using CN
=ABALONE:389 in the certificate would not work.
Tip: The host name on the server security certificate is the name of the primary
LDAP host. Therefore if you select this option you cannot use a failover LDAP host.
86
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
14 In the SSL host box, you must next add the host name of each machine in your
Crystal Enterprise system that uses the Crystal Enterprise SDK. (This includes
the machine running your Crystal Management Server and the machine
running your Web Component Server or your Web Component Adapter.)
Type the host name of each machine in the SSL Host box, and then click Add.
15 Now configure the SSL settings for each SSL host in the list, starting with the
default host.
• To select settings for the default host, first clear the Use default value boxes.
Then type your values for the path to the certificate and key database files, the
password for the key database. Type a nickname for the client certificate in the
cert7.db if you selected mutual authentication.
The settings for the default host are used:
• for any setting (for any host) where you leave the “Use default value” box
checked.
• for any machine whose name you do not explicitly add to the list of SSL hosts.
• To select settings for another host, select its name in the list on the left. Then
type the appropriate values in the boxes on the right.
16 Click Next.
17 The next screen of the wizard controls how Crystal Enterprise maps LDAP
users to Crystal Enterprise users.
New Alias Options allow you to specify how LDAP aliases are mapped to
Enterprise accounts. Select either:
• Assign each added LDAP alias to an account with the same name
Use this option when you know users have an existing Enterprise account
with the same name; that is, LDAP aliases will be assigned to existing users
Crystal Enterprise Administrator’s Guide
87
Managing LDAP accounts
(auto alias creation is turned on). Users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and LDAP account, are added as new LDAP users.
or
• Create a new account for every added LDAP alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in Crystal
Enterprise, the user will have separate LDAP and Enterprise accounts.
18 Update Options allow you to specify if LDAP aliases are automatically created
for all new users. Select either:
• New aliases will be added and new users will be created
Use this option to automatically create a new alias for every LDAP user
mapped to Crystal Enterprise. New LDAP accounts are added for users
without Crystal Enterprise accounts, or for all users if you selected the
“Create a new account for every added LDAP alias” option.
or
• No new aliases will be added and new users will not be created
Use this option when the LDAP directory you are mapping contains many
users, but only a few of them will use Crystal Enterprise. Crystal Enterprise
does not automatically create aliases and Enterprise accounts for all users.
Instead, it creates aliases (and accounts, if required) only for users who log
on to Crystal Enterprise.
19 New User Options allow you to specify properties of the new Enterprise
accounts that are created to map to LDAP accounts. Select either:
• New users are created as named users
New user accounts are configured to use named user licenses. Named user
licenses are associated with specific users and allow people to access the
system based on their user name and password. This provides named users
with access to the system regardless of how many other people are
connected. You must have a named user license available for each user
account created using this option.
• New users are created as concurrent users
New user accounts are configured to use concurrent user licenses. Concurrent
licenses specify the number of people who can connect to Crystal Enterprise
at the same time. This type of licensing is very flexible because a small
concurrent license can support a large user base. For example, depending on
how often and how long users access Crystal Enterprise, a 100 user
concurrent license could support 250, 500, or 700 users.
20 Click Finish to save your LDAP settings.
The LDAP Server Summary page appears.
88
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Mapping LDAP groups
Once you have configured LDAP authentication using the LDAP configuration
wizard, you can map LDAP groups to Enterprise groups.
To map LDAP groups using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the LDAP tab.
If LDAP authorization is configured, the LDAP summary page appears.
3 In the “Mapped LDAP Member Groups” area, specify your LDAP group
(either by common name or distinguished name) in the Add LDAP group (by
cn or dn) field; click Add.
You can add more than one LDAP group by repeating this step. To remove a
group, highlight the LDAP group and click Delete.
4 Click Update.
Unmapping LDAP users and groups
Similar to mapping, it is possible to unmap users and groups using Crystal
Enterprise.
Crystal Enterprise Administrator’s Guide
89
Managing LDAP accounts
To unmap LDAP groups using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the LDAP tab.
If LDAP authorization is configured, the LDAP summary page will appear.
3 In the “Mapped LDAP Member Groups” area, select the LDAP group you
would like to remove.
4 Click Delete.
5 Click Update.
The users in this group will not be able to access Crystal Enterprise.
Tip: To deny LDAP Authentication for all groups, clear the “LDAP
Authentication is enabled” check box and click Update.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their own
accounts through the sign-up feature. To restrict access, disable or delete the
user’s Enterprise account and disable the ability for guests to add users
anonymously. For more information, see “Managing Enterprise and general
accounts” on page 67.
To unmap LDAP users using Crystal Enterprise
1 Go to the Users management area of the CMC.
2 Click the name of the user whose account you want to unmap.
3 On the Properties tab, for the user’s LDAP alias clear the Enabled check box.
4 Click Update.
This user can no longer log on using LDAP authentication. To further restrict
access, disable or delete the user’s other aliases, their Enterprise account, and
disable the ability for guests to add users anonymously. For more information,
see “Managing Enterprise and general accounts” on page 67. To restrict access
for this user
Viewing mapped LDAP users and groups in Crystal Enterprise
You can view your LDAP mapped groups in Crystal Enterprise by clicking the
LDAP tab (located in the Authentication management area). If LDAP
authorization is configured, the Mapped LDAP Member Groups area displays the
LDAP groups that have been mapped to Crystal Enterprise.
90
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Changing LDAP connection parameters and member groups
After you have configured LDAP authentication using the LDAP configuration
wizard, you can change LDAP connection parameters and member groups using
the LDAP Server Configuration Summary Page. To access this page, go to the
Authentication area of the Crystal Management Console and then click the LDAP
tab. (For information on configuring LDAP authentication using the LDAP
configuration wizard, see “Configuring LDAP authentication and mapping LDAP
accounts” on page 85.)
On the LDAP Server Configuration Summary page, you can change any of the
connection parameter areas or fields:
• LDAP Hosts
• LDAP Server Type
• Base LDAP Distinguished Name
• LDAP Server Administration Credentials
• LDAP Referral Credentials
• Maximum Referral Hops
• SSL Type
• New Alias options
• Update Alias options
• New User options.
You can also modify the Mapped LDAP Member Groups area.
To change connection settings
1 Delete currently mapped groups that will no longer be accessible under the
new connection settings.
2 Click Update.
3 Change your connection settings.
4 Click Update.
5 Change your Alias and New User options.
6 Click Update.
7 Map your new LDAP member groups.
8 Click Update.
Crystal Enterprise Administrator’s Guide
91
Managing LDAP accounts
Managing multiple LDAP hosts
Using LDAP and Crystal Enterprise, you can add fault tolerance to your system by
adding multiple LDAP hosts. Crystal Enterprise uses the first host that you add as
the primary LDAP host. Subsequent hosts are treated as failover hosts.
The primary LDAP host and all failover hosts must be configured in exactly the
same way, and each LDAP host must refer to all additional hosts from which you
wish to map groups. For more information about LDAP hosts and referrals, see
your LDAP documentation.
To add multiple LDAP Hosts, enter all hosts when you configure LDAP using the
LDAP configuration wizard (see “Configuring LDAP authentication and mapping
LDAP accounts” on page 85 for details.) Or if you have already configured LDAP,
go to the Authentication management area of the Crystal Management Console
and click the LDAP tab. In the LDAP Server Configuration Summary area, click the
name of the LDAP host to open the page that enables you to add or delete hosts.
Note:
• The order in which the hosts are communicated with matters, so ensure that
you add the primary host first, followed by the remaining failover hosts.
• If you use failover LDAP hosts, you cannot use the highest level of SSL
security (that is, you cannot select “Accept server certificate if it comes from a
trusted Certificate Authority and the CN attribute of the certificate matches the
DNS hostname of the server.”) For more information, see “Configuring LDAP
authentication and mapping LDAP accounts” on page 85.
Using account aliases for LDAP
If a user has multiple accounts in Crystal Enterprise, you can link them using the
assign alias feature. This is useful when you are aware of a user who has an LDAP
account mapped to Enterprise and an Enterprise account. The user is able to use
either an LDAP user name and password or an Enterprise user name and
password to log on. Thus, an alias enables a user to log on via more than one
authentication type.
You can also reassign an alias in Crystal Enterprise. For example, when you map
your LDAP accounts to Crystal Enterprise, if an alias is auto-mapped incorrectly,
you can use the Reassign Alias feature to update the mapped account information.
This occurs when the LDAP user name is different from the Enterprise account
user name; that is, if a user has the name “Test User 1” in LDAP and the name
“1234 User Test” in Crystal Enterprise, the auto-mapping feature (when you map
your LDAP account to Crystal Enterprise) will not assign “Test User 1” the “1234
User Test” alias. This scenario only occurs when you choose the “Assign each
added LDAP alias to an account with the same name” option when you map your
LDAP accounts to Crystal Enterprise.
92
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
This section describes how to assign an LDAP alias, reassign an LDAP alias, and
view alias information.
To assign an LDAP alias
1 Go to the Users management area of the CMC.
2 Select the user you want to create an alias for.
3 Click Assign Alias.
4 Select the appropriate LDAP alias or aliases.
5 Click the > arrow.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the user’s account will be deleted.
The Properties tab appears with the new alias listed.By default, NT, LDAP, AD,
and Enterprise authentication methods are available.
To reassign an LDAP alias
1 Go to the Users management area of the CMC.
2 Select the user whose alias you would like to change.
3 Click Reassign Alias.
Note: If there is only one alias for the user, you will receive a message asking
you to confirm that you wish to continue.
4 Click either Assign the Alias to a new user or select an existing user.
Note:
• If you choose to assign the alias to a different user, and the original user has
only one LDAP alias and does not have other aliases, the user’s original
favorites folder will be deleted. As a result, the user will not be able to
access any reports that used to be in the original favorites folder.
• When you assign an alias, you are moving an alias to the current user; when
you reassign an alias, you are moving the alias away from the current user.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+Click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
Crystal Enterprise Administrator’s Guide
93
Managing LDAP accounts
5 Click OK.
To view alias information
1 In the Account Management area, click Users.
2 Select the user whose alias information you would like to view.
The bottom portion of the properties page contains the alias information. A user
can have any combination of Crystal Enterprise aliases, LDAP aliases, AD
aliases, or NT aliases. A Crystal Enterprise alias is generated when a new account
is created. An LDAP alias is created when users are mapped from LDAP to
Crystal Enterprise. Users will have both a Crystal Enterprise alias and an LDAP
alias when their LDAP accounts have been assigned to a Crystal Enterprise user.
Troubleshooting LDAP accounts
Creating a new LDAP user account
• If you create a new LDAP user account, and the account does not belong to a
group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see “Configuring LDAP authentication and
mapping LDAP accounts” on page 85.
• If you create a new LDAP user account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the user list. For more
information, see “Viewing mapped LDAP users and groups in Crystal
Enterprise” on page 90.
Creating a new LDAP group account
• If you create a new LDAP group account, and the group account does not
belong to a group account that is mapped to Crystal Enterprise, add it to
Crystal Enterprise. For more information, see “Configuring LDAP
authentication and mapping LDAP accounts” on page 85.
• If you create a new LDAP group account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the group list. For more
information, see “Viewing mapped LDAP users and groups in Crystal
Enterprise” on page 90.
Disabling an LDAP user account
• If you disable an LDAP user account, and that LDAP user account is mapped
to Crystal Enterprise, the user will not be able to log on to Crystal Enterprise.
However, if the user also has an account that uses Enterprise authentication,
the user can still access Crystal Enterprise using that account.
94
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Disabling an LDAP group account
• If you disable an LDAP group account, and that LDAP group account is
mapped to Crystal Enterprise, the users who belong to that group will not be
able to log on to Crystal Enterprise. However, if the user also has an account
that uses Enterprise authentication, the user can still access Crystal Enterprise
using that account.
Managing AD accounts
This section provides an overview of AD authentication and the tasks related to
managing it. For information on how AD authentication works in conjunction with
Crystal Enterprise, see “Windows AD security plug-in” on page 55.
Once you have mapped your AD users and groups, all of the Crystal Enterprise client
tools support AD authentication, except for the Crystal Import Wizard. You can also
create your own applications that support AD authentication. For more information,
see the developer documentation available on your product CD.
Note:
• AD authentication only works for servers running on Windows systems.
• AD authentication and aggregation is not functional without a network
connection.
• Users cannot log on to Crystal Enterprise using AD authentication via the Java
SDK.
• AD authentication and aggregation may not continue to function if the
administration credentials become invalid (for example, if the administrator
changes his or her password or if the account becomes disabled).
Mapping AD accounts
To simplify administration, Crystal Enterprise supports AD authentication for user
and group accounts. However, before users can use their AD user name and
password to log on to Crystal Enterprise, their AD user account needs to be mapped
to Crystal Enterprise. When you map an AD account, you can choose to create a
new Crystal Enterprise account or link to an existing Crystal Enterprise account.
To map AD accounts to Crystal Enterprise, use the Crystal Management Console
(CMC) in Crystal Enterprise.
To map AD users and groups
Before starting this procedure, ensure that you have the appropriate AD domain and
group information. As well, you must have created a domain user account on your
AD server for Crystal Enterprise to use when authenticating AD users and groups.
1 Go to the Authentication management area of the CMC.
Crystal Enterprise Administrator’s Guide
95
Managing AD accounts
2 Click the Windows AD tab.
3 Ensure that the Windows Active Directory Authentication is enabled check
box is selected.
4 In the “AD Administration Credentials” area, enter the name and password of
the domain user account you’ve set up on your AD server for Crystal
Enterprise to use when authenticating AD users and groups.
Administration credentials can use one of the following formats:
• NT name (DomainName\UserName)
• UPN (user@DNS_domain_name)
Administration credentials must be entered to enable AD authentication, map
groups, check rights, and so on.
5 Complete the Default AD Domain field.
A default domain must be entered to enable AD authentication and map groups.
96
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
Note:
• Groups from the default domain can be mapped without specifying the
domain name prefix.
• By entering the Default AD Domain name, users do not have to specify the AD
domain name when they log on to Crystal Enterprise via AD authentication.
6 In the “Mapped AD Member Groups” area, enter the AD domain\group in
the Add AD Group (Domain\Group) field.
Groups can be mapped using one of the following formats:
• NT name (DomainName\GroupName)
• DN (cn=GroupName, ......, dc=DomainName, dc=com)
Note: If you want to map a local group, you can use only the NT name format
(\\ServerName\GroupName).
7 Click Add.
The group is added to the list.
8 New Alias Options allow you to specify how AD aliases are mapped to
Enterprise accounts. Select either:
• Assign each added AD alias to an account with the same name
Use this option when you know users have an existing Enterprise account
with the same name; that is, AD aliases will be assigned to existing users
(auto alias creation is turned on). Users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and AD account, are added as new AD users.
or
• Create a new account for every added AD alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in Crystal
Enterprise, the user will have separate AD and Enterprise accounts.
9 Update Options allow you to specify if AD aliases are automatically created
for all new users. Select either:
• New aliases will be added and new users will be created
Use this option to automatically create a new alias for every AD user
mapped to Crystal Enterprise. New AD accounts are added for users
without Crystal Enterprise accounts, or for all users if you selected the
“Create a new account for every added AD alias” option.
or
• No new aliases will be added and new users will not be created
Use this option when the AD directory you are mapping contains many
users, but only a few of them will use Crystal Enterprise. Crystal Enterprise
does not automatically create aliases and Enterprise accounts for all users.
Instead, it creates aliases (and accounts, if required) only for users who log
on to Crystal Enterprise.
Crystal Enterprise Administrator’s Guide
97
Managing AD accounts
10 New User Options allow you to specify properties of the new Enterprise
accounts that are created to map to AD accounts. Select either:
• New users are created as named users
New user accounts are configured to use named user licenses. Named user
licenses are associated with specific users and allow people to access the
system based on their user name and password. This provides named users
with access to the system regardless of how many other people are
connected. You must have a named user license available for each user
account created using this option.
• New users are created as concurrent users
New user accounts are configured to use concurrent user licenses.
Concurrent licenses specify the number of people who can connect to
Crystal Enterprise at the same time. This type of licensing is very flexible
because a small concurrent license can support a large user base. For
example, depending on how often and how long users access Crystal
Enterprise, a 100 user concurrent license could support 250, 500, or 700 users.
11 Click Update.
A message appears stating that it will take several seconds to update the
member groups.
12 Click OK.
Unmapping AD users and groups
Similar to mapping, it is possible to unmap users and groups using Crystal Enterprise.
To unmap AD groups using Crystal Enterprise
1 Go to the Authentication management area of the CMC.
2 Click the Windows AD tab.
3 In the “Mapped AD Member Groups” area, select the AD group you would
like to remove.
4 Click Delete.
5 Click Update.
The users in the deleted group will no longer be able to access Crystal
Enterprise.
Tip: To deny AD authentication for all users, clear the “Windows Active
Directory Authentication is enabled” check box and click Update.
Note: The only exceptions to this occur when a user has an alias other than the
one assigned for AD authentication, or if your implementation allows users to
create their own accounts through the sign-up feature. To restrict access,
disable or delete the user’s Enterprise account and disable the ability for guests
to add users anonymously. For more information, see “Managing Enterprise
and general accounts” on page 67.
98
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
To unmap AD users using Crystal Enterprise
1 Go to the Users management area of the CMC.
2 Click the name of the user whose account you want to unmap.
3 On the Properties tab, for the user’s AD alias clear the Enabled check box.
4 Click Update.
This user can no longer log on using AD authentication. To further restrict
access, disable or delete the user’s other aliases, their Enterprise account, and
disable the ability for guests to add users anonymously. For more information,
see “Managing Enterprise and general accounts” on page 67.To restrict access
for this user
Viewing mapped AD users and groups in Crystal Enterprise
1 Go to the Groups management area of the CMC.
2 Under Group Name, click the hyperlink to a Windows AD group
3 Click the Users tab.
Note: You can view the groups by clicking the Windows AD tab from the
Authentication management area and then viewing the “Mapped AD Member
Groups” area; users cannot be viewed from the Windows AD tab.
Using account aliases for AD
If a user has multiple accounts in Crystal Enterprise, you can link the user's multiple
aliases using the assign alias feature (that is, have one user with multiple aliases).
This is useful when you are aware of a user who has an AD account mapped to
Enterprise and an Enterprise account. By using an alias, the user is able to use either
an AD user name and password or an Enterprise user name and password to log
on. Thus, an alias enables a user to log on via more than one authentication type.
You can also reassign an alias in Crystal Enterprise. For example, after you map
your AD accounts to Crystal Enterprise, you can use the Reassign Alias feature to
assign a different alias for a user.
This section describes how to assign an AD alias, reassign an AD alias, and view
alias information.
To assign an AD alias
1 Go to the Users management area of the CMC.
2 Select the user you want to assign an alias for.
3 Click the Assign Alias button.
4 Select the appropriate AD alias or aliases.
5 Click the > arrow.
Crystal Enterprise Administrator’s Guide
99
Managing AD accounts
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the user’s account and original favorites folder will
be deleted. As a result, the user will not be able to access any reports that used
to be in the original favorites folder. If the user has another alias, such as an
LDAP alias, the user’s account and original favorites folder will not be deleted.
The Properties tab appears with the new alias listed. By default, NT, LDAP, AD,
and Enterprise authentication methods are available.
To reassign an AD alias
1 Go to the Users management area of the CMC.
2 Select the user whose alias you would like to reassign.
3 Click the Reassign Alias button.
Note:
• If there is only one alias for the user, you will receive a message asking you
to confirm that you wish to continue.
• If you choose to assign the alias to a different user, and the original user has
only one AD alias and does not have other aliases, the user’s account and
original favorites folder will be deleted. As a result, the user will not be able
to access any reports that used to be in the original favorites folder. If the
user has another alias, such as an LDAP alias, the user’s account and
original favorites folder will not be deleted.
4 Click either Assign the Alias to a new user or select an existing user.
Note: When you assign an alias, you are moving an alias to the current user;
when you reassign an alias, you are moving the alias away from the current
user.
Tip:
• To select multiple users, use the SHIFT+click or CTRL+click combination.
• To search for a specific user, use the Look For field.
• If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
5 Click OK.
100
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
To view alias information
1 In the Account Management area, click Users.
2 Select the user whose alias information you would like to view.
The bottom portion of the properties page contains the alias information. A user
can have any combination of Crystal Enterprise aliases, NT aliases, LDAP
aliases, or AD aliases. A Crystal Enterprise alias is generated when a new
Enterprise account is created. An AD alias is created when users are mapped
from AD to Crystal Enterprise (or when the AD Alias Generator tool is run).
Users will have both a Crystal Enterprise alias and an AD alias when their AD
accounts have been assigned to a Crystal Enterprise user.
Troubleshooting AD accounts
Creating a new AD user account
• If you create a new AD user account, and the account belongs to a group
account that is mapped to Crystal Enterprise, ensure that you update the user
list by clicking Update in the Windows AD tab found in the Authentication
management area. Note that you must click Update to ensure that new users
are imported properly. For information on viewing AD users and groups, see
“Viewing mapped AD users and groups in Crystal Enterprise” on page 99.
• User accounts are automatically created for AD users who are added to an AD
group when these users successfully log on to Crystal Enterprise.
Adding an AD group account to a mapped AD group
• When you add an AD group account to an AD group that was previously
mapped to Crystal Enterprise, and you would like the users of this nested
group to get imported into Crystal Enterprise, you need to click Update in the
Windows AD tab (found in the Authentication management area).
Note: The nested AD group will not get mapped to Crystal Enterprise by this
operation.
Disabling an AD user account
• If you disable an AD user account (using Windows Administrative Tools), and
that AD user account is mapped to Crystal Enterprise, the user will not be able
to log on to Crystal Enterprise. However, if the user has any other valid alias or
aliases, the user can log on using the respective authentication method (for
example, Enterprise authentication).
Crystal Enterprise Administrator’s Guide
101
Managing AD accounts
Using AD Single Sign On
Installation of Active Directory Plug-in for Crystal Enterprise 10 updates your
WCS and enables you with the option of using AD Single Sign On (SSO). However,
for AD SSO to work, the IIS Crystal virtual directory needs to be configured, along
with the Web Component Server.
Note:
• AD SSO is not supported on client machines running on Windows 98.
• By default, AD SSO is not enabled.
Setting up AD Single Sign On involves two processes:
• Configuring the IIS web server
Using the documentation included with your IIS server, change the access and
authentication settings for the Enterprise virtual directory. Disable the settings
for allowing “Anonymous access” and “Basic authentication” options. Ensure
that the setting for Integrated Windows authentication is enabled, and then
restart your IIS server.
Note: Crystal Enterprise does not support the Kerberos protocol.
• Configuring the Web Component Server
Use the Crystal Configuration Manager (CCM) to configure the Web
Component Server.
To configure the Web Component Server using the CCM
1 From the Crystal Enterprise program group, click Crystal Configuration
Manager.
Note: To use the CCM, you must have NT administrator rights on the local
machine. If you are managing servers on a remote machine, you must also
have NT administrator rights on the machine you are connecting to.
Depending on the configuration of your network, you might be prompted to
enter a user name and password.
2 Select the Crystal Web Component Server; then click the Stop button.
3 Either double-click the Crystal Web Component Server or right-click the
Crystal Web Component Server and select Properties.
4 Click the Configuration tab.
102
Crystal Enterprise Administrator’s Guide
6: Managing User Accounts and Groups
5 Select the Use Windows Active Directory Integrated security check box.
6 Click OK.
7 Restart the Web Component Server by selecting the Crystal Web Component
Server and then click the Start button.
Crystal Enterprise Administrator’s Guide
103
Managing AD accounts
104
Crystal Enterprise Administrator’s Guide
Managing Folder Objects
7
This chapter describes basic folder administration tasks and
shows how to add folders and how to change settings, such
as object rights and limits, for new folders. Cross-references
are provided to other sections in this guide where
particular topics are covered in greater detail.
Crystal Enterprise Administrator’s Guide
105
Folders overview
Folders overview
Folders provide you with the ability to organize and facilitate content administration.
They are useful when there are a number of reports that a department or area
requires frequent access to, because you can set object rights and limits once, at the
folder level, rather than setting them for each report or object within the folder.
By default, new objects that you add to a folder inherit the object rights that are
specified for the folder.
Creating and deleting folders
There are several ways to create new folders in Crystal Enterprise. In the Crystal
Management Console (CMC), go to the Folders management area to create new
folders and to add subfolders to the existing hierarchy of folder objects.
Tip: When you publish local directories and subdirectories of reports with the
Crystal Publishing Wizard, you can duplicate your local directory structure on the
Crystal Enterprise system. This method provides you with an efficient way of
creating multiple folders and subfolders at the same time. For details, see
“Publishing with the Crystal Publishing Wizard” on page 117.
Creating a new folder
This procedure shows how to create a new folder at the top of your folder
hierarchy. Folders created in this way are, in effect, subfolders of the top-level (or
root) Crystal Enterprise folder.
1 Go to the Folders management area of the CMC.
2 Click New Folder.
3 On the Properties tab, type the name and description of the new folder.
This example creates a new Marketing folder:
106
Crystal Enterprise Administrator’s Guide
7: Managing Folder Objects
4 Click OK.
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Objects, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
Creating a new subfolder at any level
1 Go to the Folders management area of the CMC.
The initial level of folders is displayed.
2 In the Title column, click the link to the folder where you want to add a subfolder.
3 Click the Subfolders tab.
Tip: You can browse through existing subfolders to add a new folder elsewhere
in the folder hierarchy. When you have found the right parent folder, go to its
Subfolders tab.
The Subfolders tab appears.
4 Click New Folder.
5 On the Properties tab, type the name and description of the new folder.
6 Click OK.
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Objects, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
Crystal Enterprise Administrator’s Guide
107
Copying and moving folders
Deleting folders
When you delete a folder, all subfolders, reports, and other objects contained
within it are removed entirely from the system.
To delete folders
1 Go to the Folders management area of the CMC.
2 Select the check box associated with the folder you want to delete.
If the folder you want to delete is not at the top level, locate its parent folder.
Then make your selection on the parent folder’s Subfolders tab.
Tip: Select multiple check boxes to delete several folders from their parent folder.
3 Click Delete, and click OK to confirm.
Copying and moving folders
When you copy or move a folder, the objects contained within it are also copied or
moved. Crystal Enterprise treats the folder’s object rights differently, depending
upon whether you copy or move the folder:
• When you copy a folder, the newly created folder does not retain the object
rights of the original. Instead, the copy inherits the object rights that are set on
its new parent folder. For instance, if you copy a private Sales folder into a
Public folder, the contents of the new Sales folder will be accessible to all users
who have rights to the Public folder.
• When you move a folder, all of the folder’s object rights are retained. For
instance, if you move a private Sales folder into a publicly accessible folder, the
Sales folder will remain inaccessible to most users.
To copy or move a folder
1 Go to the Folders management area of the CMC.
2 Select the check box associated with the folder that you want to copy or move.
If the folder you want to copy or move is not at the top level, locate its parent
folder. Then make your selection on the parent folder’s Subfolders tab.
Tip: Select multiple check boxes to copy or move several folders from their
parent folder to a different folder.
3 Click Copy/Move.
The Copy/Move Folder page appears.
108
Crystal Enterprise Administrator’s Guide
7: Managing Folder Objects
4 Select the action to perform:
• Copy to: Makes a copy of the folder.
• Move to: Moves the folder.
5 Select the Destination folder from the list.
Tip: If there are many folders on your system, use the “Look for” field to search,
or click Previous, Next, and Show Subfolders to browse the folder hierarchy.
6 Click OK.
The folder you selected is copied or moved, as requested, to the new destination.
Adding a report to a new folder
You can add objects individually to any folder in a number of ways. Follow this
procedure to add a report to a new folder that you have just created. For complete
information on publishing reports and other objects, see “Publishing overview” on
page 116.
To add a report to a new folder
1 Once you’ve created the new folder, click its Objects tab.
2 Click New Object.
Crystal Enterprise Administrator’s Guide
109
Adding a report to a new folder
The New Object page appears.
3 On the Report tab, in the File name field, type the full path to the report.
If you do not know the path, click Browse to perform a search.
4 If you do not want the user to see a thumbnail preview of the report in Crystal
Enterprise, clear the Generate thumbnail for the report check box.
Tip: To display thumbnails for a report, open the report in Crystal Reports and
click Summary Info on the File menu. Select the “Save preview picture” check
box and click OK. Preview the first page of the report and save your changes.
5 If the report references objects in your Crystal Repository, select the Use
Object Repository when refreshing report check box to update these objects
now.
For details about setting up the Crystal Repository, see “Crystal Repository
overview” on page 254.
6 Ensure that the correct folder name appears in the Destination field.
Tip: If there are many folders on your system, use the “Look for” field to search,
or click Previous, Next, and Show Subfolders to browse the folder hierarchy.
7 Click OK.
The report is published to Crystal Enterprise.
110
Crystal Enterprise Administrator’s Guide
7: Managing Folder Objects
Specifying folder rights
Follow this procedure to change the object rights for a new folder that you have
just created. By default, new objects that you add to a folder inherit the object rights
that are specified for the folder. For complete information on object rights, see
“Controlling users’ access to objects” on page 142.
To specify rights for a new folder
1 Once you’ve created the new folder, click its Rights tab.
2 Click Add/Remove to add groups or users to this folder.
The Add/Remove page appears.
3 In the Select Operation list, select Add/Remove Groups, Add Users, or
Remove Users.
The page is refreshed and displays options that depend upon whether you are
working with users or with groups. The example above shows the options that
are available when you are working with groups.
4 Select the user/group whose rights you want to specify and click the arrows to
specify whether the user/group does or does not have access to the folder.
Tip: If you have many users on your system, select the Add Users operation;
then use the “Look for” field to search for a particular account.
5 Click OK.
Crystal Enterprise Administrator’s Guide
111
Setting limits for folders, users, and groups
You are returned to the Rights tab.
6 Change the Access Level for each user or group, as required.
Note: For complete details on the predefined access levels and advanced
rights, see “Controlling users’ access to objects” on page 142.
7 Click Update.
Setting limits for folders, users, and groups
Limits allow you to delete report instances on a regular basis. You set limits to
automate regular clean-ups of old Crystal Enterprise content. Limits that you set
on a folder affect all objects that are contained within the folder. At the folder level,
you can limit the number of instances that remain on the system for each object or
for each user or group; you can also limit the number of days that an instance
remains on the system for a user or group.
Follow this procedure to enforce default limits on a folder that you have just
created. For more information on limits, see “Setting instance limits for an object”
on page 246.
To limit instances at the folder level
1 Once you’ve created the new folder, click its Limits tab.
112
Crystal Enterprise Administrator’s Guide
7: Managing Folder Objects
2 Modify the available settings according to the types of instance limits that you
want to implement, and click Update after each change.
The available settings are:
• Delete excess instances when there are more than N instances of an object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
• Delete excess instances for the following users/groups
To limit the number of instances per user or group, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
• Delete instances after N days for the following users/groups
To limit the age of instances per user or group, click Add/Remove in this
area. Select from the available users and groups and click OK. Then type
the maximum age of instances in the Maximum Days column. (The default
value is 100.)
In this example, two settings have been combined to keep a maximum of 50
instances of any object in the folder, and to keep a maximum of 25 instances that
belong to any member of the Administrators group.
Managing User Folders
Crystal Enterprise creates a folder for each user on the system. These folders are
organized within the CMC as User Folders. By default, there are User Folders for
the Administrator and Guest accounts. When you log on to the CMC and view the
list of User Folders, you will see only those folders to which you have View access
(or greater).
Crystal Enterprise Administrator’s Guide
113
Managing User Folders
Within the Crystal Enterprise web desktop, these folders are referred to as the
Favorites folders. When a user logs on to Crystal Enterprise, he or she is redirected
immediately to his or her Favorites folder. (Users can change this default behavior
my modifying their Preferences.)
To view the User Folders
1 Go to the Folders management area of the CMC.
2 Click the User Folders link.
3 If it is not already displayed, click the Subfolders tab.
A list of subfolders appears. Each subfolder corresponds to a user account on
the system. Unless you have View access (or greater) to a subfolder, it will not
appear in the list.
114
Crystal Enterprise Administrator’s Guide
Publishing Objects to Crystal Enterprise
8
This chapter focuses on the publishing process: it
introduces the Crystal Publishing Wizard and tells you
how you can use it to add Crystal reports (RPT and CAR
files) and other objects to the Crystal Enterprise web
desktop or to your custom web desktop; it also describes
alternative ways of adding objects to the Crystal Enterprise
environment.
Crystal Enterprise Administrator’s Guide
115
Publishing overview
Publishing overview
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. There are
several types of objects that you can publish to Crystal Enterprise: reports (RPT and
CAR files), programs, Microsoft Excel files, Microsoft Word files, Microsoft
PowerPoint files, Adobe Acrobat PDFs, rich text format files, text files, and hyperlinks,
as well as object packages, which consist of report and/or program objects.
When you publish an object to Crystal Enterprise, an entry is made in the Crystal
Management Server (CMS) database. The Input File Repository Server stores the new
object below the \Enterprise\FileStore\Input\data\ directory. When a user
schedules an instance of any object, Crystal Enterprise queries the CMS for the location
of the object file; the appropriate server component then retrieves and processes the
object file from the Input File Repository. The processed instance is stored by the
Output File Repository Server below the \Enterprise\FileStore\Output\data\
directory.
Note: Only reports, programs, and object packages can be scheduled. Thus, only
these three types of objects have instances.
You can publish objects to Crystal Enterprise in three ways:
• Use the Crystal Publishing Wizard when you:
• Have access to the locally installed application.
• Are adding multiple objects or an entire directory.
For details, see “Publishing with the Crystal Publishing Wizard” on page 117.
• Use the Crystal Management Console (CMC) when you are:
• Publishing a single object.
• Taking care of other administrative tasks.
• Performing tasks remotely.
For details, see “Publishing with the Crystal Management Console” on
page 125.
• Save directly to your Enterprise folders when you are:
• Designing reports with Crystal Reports.
• Using the Crystal Analysis Application Designer.
• Creating other objects with Crystal Enterprise plug-in components.
For details, see “Saving objects directly to the CMS” on page 127.
Note: Crystal Enterprise supports reports created in versions 6 through 10 of
Crystal Reports. Once published to Crystal Enterprise, reports are saved,
processed, and displayed in version 10 format.
116
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
Publishing options
During the publishing process, you specify how often an object is run. You can
choose to set a schedule (recurring), or you can choose to let users set the schedule
themselves (on demand).
For RPT report files, this affects when data is refreshed and what data users see
(you cannot schedule Crystal Analysis reports (CAR files)):
• Specifying the data that users see (recurring)
This option is recommended for objects that are accessed by a large number of
people and that do not require separate database logon credentials.
Benefits
• Users view the same instance of the report, reducing the number of times
the database is hit (and thus system resources are used more effectively).
• The report instance is static (contains saved data) and is stored on the
Cache Server, allowing multiple users to access the report at the same time.
Drawbacks
• The report instance the users see is based on the selection criteria (parameters
and record selection formulas) and schedule set by the administrator.
• Allowing users to update the data in the report (on demand)
This option is recommended for smaller reports that use parameters and
selection formulas, require separate database logon credentials, or have
frequent data changes.
Benefits
• Users are able to determine the frequency in which the data in the report is
updated.
Drawbacks
• Multiple users generating reports at the same time increases the load on the
system and the number of times the database is hit.
• Each unique report page is cached separately. It’s possible that the Cache
Server can contain many copies of the cached report, each of them being
generated by hitting the Page Server and database.
Publishing with the Crystal Publishing Wizard
The Crystal Publishing Wizard is a locally installed, 32-bit Windows application.
The wizard is made up of a series of screens. Only the screens applicable to the
objects or folders you are publishing appear. For example, the settings for
parameters and schedule format do not appear when you publish Crystal Analysis
applications. This section of the guide features a series of procedures to help you
through the Crystal Publishing Wizard.
Crystal Enterprise Administrator’s Guide
117
Publishing with the Crystal Publishing Wizard
Once the object has been published, it will appear in the folder you specified in the
Crystal Enterprise web desktop (or other web desktop) and in the Objects
management area of the CMC.
Note: Depending on the rights assigned by your Crystal Enterprise administrator,
you may not be able to publish objects using the Crystal Publishing Wizard.
Logging on to Crystal Enterprise
1 From the Crystal Enterprise 10 program group, click Crystal Publishing
Wizard.
2 Click Next.
3 In the System field, type the name of the CMS to which you want to add
objects.
4 In the User Name and Password fields, type your Crystal Enterprise
credentials.
5 From the Authentication list, select the appropriate authentication type.
6 Click Next.
The Select A File dialog box appears.
Adding objects
1 Depending on the type of object you are adding, click either Add Files or Add
Folders.
2 Navigate to and select the object you want to add.
If you are adding a folder, you can choose to also add its subfolders by selecting
the Include Subfolders check box.
Tip: Ensure the appropriate file type is listed in the Files of type field; by default
this value is set to Report (*.rpt).
3 Repeat steps 1and 2 for each of the objects you want to add.
4 Click Next.
The Folder Hierarchy dialog box appears if it is needed.
Duplicating the folder structure
If you are adding multiple objects from a directory and its subdirectories, you are
asked if you want to duplicate the existing folder hierarchy on the CMS.
1 Click Yes or No.
Click the Yes button to have all of the folders and subfolders recreated on the
CMS as they appear on your hard drive.
118
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
Click the No button to have all of the objects placed in a single folder.
2 Click Next.
The Specify Location dialog box appears.
Creating and selecting a folder on the CMS
To add the selected objects, you must create or select a folder on the host CMS.
Only the folders that you have full control access to will appear.
1 Click the folder you want to add the objects to. Click + to the left of the folder
to view the subfolders.
To add a new folder to the CMS, select a parent folder and then click the New
Folder button. The new folder appears and can be renamed.
To add a new object package to the CMS, select a parent folder and then click
the New Object Package button. The new object package appears and can be
renamed.
To delete a folder or object package, select the item and click the Delete Folder
button.
Note: From the wizard, you can delete only new folders and object packages.
(New folders are green; existing folders are yellow.)
If you are adding multiple objects and want to place them in separate
directories, you can do so in the next section.
2 Click Next.
The Location Preview dialog box appears.
Crystal Enterprise Administrator’s Guide
119
Publishing with the Crystal Publishing Wizard
Moving objects between folders
1 Move objects to the desired folders by selecting each object and then clicking
Move Up or Move Down.
You can also add folders and object packages by selecting a parent folder and
clicking the New Folder or New Object Package button. To delete a folder or object
packages, select it and click the Delete button. You can drag-and-drop objects to
place them where you want. And you can right-click objects to rename them.
By default, objects are displayed using their titles. You can display the objects’
local file names by clicking the “Show file names” button.
2 Click Next when you are finished.
The Schedule Interval dialog box appears if it is needed.
Changing scheduling options
The Schedule Interval dialog box allows you to schedule each report, program,
and/or object package that you are publishing to run at specific intervals.
Note: This dialog box appears only for objects that can be scheduled.
1 Select the object you want to schedule.
2 Select one of three intervals:
• Run once only
Selecting the “Run once only” option provides two more sets of options:
• when finished this wizard
This option runs the object once when you’ve finished publishing it. The
object is not run again until you reschedule it.
120
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
• at the specified date and time
This option runs the object once at a date and time you specify. The object is
not run again until you reschedule it.
• Let users update the object
This option does not schedule the object. Instead, it leaves the task of
scheduling up to the user.
• Run on a recurring schedule
Once you have selected this option, click the Set Recurrence button to set
the scheduling options.
The “Pick a recurrence schedule” dialog box appears.
The options in this dialog box allow you to choose when and how often the
report runs. Select the appropriate options and click the OK button.
3 Click Next after you have set the schedule for each object you are publishing.
Enabling repository refresh
The Crystal Repository is a central location which stores shared report elements
such as text objects, bitmaps, custom functions, and custom SQL commands. You
can choose to refresh an object’s repository fields if the object references the
repository. To complete this task, the Crystal Publishing Wizard needs to connect
to your Crystal Repository database from the local machine. For details, see
“Crystal Repository overview” on page 254.
Note: This dialog box appears only when you publish report objects.
To enable repository refresh
1 Select a report, and then select the Use Object Repository when refreshing
report check box if you want to refresh it against the repository.
Tip: Click the “Enable All” button if you want to refresh all objects that
reference the repository; click the “Disable All” button if you want to refresh
none of the objects.
2 Click Next when you are finished.
Selecting a program type
1 In the Program Type dialog box, select a program.
2 Specify one of three program types:
• Binary/Batch
Binary/Batch programs are executables such as binary files, batch files, or
shell scripts. They generally have file extensions such as: .com, .exe, .bat,
.sh. You can publish any executable program that can be run from the
command line on the machine where the Program Job Server is running.
Crystal Enterprise Administrator’s Guide
121
Publishing with the Crystal Publishing Wizard
• Java
You can publish any Java program to Crystal Enterprise as a Java program
object. They generally have a .jar file extension.
• Script
Script program objects are JScript and VBScript scripts.
3 Once you have specified the type of each program you are adding, click Next.
The Program credentials dialog box appears.
Note: For details about program objects and program object types, see “What are
report objects and instances?” on page 184.
Specifying program credentials
1 In the Program Credentials dialog box, select a program.
2 In the User Name and Password fields, specify the user credentials for the
account for the program to run as.
The rights of the program are limited to those of the account that it runs as.
3 Once you have specified the user credentials for each program to run as, click Next.
The Change Default Values dialog box appears.
Changing default values
You can choose to publish objects without changing any of the default properties,
or you can go through the remaining screens and make changes.
Note: If you use the default values, your object may not schedule properly if the
database logon information is not correct, or if the parameter values are invalid.
If you want to publish objects without making modifications:
1 Select Publish without modifying properties.
2 Click Next through the wizard’s remaining dialog boxes.
If you want to review or modify objects before publishing:
1 Select Review or modify properties.
2 Click Next.
The Review Object Properties dialog box appears.
Changing object properties
1 In the Review Object Properties dialog box, select the object you want to modify.
2 Enter a new title or description.
122
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
3 Select the Generate thumbnail image check box if you want users to see a
thumbnail of a report object before they open it.
Tip: The “Generate thumbnail image” check box is available only if the object
is an RPT file and was saved appropriately. To display thumbnails for a report,
open the report in Crystal Reports and click Summary Info on the File menu.
Select the “Save preview picture” check box and click OK. Preview the first
page of the report and save your changes.
4 Click Next.
The Database Logon Information dialog box appears if it is needed.
Entering database logon information
Some objects use data sources that require logon information. If objects you are
adding are of this type, follow these steps.
1 Double-click the object, or click + to the left of the object to expose the
database.
2 Select the database and change the logon information in the appropriate fields.
If the database does not require a user name or password, leave the fields blank.
Note: Enter user name and password information carefully. If it is entered
incorrectly, the object cannot retrieve data from the database.
3 Once you have completed the logon information for each object using a
different database, click Next.
The Set Report Parameters dialog box appears if it is needed.
Crystal Enterprise Administrator’s Guide
123
Publishing with the Crystal Publishing Wizard
Setting parameters
Some objects contain parameters for data selection. Before such an object can be
scheduled, you must set the parameters in order to determine the default prompts.
1 Select the object whose prompts you want to change.
The object’s prompts and default values appear in a list on the right-hand side
of the screen.
2 Click Edit Prompt to change the value of a prompt.
Depending on the type of parameter you have chosen, different dialog boxes
appear.
3 If you want to set the prompts to contain a null value (where possible), then
click Set Prompts to NULL.
4 Click Next after you have finished editing the prompts for each object.
The Schedule Format dialog box appears.
Setting the schedule format
You can choose a schedule format for each report that you publish. For some of the
formats, you can customize the schedule format options.
1 Select the object whose schedule format you want to change.
2 Select a format from the list (Crystal Report, Excel, Word, and so on).
Where applicable, customize the schedule format options. For example, if you
select Paginated Text, enter the number of lines per page.
3 Click Next.
The Extra files for Program dialog box appears if it is needed.
Adding extra files for programs
Some programs require access to other files in order to run.
1 Select a program.
2 Click Add to navigate to and select the necessary file.
3 Once you have added all necessary extra files for each program, click Next.
The Command line for Program dialog box appears.
Specifying command line arguments
For each program, you can specify any command-line arguments supported by
your program’s command-line interface. They are passed directly to the
command-line interface, without parsing.
1 Select a program.
124
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
2 In the Command line area, type the command-line arguments for your
program, using the same format you would use at the command line itself.
3 Once you have specified all necessary command-line arguments for each
program, click Next.
The final dialog box appears.
Finalizing the objects to be added
1 After ensuring all the objects you want to publish have been added to the list,
click Next.
The objects are added to the CMS, scheduled, and run as specified. When the
processing is done, you are returned to the final screen of the Crystal Publishing
Wizard.
2 To view the details for an object, select it from the list.
3 Click Finish to close the wizard.
Publishing with the Crystal Management Console
If you have administrative rights to Crystal Enterprise, you can publish objects
over the Web from within the CMC.
To add an object with the CMC
1 Go to the Objects management area of the CMC.
2 Click New Object.
The New Object page appears, with the Report properties displayed.
Crystal Enterprise Administrator’s Guide
125
Publishing with the Crystal Management Console
3 On the left side of the page, click the type of object you want to add.
4 Enter the object’s properties.
The properties that appear vary according to the type of object you are adding:
Property
Object Types
Description
File name
Report, Program, Microsoft
Type the full path to the object, or click Browse to
Excel, Microsoft Word,
perform a search.
Microsoft PowerPoint, Adobe
Acrobat, Text, Rich Text
Title
Object Package, Hyperlink
Type the name of the object.
Description
Object Package, Hyperlink
Type a description of the object.
Generate
thumbnail for
the report
Report
If you do not want the user to see a thumbnail
preview of the report in Crystal Enterprise, clear
the “Generate thumbnail for the report” check
box.
Tip: To display thumbnails for a report, open the
report in Crystal Reports and click Summary Info
on the File menu. Select the “Save preview
picture” check box and click OK. Preview the
first page of the report and save your changes.
Use Object
Report
Repository when
refreshing report
Select this option to automatically refresh an
object's repository fields against the repository
each time the report runs.
Program Type
Select Executable, Java, or Script.
Program
Tip:
• Run Java programs as Java program objects.
• Run JScript and VBScript programs as Script
program objects.
• Run all other programs as Executable
program objects.
URL
Hyperlink
Type the URL address of the page you want the
hyperlink object to link to.
5 Ensure that the correct folder or object package name appears in the
Destination field.
Tip:
• To expand a folder, select it and click Show Subfolders.
• To search for a specific folder or object package, use the Look For field.
Note: Only report and program objects can be published to object packages.
6 Click OK.
126
Crystal Enterprise Administrator’s Guide
8: Publishing Objects to Crystal Enterprise
When the object has been added to the system, the CMC displays the Properties
screen. If necessary, you can now modify the object’s properties, such as its title
and description, the database logon information, scheduling information, user
rights, and so on.
Saving objects directly to the CMS
If you have installed one of the Crystal designer components, such as Crystal
Reports or Crystal Analysis, you can use the Save As command to add objects to
Crystal Enterprise from within the designer itself.
For instance, after designing a report in Crystal Analysis, click Save As on the File
menu. In the Save As dialog box, click Enterprise Folders; then, when prompted,
log on to the Crystal Management Server (CMS). Specify the folder where you
want to save the report and click Save.
Crystal Enterprise Administrator’s Guide
127
Saving objects directly to the CMS
128
Crystal Enterprise Administrator’s Guide
Importing Objects to Crystal Enterprise
9
The Crystal Import Wizard allows you to import
information from other Crystal Enterprise or Info systems
into your new Crystal Enterprise system. This chapter
provides a general overview of the Crystal Import Wizard
along with a series of procedures that lead you through the
process of importing information.
Crystal Enterprise Administrator’s Guide
129
Crystal Import Wizard overview
Crystal Import Wizard overview
The Crystal Import Wizard is a locally installed Windows application that allows
you to migrate existing user accounts, groups, folders, and reports to your new
Crystal Enterprise system. The Crystal Import Wizard runs on Windows, but you
can use it to import information to a new Crystal Enterprise system that is running
on Windows or on UNIX.
You can import information from any of these products:
• Info 7.5
• Crystal Enterprise 8
• Crystal Enterprise 8.5
• Crystal Enterprise 9
• Crystal Enterprise 10
The functionality provided by the Crystal Import Wizard varies, depending upon
the product from which you are importing information. In general, the Crystal
Import Wizard imports settings that are specific to each object, rather than global
system settings. For instance, a global “minimum number of characters” password
restriction is not imported. But a user-level “must change password at next log on”
restriction is imported with the user account. For details, see Importing information
from Crystal Enterprise or “Importing information from Info” on page 133.
For procedural details, see “Importing with the Crystal Import Wizard” on
page 135.
Importing information from Crystal Enterprise
If you have upgraded from an earlier version of Crystal Enterprise, use the Crystal
Import Wizard to import existing user accounts, groups, folders, report objects,
and report instances to Crystal Enterprise 10.
You can also use the Crystal Import Wizard to import information from an existing
version 10 installation to a new version 10 installation. When doing so, you have the
additional option of importing calendars, events, repository objects, and server groups.
Events and server groups can also be imported from a version 8.5 or 9 installation.
When using the Crystal Import Wizard, if any of an object’s dependencies are not
imported, the wizard makes appropriate modifications to the object (in most cases,
the dependency is removed). For example, if a user has Full Control rights on an
object, but the user is not imported, the Full Control right for that user is discarded
when the object is imported. In the case of objects brought across without their
owners, the Administrator becomes the new owner of the objects.
As another, more involved example, User A owns an object and has Full Control
rights while User C has View rights on the same object. If User D runs the Crystal
Import Wizard and brings the object across along with User C, but not User A, the
object becomes owned by the Administrator: User A loses Full Control rights, but
User C still has View rights on the object.
130
Crystal Enterprise Administrator’s Guide
9: Importing Objects to Crystal Enterprise
Note: Always import users if you want to bring across the associated rights for an
object, even if the user already exists in the destination system. If the user already
exists, the Crystal Import Wizard maps all rights for the user on the source system
to the existing user on the destination system. If the user is not brought across, all
rights information for that user is discarded.
The following sections describe what happens to the objects that are imported
from a Crystal Enterprise 8.x system. Generally, if the object will not overwrite an
object that is already in the Crystal Enterprise system, then the Crystal Import
Wizard imports the object.
Users and groups
The Crystal Import Wizard imports users and groups and their hierarchical
relationships. A user or group is imported only if it does not exist already by name.
If you import a group that already exists in the destination environment, the list of
group members is updated with any additional users who were members of the
group in the source environment. These additional users are added to Crystal
Enterprise if their accounts do not exist already.
User licensing can affect the behavior of the Crystal Import Wizard. If the source
environment uses Concurrent licensing, the wizard imports all users as Concurrent
Users. However, if the source environment uses Named User licensing, the wizard
first checks the number of Named User license keys in the destination environment.
If there are enough Named User licenses in the destination environment, the wizard
imports all users as Named Users. If there are not enough Named User licenses in
the destination environment, the wizard imports all users as Concurrent Users. For
more information about licensing, see “Licensing overview” on page 408.
Aliases
If a user in the destination system has an alias that is identical to a user who is being
imported, the destination user keeps all aliases, and the imported user loses that
particular alias.
Windows AD
When importing users that employ Windows Active Directory authentication,
ensure that the administrative credentials are the same on both the source and
destination systems. Active Directory authentication must also be enabled on the
destination system.
LDAP
When importing users that employ LDAP authentication, the Host list and Base
LDAP name need to be the same on both the source and destination systems.
LDAP authentication must also be enabled on the destination system.
Crystal Enterprise Administrator’s Guide
131
Crystal Import Wizard overview
Folders
Folders are imported, whether or not they exist already in the destination
environment. To ensure that existing folders are not overwritten, make sure you
choose the “Automatically rename top-level folders that match top-level folders on
the destination system.” option in the “Please choose an import scenario” dialog
box. When this option is selected, the Crystal Import Wizard appends a number to
the end of any duplicated folder names to indicate the number of copies. For
example, if you import a folder called Sales Reports when a folder called Sales
Reports already exists, then the imported folder is added to Crystal Enterprise
with the name Sales Reports(2).
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, OLAP data sources, or Business Views. You
have the choice to import the report instances for each report object, and the
scheduling patterns that you have set up in the source environment are imported
automatically.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
When you import content from one deployment to another, you can ensure that a
particular user account retains ownership of its objects and scheduled instances by
importing the user along with the content. If you don’t import the user account, the
ownership properties of its objects and instances are reset to your current
administrative account. In the SDK, ownership is reflected by an object’s
SI_OWNERID property and by a scheduled instances’s SI_SUBMITTERID properties.
Rights
When you import folders and reports from one Crystal Enterprise system to
another, the associated object rights are imported for every user or group who is
imported at the same time. If the user or group is not imported at the same time,
the object rights are discarded. For instance, suppose that you import a report that
explicitly grants View On Demand rights to the Everyone group in the source
environment—but you do not import the Everyone group. In this case, the newly
imported report in the destination environment will not grant the same explicit
rights to the Everyone group. Instead, the report inherits any rights that have been
set on its parent folder.
If you do import the appropriate user or group, and it already exists by name in
the destination environment, then the corresponding object rights are imported
and applied to the existing user or group. For instance, modifying the example
above, suppose that you import the report and the Everyone group. In this case, the
132
Crystal Enterprise Administrator’s Guide
9: Importing Objects to Crystal Enterprise
Crystal Import Wizard imports the object rights along with the report. So the
newly imported report in the destination environment will explicitly grant the
View On Demand right to the Everyone group.
Events and server groups
When you use the Crystal Import Wizard to import information from a Crystal
Enterprise 8.5 or later system, you have the additional option to import events and
server groups from the source environment.
When importing server groups, the wizard does not bring across the servers that
belong to that group. You need to manually add servers to the imported group in
the Crystal Management Console (CMC). For more information about how to do
this, see “Adding and deleting servers” on page 364.
Note:
• When importing report objects associated with a server group, if the server
group exists on the destination system, the report objects are added to the
existing group and the source system’s server group is not imported.
• If you have jobs scheduled or pending on a server or server group that you are
importing, you might notice odd behavior on the destination system with the
individual jobs involved until they run or time out.
Objects that have server group restrictions lose the restrictions if the objects are
imported and the server group is not. For example, if a report is scheduled to run only
under server group A and that server group is not imported, the report loses that
restriction and will run under any server group. You need to import the server group
at the same time as the objects that use it to keep the relationship between them.
The same logic applies for events: if an object is set up to wait for an event or to
trigger an event, you need to import the event at the same time as the object.
Otherwise, the object is imported without the dependency and no longer waits for,
or triggers, the event.
Note:
• If Event A is being imported from the source system but there is already an
Event A on the destination system, and it is a different type (for example, a File
event instead of a Custom event), the wizard removes the dependency on
Event A from the object when it is imported.
• Events are based on Event Servers and, since servers are not imported, you
need to manually reset the event server and file name information on the event
in the destination system. Once this is set, the event should work as expected.
Importing information from Info
The following sections describe what happens to objects that have been imported
from Info to Crystal Enterprise. Generally, if the Info object is of a type that is
supported within Crystal Enterprise, and if the Info object will not overwrite an
Crystal Enterprise Administrator’s Guide
133
Crystal Import Wizard overview
object that is already in the Crystal Enterprise system, then the Crystal Import
Wizard imports the object.
Note: Users who are accessing your Info implementation when you are importing
objects to Crystal Enterprise might experience a delay.
Users and groups
The Crystal Import Wizard imports users and groups and their hierarchical
relationships as they exist in Info. A user or group is added to Crystal Enterprise
only if it does not exist already by name.
If you import a group that already exists in Crystal Enterprise, the list of group
members is updated with additional users who were members of the Info group. These
additional users are added to Crystal Enterprise if their accounts do not exist already.
User licensing can affect the behavior of the Crystal Import Wizard. If the source
environment uses Concurrent licensing, the wizard imports all users as Concurrent
Users. However, if the source environment uses Named User licensing, the wizard
first checks the number of Named User license keys in the destination environment.
If there are enough Named User licenses in the destination environment, the wizard
imports all users as Named Users. If there are not enough Named User licenses in
the destination environment, the wizard imports all users as Concurrent Users. For
more information about licensing, see “Licensing overview” on page 408.
Folders
Folders are imported, whether or not they exist already in Crystal Enterprise. To
ensure that existing folders are not overwritten, make sure you choose the
“Automatically rename top-level folders that match top-level folders on the
destination system” option in the “Please choose an import scenario” dialog box.
When this option is selected, the Crystal Import Wizard appends a number to the
end of any duplicated folder names to indicate the number of copies. For example,
if you import a folder called Sales Reports, when a folder called Sales Reports
already exists in Crystal Enterprise, then the imported folder is added to Crystal
Enterprise with the name Sales Reports(2).
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, or OLAP data sources.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
The Crystal Import Wizard can import successful instances and some recurring
instances from Info systems. Recurrence patterns that cannot be automatically
134
Crystal Enterprise Administrator’s Guide
9: Importing Objects to Crystal Enterprise
recreated within Crystal Enterprise are written to the log file created by the Crystal
Import Wizard.
When you import reports based on a Crystal Info View, you are prompted to save
the report files. Choose a specific folder where you want to save these reports. You
can then run a conversion utility on all reports in that folder to convert them to use
metadata. After converting the reports, you can publish them to Crystal Enterprise
with the Crystal Publishing Wizard.
Rights
Crystal Enterprise enforces security through object rights, which differ from the
user rights used within Info. Consequently, the Crystal Import Wizard does not
import any of the folder security that is set up within the Info environment.
If you transfer reports from Info to Crystal Enterprise, the rights associated with
the report are not transferred, only the ownership. If the owner of a report is the
Administrators group, the Administrators group will have Full Control access to
it. If the owner of the report is not an administrator, the report will be transferred
and the View On Demand access mode will be associated with the report.
Other objects
The Crystal Import Wizard cannot import Info objects that are not supported by
Crystal Enterprise. Such objects include report packages, query objects, Info cubes,
Open OLAP cubes, Holos Applications, and Crystal reports based on query files.
Importing with the Crystal Import Wizard
The Crystal Import Wizard is made up of a series of screens that guide you through
the process of importing user accounts, groups, folders, and reports. The screens
that appear depend upon the types of information that you choose to import.
When you import information, you first connect to the Crystal Management Server
(CMS) of your existing installation (the source environment) and specify the CMS
of your new Crystal Enterprise system (the destination environment). You then
select the information that you want to import, and the Crystal Import Wizard
copies the requested information from the source to the destination.
You can choose to merge the contents of the source repository into the destination
repository, or you can update the destination with the contents of the source CMS.
Before starting this procedure, ensure you have the Administrator account
credentials for both the source and the destination environment.
The overall process is divided into these two procedures:
• “Specifying the source and destination environments” on page 136
• “Selecting information to import” on page 137
Crystal Enterprise Administrator’s Guide
135
Importing with the Crystal Import Wizard
Specifying the source and destination environments
This procedure shows how to specify a source environment and a destination
environment using the initial screens of the Crystal Import Wizard.
1 From the Crystal Enterprise program group, click Crystal Import Wizard.
2 Click Next.
The “Specify source environment” dialog box appears.
3 In the Source list, select the product from which you want to import information.
The available options are:
• Info 7.5
• Crystal Enterprise 8
• Crystal Enterprise 8.5
• Crystal Enterprise 9
• Crystal Enterprise 10
4 In the CMS Name field, type the name of the source environment’s CMS
(Crystal Management Server).
5 Type the User Name and Password that provide you with administrative
rights to the source environment.
This example imports information from Crystal Enterprise 10.
6 Click Next.
The “Specify destination environment” dialog box appears.
7 In the CMS Name field, type the name of the destination environment’s
Crystal Management Server.
136
Crystal Enterprise Administrator’s Guide
9: Importing Objects to Crystal Enterprise
8 Type the User Name and Password of an Enterprise account that provides you
with administrative rights to the Crystal Enterprise system; then click Next.
The “Choose objects to import” dialog box appears. Proceed to “Selecting
information to import” on page 137.
Selecting information to import
This procedure shows how to select the users, groups, folders, and reports that you
want to import. If you have not already started the Crystal Import Wizard, see
“Specifying the source and destination environments” on page 136.
1 In the “Choose objects to import” dialog box, select the check box (or boxes)
corresponding to the information you want to import:
• Import users and user groups
• Import favorite folders for selected users
• Import folders and objects
• Import events
• Import server groups
• Import repository objects
• Import calendars
Note: The options available depend on the version of the source environment.
Events and server groups can be imported from Crystal Enterprise 8.5 or later.
Repository objects and calendars can be imported from Crystal Enterprise 10.
2 Click Next.
Crystal Enterprise Administrator’s Guide
137
Importing with the Crystal Import Wizard
3 In the “Please choose an import scenario” dialog box, choose the type of
import you want, then click Next.
Merging systems
To merge the source and destination systems, choose “I want to merge the
source system into the destination system.” This option adds all objects from
the source CMS into the destination CMS without overwriting objects in the
destination.
Note: This is the safest import option. All of the objects in the destination
system are preserved. Also, at a minimum, all objects from the source system
with a unique title are copied to the destination system.
Updating the destination system
To add the source system’s information to the destination system without
merging, choose “I want to update the destination system by using the source
system as a reference.”
When you update the contents of the destination system using the source
system as a reference, you add all objects in the source CMS to the destination
CMS. If an object in the source system has the same unique identifier as an object
in the destination, the object in the destination is overwritten.
For more information about merging and updating systems, see “Copying data
from a Crystal Enterprise 10 CMS” on page 254.
4 Click Next.
5 If you chose to import users and user groups, the “Select Users and Groups”
dialog box appears. In the Groups list, select the groups that you want to
import. In the Subgroups and Users list, select specific members of any group.
Then click Next.
138
Crystal Enterprise Administrator’s Guide
9: Importing Objects to Crystal Enterprise
This example imports all but one of the users in the Administrators group.
6 If you chose to import folders and objects, the “Select Folders and Objects”
dialog box appears. Select the check boxes for the folders and reports that you
want to import. Then click Next.
Tip: You can also choose to “Import all instances of each selected report and
object package.”
This example imports the Report Samples folder and a subset of its contents.
Crystal Enterprise Administrator’s Guide
139
Importing with the Crystal Import Wizard
7 If you chose to import repository objects, the “Import repository objects
options” dialog box appears. Choose an importing option for repository
objects, then click Next.
8 When the “Information collection complete” dialog box appears, click Finish
to begin importing the information.
The Import Progress dialog box displays status information and creates an
Import Summary while the Crystal Import Wizard completes its tasks.
9 If the Import Summary shows that some information was not imported
successfully, click View Detail Log for a description of the problem.
Otherwise, click Done.
Note: The information that appears in the Detail Log is also written to a text
file called ImportWiz.log, which you will find in the directory from which the
Crystal Import Wizard was run. By default, this directory is:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\
The log file included a system-generated ID number, a title that describes the
imported information, and a field that describes the action taken and the reason
why.
140
Crystal Enterprise Administrator’s Guide
Controlling User Access
10
This chapter describes how to use rights to secure the
content that you publish to Crystal Enterprise, and to grant
users varying levels of access to Crystal Enterprise
components and administration. Predefined access levels,
advanced rights, and inherited rights are all discussed in
detail. Examples and procedures are provided in the form
of tutorials.
• “Controlling user access overview” on page 142
Crystal Enterprise Administrator’s Guide
141
Controlling user access overview
Controlling user access overview
Rights are the base units for controlling users’ access to objects, users, applications,
servers, and other features in Crystal Enterprise. When granted, each right
provides a user or group with permission to perform a particular action. Using
rights, you can set security levels that affect individual users and groups. Rights
allow you to control access to your Crystal Enterprise content, to delegate user and
group management to different departments, and to provide your IT people with
administrative access to servers and server groups.
To set rights within the Crystal Management Console (CMC), you first locate the
object, user, or server and then you specify the rights for different users and
groups. Each right can be Explicitly Granted, Explicitly Denied, or Inherited. The
Crystal Enterprise security model is designed such that, if a right is left “not
specified,” the right is denied by default. Additionally, if contradictory settings
result in a right being both granted and denied to a user or group, the right is
denied by default. This “denial based” design assists in ensuring that users and
groups do not automatically acquire rights that are not explicitly granted.
To facilitate administration and maintenance, Crystal Enterprise includes a set of
predefined access levels that allow you to set common security levels quickly. Each
access level grants a set of rights that combine to allow users to accomplish
common tasks (such as view reports, schedule reports, and so on). It is
recommended that you use the predefined access levels whenever possible,
because they can greatly reduce the complexity of your object security model. For
more information, see “Setting common access levels” on page 144.
Whether or not you use access levels, you can also take advantage of the
inheritance patterns recognized by Crystal Enterprise: users can inherit rights as
the result of group membership; subgroups can inherit rights from parent groups;
and both users and groups can inherit rights from parent folders. When you need
to disable inheritance or to customize security levels for particular objects, users,
or groups, the Advanced Rights pages allow you to choose from the complete set
of available object rights. Most importantly, the advanced object rights allow you
to explicitly deny any user or group the right to perform a particular task.
Users require specific licensing and rights to create or modify reports through the
Report Application Server (RAS). For details, see “Object rights for the Report
Application Server” on page 417.
Controlling users’ access to objects
To secure the content that you publish to Crystal Enterprise, you can set rights for
each object. By setting object rights, you can control users’ access to specific
content. For each object, you can grant or deny access to users and groups in your
system. For example, you can use rights to make sure that you are the only one
who can access your reports. You can ensure that confidential employee records
can be accessed only by the human resources department.
142
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
You can set rights for folders, report objects, program objects, and other Crystal
Enterprise objects.
Tip: For detailed tutorials that walk you through sample implementations of object
rights, see “Customizing a ‘top-down’ inheritance model” on page 154.
Viewing object rights settings
Use the CMC to view the object rights that a user or group has to any folder, report,
or other Crystal Enterprise object. This section shows how to locate the rights for
any object and briefly explains the information displayed on the Rights tab.
You can locate any given object in several ways. Go to the Folders management
area in the CMC to browse your folder hierarchy for an object, or go to the Objects
management area in the CMC to view a list of all the objects on the system.
Click the link that corresponds to the folder or other object whose rights you want
to see, then click the object’s Rights tab. A page similar to the following appears:
This example shows the rights for the Report Samples folder. The Name column
lists all users and groups who have been given rights to the object. The Object
column shows whether the entry is a User or a Group. In this case, users have not
been specified individually; instead, users have been divided into two groups—
Everyone and Administrators—which have been granted rights to the folder
object. Click Add/Remove to add or remove a user or group to this object.
The Access Level column shows how each user’s or group’s rights are determined.
In this example, both groups possess Inherited Rights. You can change the rights
for either group by selecting a predefined access level (or by selecting Advanced)
from the list in the Access Level column. When you change an entry in the Access
Level column, click Update to effect your changes. For more information, see
“Setting common access levels” on page 144.
The Net Access column displays the net effect of whatever is selected in the Access
Level column. That is, the Net Access column shows the effective rights that each
user or group has to the object. The Net Access column is particularly useful when
you are working with inheritance. In this example, the Everyone group inherits rights
from a parent folder—one that is not displayed on this screen. The Net Access
column shows that the rights inherited from the parent folder are equivalent to the
Schedule access level.
Crystal Enterprise Administrator’s Guide
143
Controlling users’ access to objects
Tip: If you want to view the individual object rights that make up a user’s (or
group’s) Net Access, click the corresponding Access Level list and select Advanced.
The Advanced Rights page displays the user’s full array of object rights that have
been specified explicitly and/or inherited. Click Cancel to exit without making
changes. For more information, see “Setting advanced object rights” on page 146.
For detailed tutorials that walk you through sample implementations of object
rights, see “Customizing a ‘top-down’ inheritance model” on page 154.
Setting common access levels
An access level is essentially a predefined set of object rights. Crystal Enterprise
provides a set of access levels that allow you to set common object security levels
quickly. The available predefined access levels are No Access, View, Schedule,
View On Demand, and Full Control. Access levels are based on a model of
increasing rights: beginning with No Access and ending with Full Control, each
access level builds upon the rights granted by the previous level. For example, the
Schedule access level includes and adds to the rights that are granted by the View
access level. For a complete listing of the object rights that make up each access
level, see “Access levels” on page 415.
Tip: By default, users or groups who have rights to a folder will inherit the same
rights for any object that you subsequently publish to that folder. Consequently,
the best strategy is to set the appropriate rights for users and groups at the folder
level first. Then publish objects to that folder.
Although access levels grant predefined sets of object rights, they do not explicitly
deny any object rights. Instead, each access level grants some rights and leaves the
other rights “not specified.” The system then denies the “not specified” rights by
default. This is important, because it allows users to inherit the greatest rights
when they belong to multiple groups:
• When you assign an access level to a group, each user in the group will have at
least that level of access to the object. If the user is a member of multiple
groups, then he or she inherits the combination of each group’s rights. Thus,
when a user is a member of multiple groups, he or she inherits the greatest
possible rights.
• When you assign an access level directly to a user, you ensure that the user has
only that level of access to the object. In other words, you prevent the user
from inheriting rights that he or she may have otherwise acquired by virtue of
group membership.
This list provides a brief description of each access level:
• No Access
The user or group is not able to access the object or folder. The Crystal
Enterprise web desktop, the Crystal Publishing Wizard, and the CMC enforce
this right by ensuring that the object is not visible to the user.
144
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
• View
If this access level is set at the folder level, the user or group is able to view the
folder, the objects contained within the folder, and all generated instances of
each object. If this access level is set at the object level, the user can view the
object, the history of the object, and all generated instances of the object. The
user cannot, however, schedule the object or refresh it against its data source.
• Schedule
The user or group is able to view the object or folder and its contents, and to
generate instances by scheduling the object to run against the specified data
source once or on a recurring basis. The user or group can view, delete, and pause
the scheduling of instances that they own. They can also schedule to different
formats and destinations, set parameters and database logon information, pick
servers to process jobs, add contents to the folder, and copy the object or folder.
• View On Demand
In addition to the rights provided by the Schedule access level, the user gains
the right to refresh data “on demand” against the data source.
• Full Control
This access level grants all of the available advanced rights. It is the only access
level that allows users to delete objects (folders, objects, and instances). This
access level also allows users to modify all of the object’s properties, including
the object rights that are set on the folder or object.
Basically, this access level is designed to provide a user or group with
administrative control over one or more folders or objects. Users can then log
on to the CMC and add, edit, and remove content as required, without being
members of the actual Administrators group.
• Advanced
This access level does not include a predefined set of object rights. Instead, it
allows you to customize a user’s or group’s access to an object by selecting from
the complete range of available object rights. For more information, see “Setting
advanced object rights” on page 146.
Note: There is no predefined access level to grant users the rights required to
create or modify reports through the Report Application Server (RAS). For
details, see “Object rights for the Report Application Server” on page 417.
For a detailed listing of the object rights that make up each access level, see “Rights
and Access Levels” on page 413.
Note: In the developer documentation, access levels are referred to as roles.
To set an access level for a user or group
1 Go to the Objects or Folders management area of the CMC.
2 Locate the object whose rights you want to modify.
3 Click the link to the object, and then click its Rights tab.
Crystal Enterprise Administrator’s Guide
145
Controlling users’ access to objects
4 In the Name column, locate the user or group whose rights you want to specify.
If the user or group is not listed, click Add/Remove. Add the appropriate user
or group and click OK. You are returned to the object’s Rights tab.
5 In the Access Level column, select the access level (No Access, View, Schedule,
View On Demand, or Full Control) that is appropriate for the user or group.
6 Click Update.
Tip: For detailed tutorials that walk you through sample implementations of object
rights, see “Customizing a ‘top-down’ inheritance model” on page 154.
Setting advanced object rights
To provide you with full control over object security, the CMC allows you to make
Advanced object rights settings for any user or group. These Advanced settings
enable you to choose from a complete set of granular object rights. The result is an
increased flexibility as you define security levels for objects that you have
published to Crystal Enterprise.
Use advanced rights, for instance, if you need to customize a user’s or group’s
rights to a particular object or set of objects, or if you want to customize the default
inheritance patterns. Most importantly, use advanced rights to explicitly deny a
user or group any right that should not be permitted to change when, in the future,
you make changes to group memberships or folder security levels.
Tip: By default, users or groups who have rights to a folder will inherit the same
rights for any object that you subsequently publish to that folder. Consequently,
the best strategy is to set the appropriate rights for users and groups at the folder
level first. Then publish objects to that folder.
Note: Because of the relative priorities assigned by Crystal Enterprise to granted
and denied rights, you must disable inheritance entirely when you need to explicitly
grant a right that has been denied elsewhere to the user or group. For complete
details, see “Priorities affecting advanced inheritance settings” on page 154.
To view or set advanced rights
1 Go to the Objects or Folders management area of the CMC.
2 Locate the object whose rights you want to modify.
3 Click the link to the object, and then click its Rights tab.
4 In the Name column, locate the user or group whose rights you want to specify.
If the user or group is not listed, click Add/Remove. Add the appropriate user
or group and click OK. You are returned to the object’s Rights tab.
5 The next step depends upon the entry that already appears in the Access Level
list for this user or group:
• If the Access Level is not already set to Advanced, click the list and select
Advanced.
146
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
• If the Access Level is already set to Advanced, click the Advanced link in
the Net Access column.
The available object rights are displayed in the Advanced Rights page. This
example shows advanced rights being applied to the Guest user for an
Employee Profile report.
Crystal Enterprise Administrator’s Guide
147
Controlling users’ access to objects
The first two options specify which types of inheritance affect the Guest user’s
rights to this object. In this example, the Guest user cannot inherit rights by virtue
of group membership. But, the Guest user may inherit any rights that he or she has
been granted to this report’s parent folder.
The remainder of the Advanced Rights page lists all available object rights and
shows how each right applies to the Guest user. To customize the overall security
levels, you can explicitly grant or deny any given right, or you can specify that you
want certain rights to be inherited.
The Inherited column serves as an indicator to show how inherited rights affect the
Guest user’s effective rights to this report object. A user or group can be granted or
denied a right by virtue of inheritance. In addition, some rights may remain “not
specified”—that is, they are neither granted nor denied. If an inherited right is
labelled as “Not Specified”, Crystal Enterprise treats it as having been denied.
(And if the right is later granted for a parent group or object, the user or group will
automatically inherit the right at this level.)
In this example, the Guest user has two inherited rights (the right to “View document
instances that the user owns” and to “Pause and Resume document instances that
the user owns”). Currently, these rights are not specified, so the rights are denied by
default. However, if the Guest user’s rights should change on the report’s parent
folder, the rights will also change for this report object. This demonstrates how
inheritance can facilitate future changes to the overall security model.
Tip: For scalability and manageability, it is recommended that you leave as many
rights as possible inherited, because the system automatically updates those rights
as you modify and update your security settings throughout the folder and group
hierarchies.
The Explicitly Granted column shows which actions the Guest user is allowed to
perform on this report. The Guest user is currently granted eleven rights to this
report (the right to “View objects,” “Schedule the document to run,” and so on).
Because group inheritance is disabled, the Guest user will retain these rights, even if
its group membership is modified or changed completely. This demonstrates how
you can use explicit rights to override a group’s rights for a particular group member.
The Explicitly Denied column works similarly to the Explicitly Granted column.
Regardless of any future changes to the user’s group membership, an explicitly
denied right always prevents a user from performing the associated action. In this
example, the Guest user has been explicitly denied eleven rights (the right to “Add
objects to the folder,” “Edit objects,” and so on). Again, this demonstrates how you
can use explicit rights to override a group’s rights for a particular group member.
When you have made your changes on the Advanced Rights page, click OK.
Tip: For detailed tutorials that walk you through sample implementations of object
rights, see “Customizing a ‘top-down’ inheritance model” on page 154.
148
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
Base rights and available rights
The Crystal Enterprise system defines a set of base rights that apply to all objects in
the system. For example, the “View objects” right is a base right: it applies equally
well to folders, to reports, and to other Crystal Enterprise objects. In addition to
these base rights, however, each type of object provides an additional set of rights
that apply only to that object type. For example, the “Refresh the report’s data”
right applies only to report objects.
The Crystal Management Server (CMS) is the component that keeps track of available
rights. The list of available rights includes the base rights and all other object-specific
rights that have been provided by particular object types, such as Crystal report objects.
On the Advanced Rights pages, you will find that all of the available rights are
displayed for every object on the system. For example, the rights displayed for a
folder object seem to correspond exactly to the rights displayed for a report object,
even though object-specific rights such as “Refresh the report’s data” do not apply
to folder objects.
Available rights are displayed for every object on the system for purposes of
inheritance, so that you can set object security at the folder level (rather than
repeating the same settings for every object in the folder). Although certain objectspecific rights do not strictly apply to the folder object itself, these rights may apply
to objects that inherit rights from the folder. In other words, the “Refresh the report’s
data” right is displayed for the folder object so that you can grant a user the right to
refresh the data in all reports for which the user inherits rights from this folder.
Note: This is only one type of object inheritance. For more information, see
“Group and folder inheritance” on page 150.
Using inheritance to your advantage
In regards to object rights, Crystal Enterprise recognizes two types of inheritance:
group inheritance and folder inheritance. By taking advantage of the ways in
which object rights are inherited, you can reduce the amount of time it takes to
secure the content that you have published to Crystal Enterprise. Additionally,
you can set up Crystal Enterprise such that you can integrate new users and new
content quickly and easily.
To facilitate administration, it is recommended that you enable and disable
inheritance with access levels whenever possible (instead of with advanced rights).
Additionally, it is recommended that you make your initial settings at the top-level
Crystal Enterprise folder and disable inheritance only when necessary. For
detailed tutorials that walk you through sample implementations of object rights,
see “Customizing a ‘top-down’ inheritance model” on page 154.
Tip: By default, users or groups who have rights to a folder will inherit the same
rights for any object that you subsequently publish to that folder. Consequently,
the best strategy is to set the appropriate rights for users and groups at the folder
level first. Then publish objects to that folder.
Crystal Enterprise Administrator’s Guide
149
Controlling users’ access to objects
Group and folder inheritance
Group inheritance allows users to inherit rights as the result of group membership.
Group inheritance proves especially powerful when you organize all of your users
into groups that coincide with your organization’s current security conventions.
For example, if you create a user called Sample User, and add it to an existing
group called Sales, then Sample User will automatically inherit the appropriate
rights for each of the reports and folders that the Sales group has been added to.
When group inheritance is enabled for a user who belongs to more than one group,
the rights of both groups are considered when the system checks credentials. The
user is denied any right that is explicitly denied in any group, and the user is
denied any right that remains completely “not specified”; thus, the user is granted
only those rights that are granted in one or more groups (explicitly or through
access levels) and never explicitly denied.
Folder inheritance allows users to inherit any rights that they have been granted on
an object’s parent folder. Folder inheritance proves especially powerful when you
organize Crystal Enterprise content into a folder hierarchy that reflects your
organization’s current security conventions. For example, suppose that you create a
folder called Sales Reports, and you provide your Sales group with View On Demand
access to this folder. By default, every user that has rights to the Sales Reports folder
will inherit the same rights to the reports that you subsequently publish to this folder.
Consequently, the Sales group will have View On Demand access to all of the reports,
and you need only set the object rights once, at the folder level.
Note: If you need to disable or modify inheritance patterns for a particular folder
or object within your folder hierarchy, you can do so with access levels or with
advanced rights.
Enabling and disabling inheritance with access levels
With access levels, you can enable or disable group inheritance, folder inheritance,
or both. You can alternatively enable one or both types of inheritance with Advanced
rights settings. For details, see “Inheritance with advanced rights” on page 151.
To enable inheritance with an access level
1 Go to the Objects or Folders management area of the CMC.
2 Locate the object whose rights you want to modify.
3 Click the link to the object, and then click its Rights tab.
4 In the Name column, locate the user or group whose rights you want to specify.
If the user or group is not listed, click Add/Remove. Add the appropriate user
or group and click OK. You are returned to the object’s Rights tab.
5 In the Access Level column, select Inherited Rights for the user or group.
6 Click Update.
150
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
The Net Access column now displays the effective rights that the user or group
has inherited for this object.
Note: If the entry displayed in the Net Access column is Advanced, ensure that
both types of inheritance are enabled in the parent folder’s advanced rights
settings. For details, see “Setting advanced object rights” on page 146.
To disable inheritance with an access level
Note: This procedure disables group and folder inheritance for a user account.
When applied to a group, this procedure does not prevent group members from
inheriting rights by virtue of membership in other groups.
1 Go to the Objects or Folders management area of the CMC.
2 Locate the object whose rights you want to modify.
3 Click the link to the object, and then click its Rights tab.
4 In the Name column, locate the user whose rights you want to specify.
If the user is not listed, click Add/Remove. Add the appropriate user and click
OK. You are returned to the object’s Rights tab.
5 In the Access Level column, select the access level (No Access, View, Schedule,
View On Demand, or Full Control) that is appropriate for the user.
6 Click Update.
The Net Access column now displays the effective rights that the user has to the
object. Because you have disabled all inheritance, the Net Access entry equals
the Access Level entry.
Inheritance with advanced rights
When you apply an Advanced set of object rights to a user or group for a particular
object, you can enable or disable group and folder inheritance together or
individually. On the Advanced Rights pages, the settings for inheriting rights from
parent folders or groups serve as powerful tools that allow you to customize
inheritance patterns in many ways.
Note: You see the “Username will inherit rights from its parent groups” option if
you are setting rights for a user; this option does not appear if you are setting
rights for a group.
Tip: When modifying inheritance patterns with Advanced rights settings, keep in
mind that you can always assign a user a specific set of rights, either by explicitly
applying a predefined access level, or by explicitly applying an Advanced setting
in which both types of inheritance are disabled.
To take full advantage of inheritance patterns and Advanced rights settings, it is
useful to understand not only the types of inheritance that are available, but also
the ways in which a user’s effective rights are calculated by the CMS.
For more information on the two types of inheritance, see “Group and folder
inheritance” on page 150.
Crystal Enterprise Administrator’s Guide
151
Controlling users’ access to objects
Calculating a user’s effective rights
When a user attempts to perform an action on a Crystal Enterprise object, the CMS
determines the user’s rights to that object. If the user possesses sufficient rights, the
CMS permits the user to perform the requested action.
Although the calculations performed by the CMS can become quite complex, there are
several ways to keep your object security model clear, consistent, and easy to maintain.
For complete details on setting up a system that makes sense for your Crystal
Enterprise system, see “Customizing a ‘top-down’ inheritance model” on page 154.
To calculate the user’s effective rights, the CMS follows a complex algorithm. This
sequence of steps, and its various possible outcomes, is provided for
administrators and/or system architects who prefer to know exactly how the CMS
calculates the rights a user has to any object. The algorithm is described here and
then illustrated in a different way using pseudocode:
1 The CMS checks the rights that have been directly granted or denied to the
user’s account. The CMS immediately denies any right that is explicitly denied.
Tip: If an individual user’s account has not been assigned any rights to the
object, then group inheritance is enabled by default. As the result, you can make
all your object rights settings at the group level to save administrative effort.
2 If folder inheritance is enabled for the user, the CMS determines the rights that
the user has to the object’s parent folder. The CMS determines these rights by
ascending the inheritance tree to the level at which the inherited rights begin
to take effect. The CMS denies any right that is explicitly denied (even if the
right had already been explicitly granted).
3 If group inheritance is enabled for the user, the CMS determines the rights
specified on the object for each of the groups that the user belongs to. The CMS
denies any right that is explicitly denied in any group (even if the right had
already been explicitly granted).
4 If group inheritance is enabled for the user, and folder inheritance is enabled
for a group that the user belongs to, then the CMS determines the rights that
the group has to the parent folder. The CMS denies any right that is explicitly
denied in any group (even if the right had already been explicitly granted).
5 The CMS completes the algorithm by denying any rights that remain “Not
Specified.”
As the result, when both types of inheritance are enabled, the CMS grants the user
only those rights that are explicitly granted in one or more locations and never
explicitly denied.
When you disable both types of inheritance for a user, you reduce this algorithm
to two steps (1 and 5). Thus, the CMS grants the user only those rights that he or
she has been explicitly granted. This provides you with the least complicated way
of ensuring that a user has only those rights that you have explicitly granted to him
or her for a particular object.
152
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
When you disable folder inheritance for a user, you reduce this algorithm to three
steps (1, 3, and 5). When you disable group inheritance for a user, you reduce this
algorithm to three different steps (1, 2, and 5). In both cases, the CMS grants the
user only those rights that are explicitly granted in one or more locations and never
explicitly denied.
This pseudocode is provided as another way to illustrate and describe the algorithm
that the CMS follows in order to determine whether a user is authorized to perform
an action on a particular object:
IF {
(User granted right to object = True)
OR [
(Inherit Parent Folder Rights = True) AND (User granted right to
parent folder = True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to object =
True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to parent
folder = True)
]
}
AND {
(User denied right to object = False)
AND [
(Inherit Parent Folder Rights = False)
OR ((Inherit Parent Folder Rights = True) AND (User denied right to
parent folder = False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to object
= False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to parent
folder = False))
]
}
THEN
{
User action authorized = True
}
ELSE
{
User action authorized = False
}
Crystal Enterprise Administrator’s Guide
153
Controlling users’ access to objects
Priorities affecting advanced inheritance settings
When you modify inheritance patterns with advanced rights, there are several
important considerations to keep in mind. Where relevant, these considerations
appear elsewhere in this chapter. They have been summarized here for reference.
Denied rights take precedence over granted rights. This can cause seemingly
contradictory results when inheritance is enabled. Suppose that the “View objects”
right is explicitly denied to a Sales group for a particular folder of reports. For the
same folder, the “View objects” right has been explicitly granted to a Manager
user, and the “Respect current security by inheriting rights from parent groups”
check box is selected. The Manager user is a member of the Sales group. In this
scenario, the Manager user is both granted and denied the “See object” right to the
folder. Because denied rights take precedence, the Manager user is effectively
denied the ability to see the folder, so long as the user account inherits rights from
its parent group (Sales). To remedy this situation, you could clear the “Respect
current security by inheriting rights from parent groups” check box on the
Advanced Rights page for the Manager user, or you could remove the Manager
user from the Sales group.
Rights that are not specified are denied by default. On the Advanced Rights page
for any object, the Inherited Rights column may label certain rights as “Not
Specified.” This entry denotes rights that are neither granted nor denied by
inheritance. To prevent possible security breaches, Crystal Enterprise
automatically denies rights that are not specified.
Customizing a ‘top-down’ inheritance model
With the flexibility offered by object rights, inheritance, and advanced rights, you
can customize your object-level security environment in many ways. However, as
the complexity of any security system increases, so too can that system become
more difficult and time-consuming to maintain. This section recommends two
general ways of setting up object security such that you achieve the desired
security levels without complicating future administrative tasks. To this purpose,
this section provides two tutorials that shows how to set up object security from
the top-level folder (the root folder) down:
• “Setting up an open system of decreasing rights” on page 158
This detailed tutorial creates an open security model. By default, all users and
groups are first granted rights to all objects on the system. As you add folders
and subfolders to the system, you decrease the rights of users and groups, as
required, in order to secure particular Crystal Enterprise content.
• “Setting up a closed system of increasing rights” on page 170
This shorter tutorial creates the basis for closed security model. By default,
users and groups cannot access any objects on the system. As you add folders
and subfolders to the system, you increase the rights of users and groups, as
required, in order to grant access to particular Crystal Enterprise content.
154
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
You can use your own Enterprise, NT, or LDAP groups when following along with
these tutorials, or you can create new groups that correspond to those used in the
tutorial. For details on setting up these groups and subgroups, see “Creating
groups for the tutorials” on page 155.
In each tutorial, you will specify the object rights that particular groups have to
certain folders on the system. By making all of your security settings at the group
and folder levels, you reduce the administrative efforts now and later. After
finishing each tutorial, you may decide to add users to each group and to publish
objects to each folder. If you do so, each user will inherit the appropriate rights for
every folder and object on the system.
Creating groups for the tutorials
The object security tutorials make use of eight Enterprise groups. The four primary
groups are named Administrators, Everyone, Sales, and Marketing. The Sales
group has four additional subgroups: Sales USA, Sales Japan, Sales Managers, and
Sales Report Designers. The Administrators and Everyone groups are created by
default when you install Crystal Enterprise, so these two procedures show only
how to create the remaining groups for the tutorials.
Note: For the shorter tutorial entitled “Setting up a closed system of increasing
rights”, you need only create the Sales group and its Sales USA, Sales Japan, and
Sales Managers subgroups.
To create the Sales and Marketing groups
1 Go to the Groups management area of the CMC.
2 Click New Group.
The new group’s Properties tab appears.
3 In the Group Name field, type Marketing
Crystal Enterprise Administrator’s Guide
155
Controlling users’ access to objects
4 In the Description field, type This group contains all users who work in
Marketing.
5 Click OK.
The Marketing group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
6 Repeat steps 1 to 5 to create another group called Sales. Use this description
for the group: This group contains all users who work in Sales (worldwide).
To create the Sales subgroups
1 Go to the Groups management area of the CMC.
2 Click New Group.
3 In the Group Name field, type Sales USA
4 In the Description field, type This group contains all users who work in
Sales in the USA.
5 Click OK.
The Sales USA group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
6 Click the Member of tab; then click the Member of button.
The Modify Member of page appears.
7 In the Available groups list, select Sales; then click the > arrow.
156
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
The Sales group is added to the “Sales USA is a member of” list, as displayed here:
8 Click OK.
You are returned to the “Member of” tab. The Sales USA group is now a
member (or subgroup) of the Sales group.
9 Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials.
Use the following values for the Group Name and Description fields:
Group Name
Description
Sales Japan
This group contains all users who work in Sales in Japan.
Sales Managers
This group contains all users who manage a Sales team.
Sales Report
Designers
This group contains all users who design and publish
reports for the Sales teams.
If you now return to the Groups management area of the CMC, all of the new
groups are displayed as follows:
Crystal Enterprise Administrator’s Guide
157
Controlling users’ access to objects
You are now ready to proceed to either of the object security tutorials:
• “Setting up an open system of decreasing rights”.
• “Setting up a closed system of increasing rights” on page 170.
Setting up an open system of decreasing rights
This tutorial shows how to create an open security model, wherein groups of users
are first granted rights to all objects on the system by default. As you add folders
and subfolders to the system, you decrease the rights of users and groups, as
required, in order to secure particular Crystal Enterprise content.
In this scenario, you are creating folders for several groups within your organization.
You have some reports that you want to add to the system immediately. Because
some groups plan to add their own reports later, you also need to give some users
the ability to add subfolders and to publish reports. These are your security
requirements for each folder:
• Everyone must be able to view the majority of your reports.
• Administrators require Full Control access to all folders and objects on the system.
• Sales Managers are allowed to refresh most reports against the database to
view the most recent data.
• The Marketing group needs Full Control access to its own set of folders that no
other user can access (other than Administrators).
• The Sales groups need a hierarchy of folders containing worldwide reports,
regional reports, and management reports:
• All Sales staff can view worldwide reports.
• Sales staff can also view reports for their own regions. If the staff member is
also a Manager, he or she can view and refresh reports from all regions.
• Sales Managers require Full Control access to the management reports.
• Sales Report Designers require custom administrative privileges to all Sales
folders.
For a shorter, less detailed tutorial, see “Setting up a closed system of increasing
rights” on page 170.
Changing default rights on the top-level folder
The first step is to set object rights on the top-level Crystal Enterprise folder. This
folder serves as the root for all other folders and objects that you add to the system.
Each subfolder, report, or other object that you add to this top-level folder will by
default inherit rights from this folder. So, by setting rights here first, you minimize
the need to repeatedly customize object rights throughout your folder hierarchy.
158
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
With this procedure, you set security on the top-level folder in order to meet your
first three security requirements:
• Everyone must be able to view the majority of your reports.
• Administrators require Full Control access to all folders and objects on the system.
• Sales Managers are allowed to refresh most reports against the database to
view the most recent data.
To change the rights on the top-level folder
1 Go to the Settings management area of the CMC.
2 Click the Rights tab.
By default, the Everyone and the Administrators groups are granted access to
this folder. You now need to reduce the rights of the Everyone group and to
increase the rights of the Sales Managers.
3 Click the Access Level list that corresponds to the Everyone group, and select
View.
4 Click Update.
The rights for the Everyone group are reduced and the View access level is now
displayed in the Net Access column.
Now you will customize the top-level rights for the Sales Managers group.
Crystal Enterprise Administrator’s Guide
159
Controlling users’ access to objects
5 Click Add/Remove.
The Add/Remove page appears.
6 In the Select Operation list, click Add/Remove Groups.
7 In the Available groups list, select Sales Managers.
8 Click the > arrow; then click OK.
You are returned to the Rights tab on the Settings page. Ensure that you grant
the Sales Managers group View On Demand access. If necessary, change the
Access Level list and click Update. This provides the Sales Managers group
with sufficient rights to refresh reports.
Now, your system meets your first three security requirements. The Everyone,
Administrators, and Sales Managers groups will initially inherit these rights for any
folders, subfolders, or reports that you subsequently publish to Crystal Enterprise.
You might, for instance, create folders for all of your generally accessible inventory
reports, customer list reports, purchasing order reports, and so on.
Now that you have created an open basis for your object security model, you will
proceed to restricting access to certain folders within the system.
160
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
Decreasing rights to a private folder
Another security requirement for this tutorial is that the Marketing group needs
Full Control access to their own set of folders that no other user can access. To
accomplish this, you will create a private folder called Marketing Only and ensure
that only the appropriate group of users has access to its contents.
To decrease rights to a private folder
1 Go to the Folders management area of the CMC.
2 Click New Folder.
3 On the Properties tab, in the Folder Name field, type Marketing Only
4 In the Description field, type This folder is accessible only to Marketing.
5 Click OK.
6 Click the Rights tab.
7 In the Access Level column, select the following rights for each group:
• Administrators: (Inherited Rights)
• Everyone: No Access
• Sales Managers: No Access
8 Click Update.
The Net Access column shows that you have secured this folder from all users
other than Administrators.
Next, you will grant the Marketing group Full Control access to this folder.
9 Click Add/Remove.
The Add/Remove page appears.
10 In the Select Operation list, click Add/Remove Groups.
11 In the Available groups list, select Marketing.
12 Click the > arrow; then click OK.
You are returned to the Rights tab. The Marketing group is granted access to the
folder. You need to change the default setting to grant them Full Control access.
13 Click the Access Level list that corresponds to the Marketing group, and select
Full Control.
14 Click Update.
Crystal Enterprise Administrator’s Guide
161
Controlling users’ access to objects
The Net Access column shows that you have granted the Marketing group Full
Control access to this folder.
Members of this group now have the ability to perform all tasks in this folder. They
can add and delete reports, folders, and subfolders, and they can view, schedule,
and export reports to all available destinations and formats.
To complete this tutorial, you need to customize the rights that various Sales
groups have to a hierarchical set of Sales folders. Before setting the rights for each
group, you will see how to create multiple folders quickly when you publish a set
of reports to Crystal Enterprise.
Publishing a set of folders and reports
The final security requirements for this tutorial are related to the Sales group and
its subgroups. They require a hierarchy of folders containing worldwide reports,
regional reports, and management reports.
Because this tutorial sets up a system of decreasing rights, you will first create a set
of folders that places the most general content at the top of the directory tree. In
this case, all Sales staff can view the worldwide reports, so the folder for those
reports requires the lowest level of security. The regional reports will go in
subfolders that are accessible only to users who belong to the appropriate regional
Sales group. The management reports will be located in subfolders of each of the
regional folders.
You could create this set of folders using the CMC, as in the earlier sections of this
tutorial. However, if you already have a set of reports, the Crystal Publishing Wizard
provides the quickest way to add content and create folders at the same time.
162
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
To create a set of folders while publishing reports
1 On your local hard drive, create a set of folders that correspond to the folders
you want to add to Crystal Enterprise.
For this tutorial, the Sales folders are named and arranged hierarchically as
follows:
2 Arrange your reports (.rpt files) in the new folders on your local hard drive.
If you do not have any of your own reports, use some of the sample reports
included with Crystal Enterprise. The sample reports are typically installed to
C:\Program Files\Crystal Decisions\Enterprise 10\Samples\language\Reports
(replace language with en, de, fr, or jp, depending upon your version of Crystal
Enterprise).
Note: To complete this procedure, you must place at least one report file in
each of the folders that you have created on your local hard drive. Otherwise,
the Crystal Publishing Wizard will not create the appropriate directories on
the Crystal Enterprise system.
3 From the Crystal Enterprise 10 Programs group, start the Crystal Publishing
Wizard and, when it appears, click Next.
4 In the System field, type the name of the CMS to which you want to add
objects.
5 In the User Name and Password fields, type your Crystal Enterprise
credentials.
6 From the Authentication list, select the appropriate authentication type.
7 Click Next.
The Select A File dialog box appears.
Crystal Enterprise Administrator’s Guide
163
Controlling users’ access to objects
8 Click Add Folders.
9 Select the top level Worldwide Sales folder that you created on your local
hard drive.
10 Select the Include subfolders check box, and then click OK.
You are returned to the Select A File dialog box. All of the reports are added to
the list.
11 Click Next.
The Folder Hierarchy dialog box appears.
164
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
12 Select Yes to duplicate the local folder hierarchy on the Crystal Enterprise
system; then click Next.
13 In the Specify Location dialog box, click New Folder.
14 Name the folder Worldwide Sales and ensure that it is located at the top of the
directory tree, as shown here:
15 Click Next.
The Location Preview dialog box appears. You can see here that the Regional
Sales folders will be created below the Worldwide Sales folder, and the
Managers Only folders will be created as additional subfolders. The actual
report files are arranged in the appropriate folders.
Crystal Enterprise Administrator’s Guide
165
Controlling users’ access to objects
16 Click Next.
17 Proceed through the rest of the Crystal Publishing Wizard and make any
desired changes to your reports.
Tip: If you are publishing sample reports for the purpose of this tutorial, click
Next to accept all the default values. For more information on the rest of the
Crystal Publishing Wizard, see “Publishing with the Crystal Publishing
Wizard” on page 117.
When the Crystal Publishing Wizard has added the reports and folders to the
system, it displays a summary:
18 Click Finish to close the Crystal Publishing Wizard.
You are now ready to set each Sales group’s object rights for the new set of Sales
folders.
Setting the base rights on the Sales folders
Now that you have used the Crystal Publishing Wizard to add reports and create
the appropriate folders and subfolders, you are ready to set the object rights for
each level of reporting content.
The security requirements are as follows:
• All Sales staff can view worldwide reports.
• Sales staff can also view reports for their own regions. If the staff member is
also a Manager, he or she can view and refresh reports from all regions.
• Sales Managers require Full Control access to the management reports.
• Sales Report Designers require custom administrative privileges to all Sales
folders.
166
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
To set the base rights on the Worldwide Sales folder
1 Go to the Folders management area of the CMC.
2 Click the link to the Worldwide Sales folder.
3 On the folder’s Rights tab, click Add/Remove.
4 In the Select Operation list, click Add/Remove Groups.
5 In the Available groups list, select Sales and Sales Report Designers.
Tip: Use CTRL+click to select multiple groups.
6 Click the > arrow; then click OK.
You are returned to the Rights tab.
7 In the Access Level column, select the following rights for each group:
• Administrators: Inherited Rights
• Everyone: No Access
• Sales: View
• Sales Managers: Inherited Rights
• Sales Report Designers: This group requires additional rights to publish
content to this folder. You will use advanced rights to make these changes
in the next procedure. For now, leave the Access Level list with the default
settings.
8 Click Update.
The Net Access column is updated to show your new security settings.
You now need to grant the Sales Report Designers group a set of advanced rights,
so group members can administer all the Sales folders.
Creating a group of folder administrators
This section of the tutorial shows how to provide a particular group of users with
a customized level of administrative control over a set of folders. In general, you
can accomplish this with the Full Control access level. This example, however, uses
advanced rights to grant the Sales Report Designers group a particular set of
administrative privileges to all Sales folders.
To create a group of Sales folder administrators
1 If you are not already there, go to the Rights tab of the Worldwide Sales folder.
2 In the Access Level list for the Sales Report Designers group, select
Advanced.
The Advanced Rights page appears. You will use this page to grant group
members a high level of control over the folder and its contents. However, you
will not let any group member delete objects that have been added to a Sales
folder.
Crystal Enterprise Administrator’s Guide
167
Controlling users’ access to objects
3 To ensure that you completely break all inheritance patterns, clear the
“Worldwide Sales” will inherit rights from its parent folders check box.
4 Click Apply.
Now that you have disabled all rights inheritance, the advanced rights that you
specify will be the only rights that group members have to the folder.
5 In the Explicitly Denied column, select the following rights:
• Modify the rights users have to objects
• Delete objects
Tip: You may choose to explicitly deny additional rights to suit your needs. For
instance, to prevent these folder administrators from copying confidential
reports to public folders, you could deny the “Copy objects to another folder”
right. Or, if you prefer to retain all administrative control over report-processing
servers, you could deny the “Define server groups to process jobs” right.
6 In the Explicitly Granted column, select all remaining rights.
7 Click OK.
You are returned to the Rights tab for the Worldwide Sales folder. The Net
Access column now shows that the Sales Report Designers group has
Advanced rights to this folder.
Tip: Click the Advanced link in the Net Access column when you need to review or
modify a set of advanced rights that have already been applied to a user or group.
Now that you have set object rights on the uppermost Sales folder, you will
proceed to decrease rights as you descend the folder hierarchy.
Decreasing rights to the Sales subfolders
Recall that the security requirements for the regional sales reports are as follows:
• Sales staff can view reports for their own region and can refresh these reports
against the database to view the most recent data.
• If the staff member is also a Manager, he or she can view and refresh reports
from all regions.
You will use the various Sales groups to decrease rights appropriately for each
Regional Sales folder.
To decrease rights to the regional Sales folders
1 Go to the Regional Sales - JP folder and click its Rights tab.
2 Click Add/Remove.
3 In the Select Operation list, click Add/Remove Groups.
4 In the Available groups list, select Sales Japan.
5 Click the > arrow; then click OK.
You are returned to the Rights tab of the Regional Sales - JP folder.
168
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
6 In the Access Level column, select the following rights for each group:
• Administrators: Inherited Rights
• Everyone: Inherited Rights
• Sales: No Access
• Sales Japan: View On Demand
• Sales Managers: Inherited Rights
• Sales Report Designers: Inherited Rights
7 Click Update.
The Net Access column shows your new security settings. As required, the
Sales Japan and the Sales Managers groups have View On Demand access,
which allows them to refresh reports against the database to view the latest
data. The Sales Report Designers retain their advanced rights, and all other
users are prevented from accessing the folder (except for Administrators).
8 Repeat steps 1 to 6 for the Regional Sales - USA folder, but grant View On
Demand access to the Sales USA group (instead of to the Sales Japan group).
You are now ready to complete the tutorial by customizing security for the final
level of Sales folders—the Managers Only folders.
To decrease rights to the Managers Only folders
1 Go to the Regional Sales - JP folder and click its Subfolders tab.
2 Click the link to the Managers Only folder and click its Rights tab.
3 In the Access Level column, select the following rights for each group:
• Administrators: Inherited Rights
• Everyone: Inherited Rights
• Sales: Inherited Rights
• Sales Japan: No Access
• Sales Managers: Full Control
• Sales Report Designers: Inherited Rights
4 Click Update.
The Rights tab of this Managers Only folder now shows that the
Administrators, Sales Managers, and Sales Report Designers groups all have
Full Control access to the folder. Members who do not belong to one of these
groups are completely restricted from the folder.
5 Go to the Regional Sales - USA folder and click its Subfolders tab.
6 Click the link to the Managers Only folder and click its Rights tab.
7 In the Access Level column, select the following rights for each group:
• Administrators: Inherited Rights
• Everyone: Inherited Rights
• Sales: Inherited Rights
• Sales Managers: Full Control
Crystal Enterprise Administrator’s Guide
169
Controlling users’ access to objects
• Sales Report Designers: Inherited Rights
• Sales USA: No Access
8 Click Update. The Rights tab of this Managers Only folder shows again that
the Administrators, Sales Managers, and Sales Report Designers groups all
have Full Control access to the folder. Members who do not belong to one of
these groups are completely restricted from the folder.
You have now reached the end of this tutorial.
Setting up a closed system of increasing rights
This tutorial shows how to set up the basis for a closed security model, wherein
groups of users are first denied rights to all objects on the system by default. As
you add folders and subfolders to the system, you increase the rights of users and
groups, as required, so they can access their Crystal Enterprise content.
In this scenario, you are creating folders for several groups within your
organization. These are your security requirements for each folder:
• The majority of your reports should be inaccessible to most users.
• Administrators require Full Control access to all folders and objects on the system.
• The Sales groups need a hierarchy of folders containing management reports
and regional reports:
• Only the Sales Managers can view the management reports and all regional
reports.
• Sales staff can only view reports for their own region.
Because this scenario first completely restricts access to the top-level folders, and
then gradually increases access to subfolders further down the folder hierarchy, the
results are essentially incompatible with the design of the Crystal Enterprise web
desktop. The closed security model works best when you deploy a web desktop or
other application that provides users with a list of all reports and/or folders to
which they have access. The sample Report Thumbnail Client and the In-frame
Client applications provide examples that are compatible with a closed security
model. You can access these applications from the Client Samples area of the Crystal
Enterprise Launchpad.
The Crystal Enterprise web desktop, by contrast, adheres to a hierarchical view of
the system’s folder structure. Thus, if users cannot access a top-level folder, they
have no way of browsing its subfolders (even if they have Full Control over those
subfolders and their contents). If you implement this closed security model in
conjunction with the Crystal Enterprise web desktop, users will need to search for
specific reports by name or description.
For a lengthier, more detailed tutorial, see “Setting up an open system of
decreasing rights” on page 158.
170
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
Restricting access from the top-level folder
The first step is to set object rights on the top-level Crystal Enterprise folder. This
folder serves as the root for all other folders and objects that you add to the system.
Each subfolder, report, or other object that you add to this top-level folder will inherit
rights from this folder by default. So, by setting rights here first, you minimize the
need to repeatedly customize object rights throughout your folder hierarchy.
With this procedure, you set security on the top-level folder in order to meet your
first two security requirements:
• The majority of your reports should be inaccessible to most users.
• Administrators require Full Control access to all folders and objects on the system.
This procedure gives the Everyone group No Access to all published content. This
is how you set the basis for a closed security model. Do not use advanced rights to
explicitly deny rights to the Everyone group (or any other group) at the top-level
folder of your Crystal Enterprise system, because once a right has been explicitly
denied, you have to break all inheritance patterns in order to grant the same right
further down the folder hierarchy.
To change the rights on the top-level folder
1 Go to the Settings management area of the CMC.
2 Click the Rights tab.
You need only reduce the rights of the Everyone group.
3 Click the Access Level list that corresponds to the Everyone group, and select
No Access.
Note: If users access reports through Crystal Enterprise, they will be unable to
browse subfolders once you make this initial security setting. Users will,
however, be able to search for reports by name or description.
4 Click Update.
The rights for the Everyone group are reduced and No Access is displayed in
the Net Access column.
Now, your system meets your first two security requirements. The Everyone
group is prevented from seeing all subsequently published content, and the
Administrators group retains Full Control in order to maintain the system.
Now that you have created a closed basis for your object security model, you will
increase access to certain folders within the system.
Increasing access by descending the folder hierarchy
The remaining security requirements for this tutorial are related to the Sales group
and its subgroups. They require a hierarchy of folders containing management
reports and regional reports. Because this tutorial sets up a system of increasing
rights, the most secure content will be stored at the top of the directory tree.
Crystal Enterprise Administrator’s Guide
171
Controlling users’ access to objects
With these procedures, you create the folder hierarchy and set access levels in
order to meet the remaining security requirements:
• Only the Sales Managers can view the management reports and all regional
reports.
• Sales staff can only view reports for their own region.
To provide minimal access to the management reports
1 Go to the Folders management area of the CMC.
2 Click New Folder.
3 On the Properties tab, in the Folder Name field, type Management Reports
4 Click OK.
The new folder is created and the page is refreshed.
5 On the Rights tab, click Add/Remove.
6 In the Select Operation list, click Add/Remove Groups.
7 In the Available Groups list, select Sales Managers.
8 Click the > arrow; then click OK.
You are returned to the Rights tab of the Management Reports folder.
9 Click the Access Level list for the Sales Managers group, and select View.
10 Click Update.
The Rights tab now shows that the Sales Managers group has View access to
this folder and to any objects that you subsequently publish to it. As required,
the Everyone and Administrators groups have inherited the rights that you set
on the top-level Crystal Enterprise folder.
Now you need only create folders for the regional reports and grant access to the
appropriate regional Sales groups.
To provide selective access to the regional reports
1 If you are not already there, go to the Management Reports folder.
2 On the Subfolders tab, click New Folder.
3 On the Properties tab, in the Folder Name field, type Regional Reports - JP
4 Click OK.
The new folder is created and the page is refreshed.
5 On the Rights tab, click Add/Remove.
6 In the Select Operation list, click Add/Remove Groups.
7 In the Available Groups list, select Sales Japan.
8 Click the > arrow; then click OK.
You are returned to the Rights tab of the Management Reports folder.
172
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
9 In the Access Level list for the Sales Japan group, select View.
10 Click Update.
The Rights tab now shows that the Sales Japan group has View access to this
folder and to any objects that you subsequently publish to it. The
Administrators, Everyone, and Sales Managers groups automatically inherit
the appropriate rights for this folder.
11 Repeat this procedure to create a subfolder called Regional Reports - USA and
to provide the Sales USA group with View access to the folder.
When you finish, the Rights tab of the Regional Reports - USA folder shows that
you have set the rights as required for this tutorial.
You have now reached the end of this tutorial.
Controlling access to Crystal applications
You can use rights to control users’ access to certain features in Crystal Enterprise
applications. You can grant or deny users access to the Crystal Management
Console. For the Crystal Enterprise web desktop, you can grant users or groups the
ability to:
• change their preferences
• organize folders
• search
• filter object listings by object type
• view the Favorites folder
For example, if you have already created your users’ folders using a standard
naming convention, you may want to deny your users the ability to organize their
own folders.
Note: By default, all users have access to these features.
To grant access to a Crystal application’s features
1 Go to the Crystal Applications management area of the CMC.
2 To change access rights for the Crystal Enterprise web desktop, click Web
Desktop.
To change access rights for the CMC, click Crystal Management Console.
3 Click the Rights tab.
4 Click Add/Remove to add users or groups you want to give access to the features.
5 On the Add/Remove page, in the Select Operation list, select Add/Remove
Groups, Add Users, or Remove Users.
6 Select the user or group you want to grant access to the features.
Crystal Enterprise Administrator’s Guide
173
Controlling administrative access
Tip: If you have many users on your system, select the Add Users operation;
then use the “Look for” field to search for a particular account.
7 Click OK.
8 On the Rights tab, click Advanced.
9 For each feature, choose Inherited, Explicitly Granted, or Explicitly Denied
for the user or group.
10 Click OK.
Controlling administrative access
In addition to controlling access to objects and settings, you can use rights to divide
administrative tasks between functional groups within your organization. For
example, you may want people from different departments to manage their own
Crystal Enterprise users and groups. Or you may have one administrator who
handles high-level management of Crystal Enterprise, but you want all server
management to be handled by people in your IT department. With all of the tasks
facing a Crystal Enterprise administrator, it can be very helpful to delegate
responsibility to other managers and groups.
This section describes how to grant rights for managing users, groups, servers, and
server groups.
174
Crystal Enterprise Administrator’s Guide
10: Controlling User Access
Controlling access to users and groups
You can delegate user and group administration to the appropriate people in your
organization by granting specific access rights.
For example, you can grant people from different departments the rights to
manage their own users’ Crystal Enterprise content. If you have a SalesAdmin
group that includes managers from the sales department, and a SalesUser group
that contains all of the salespeople, you grant SalesAdmin the rights to view, edit,
and delete content created by members of the SalesUser group.
You can grant other users or groups administrative access to a user.
Administrative rights include: viewing, editing, and deleting the user’s objects;
viewing and deleting object instances; and pausing object instances.
Note: You cannot grant people the right to add or delete users and groups. Only
the Crystal Enterprise administrator can add or delete users and groups.
To grant access to a user or group
1 Go to the Users or Groups management area of the CMC.
2 Select the user or group you want to grant access to.
3 Click the Rights tab.
4 Click Add/Remove to add users or groups that you want to give access to the
selected user or group.
The Add/Remove page appears.
5 In the Select Operation list, select Add/Remove Groups, Add Users, or
Remove Users.
6 Select the user or group you want to grant access to the specified user or group.
In this example, the SalesAdmin group is granted access to the SalesUser group.
Tip: If you have many users on your system, select the Add Users operation;
then use the “Look for” field to search for a particular account.
Crystal Enterprise Administrator’s Guide
175
Controlling administrative access
7 Click OK.
8 On the Rights tab, change the Access Level for each user or group, as required.
9 To choose specific rights, choose Advanced.
Note: For complete details on the predefined access levels and advanced
rights, see “Rights and Access Levels” on page 413.
10 Click Update.
Controlling access to servers and server groups
You can use rights to grant people access to servers and server groups, allowing
them to perform tasks such as starting and stopping servers.
Depending on your system configuration and security concerns, you may want to
limit server management to the Crystal Enterprise administrator. However, you
may need to provide access to other people using those servers. Many
organizations have a group of IT professionals dedicated to server management. If
your server team needs to perform regular server maintenance tasks that require
them to shut down and start up servers, you need to grant them rights to the
servers. You may also want to delegate Crystal Enterprise server administration
tasks to other people. Or you may want different groups within your organization
to have control over their own server management.
To grant access to a server or server group
1 Go to the Servers or Server Groups management area of the CMC.
2 Select the server or server group you want to grant access to.
3 Click the Rights tab.
4 Click Add/Remove to add users or groups that you want to give access to the
selected server or server group.
The Add/Remove page appears.
5 In the Select Operation list, select Add/Remove Groups, Add Users, or
Remove Users.
6 Select the user or group you want to grant access to the specified server or
server group.
Tip: If you have many users on your system, select the Add Users operation;
then use the “Look for” field to search for a particular account.
7 Click OK.
8 On the Rights tab, change the Access Level for each user or group, as required.
9 To choose specific rights, choose Advanced.
Note: For complete details on the predefined access levels and advanced
rights, see “Rights and Access Levels” on page 413.
10 Click Update.
176
Crystal Enterprise Administrator’s Guide
Managing Objects
11
This chapter describes the management of objects using the
Crystal Management Console. It includes general
information that applies to all objects, and it includes
specific information about managing reports, programs,
and object packages.
Crystal Enterprise Administrator’s Guide
177
Managing objects overview
Managing objects overview
There are several types of objects that can exist in Crystal Enterprise: reports,
programs, Microsoft Excel files, Microsoft Word files, Microsoft PowerPoint files,
Adobe Acrobat PDFs, rich text format files, text files, and hyperlinks, as well as
object packages, which consist of report and/or program objects. After publishing
objects to Crystal Enterprise, you manage them through the Crystal Management
Console (CMC) by going to the Objects management area.
Tip:
• Go to the Object management area by clicking the Objects link on the CMC
Home page.
• Use folders to organize and facilitate object administration for you and your
users. For more information, see “Managing User Folders” on page 113.
This chapter is broken up into four sections:
• General object management
This section describes general object management concepts that apply to all
objects, such as moving, copying, and deleting objects. It also describes how to
search for objects, how to modify object properties, and how to set object rights
for users and groups. For details, see “General object management” on page 178.
• Report object management
This section explains report objects and instances, and how to manage them
through the Crystal Management Console (CMC). Managing report objects
includes applying processing extensions, specifying alert notification, changing
database information, updating parameters, using filters, and working with
hyperlinked reports. For details, see “Report object management” on page 184.
• Program object management
This section explains program objects and instances, and how to manage them
through the Crystal Management Console (CMC). Additionally, this section
covers type-specific program object configuration, and security considerations
for program objects. For details, see “Program object management” on page 201.
• Object package management
This section explains object packages and instances, and how to manage them
through the Crystal Management Console (CMC). Additionally, this section
explains how to create an object package and how to add objects to an object
package. For details, see “Object package management” on page 208.
General object management
To change the settings of an object and its instances, in the Crystal Management
Console (CMC), go to the Objects management area and then select an object by
clicking its link, which is located in the Object Title column. Once you have selected
your object, click the appropriate tab to change the object and instances settings.
178
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Tip: You can also manage an object by going to the Folders management area in
the CMC, selecting a folder (and any subfolders) by clicking the appropriate
link(s), and selecting the object that is located under the Object Title column.
Copying, moving, or creating a shortcut for an object
Use this procedure to copy, move, or create a shortcut to an object within Crystal
Enterprise:
• “Copy” creates another copy of the object in a different location. The new copy
of the object inherits all object rights from its new parent folder.
• “Move” changes the location of the object from one folder to another. The
object retains its original set of object rights.
• “Create shortcut” enables you to create an alternate, more convenient, access
route for an object. You can also create a shortcut to give users access to the
object when you don’t want them to access the folder that the actual object is
located in. The shortcut inherits object rights from its parent folder. However,
the shortcut object rights do not override the rights of the original object. For
example, if a user does not have rights to schedule a report, they are not able to
schedule that report even through a shortcut that allows them full rights.
To copy, move, or create a shortcut for an object
1 Go to the Objects management area of the CMC.
2 Select the check boxes associated with the object(s) you want to copy, move, or
create a shortcut for.
3 Click Copy/Move/Shortcut.
The Copy/Move/Create Shortcut page appears.
Crystal Enterprise Administrator’s Guide
179
General object management
4 Select one of the three following options:
• Copy to
• Move to
• Create shortcut in
Tip: You may want to create a shortcut if you want to give someone access to
an object without giving that user access to the entire folder that the object is
located in. After you create the shortcut, users who have access to the folder
where the shortcut is located can access this object and its instances. For more
information on folder rights, see “Specifying folder rights” on page 111.
5 Select the appropriate destination folder; then click OK.
Tip:
• To expand a folder, select it and click Show Subfolders.
• To search for a specific folder or object package, use the Look For field.
Deleting an object
This procedure explains how to delete either a single object or multiple objects.
You can also delete a folder (by selecting a folder and clicking Delete in the Folders
management area), which deletes all of the objects and instances that are stored in
that folder. As well, you have the option of deleting object instances, rather than
the object itself. For more information, see “Managing and viewing the history of
instances” on page 248.
Note: When you delete an object, all of its existing instances and scheduled
instances will be deleted.
To delete an object
1 Go to the Objects management area of the CMC.
2 Select the check boxes associated with the object(s).
3 Click Delete.
4 Click OK.
Searching for an object
The search feature enables you to search for specific text within object titles or
descriptions.
To search for an object or objects
1 Go to the Objects management area of the CMC.
2 Specify the search criteria.
In the “Search for” fields, specify the object field to search (title or description)
and the matching method to use (is, is not, contains, does not contain). In the
Text field, type the text to search for.
180
Crystal Enterprise Administrator’s Guide
11: Managing Objects
3 Click Search.
Changing properties of an object
In the Properties page of an object, you can modify an object’s title and description.
As well, you can view its file name, its location, and the date it was created. For
objects that can be scheduled (reports, programs, and object packages), you can see
the last times the object was modified and/or run.
To finalize changes, click Update. Note that once you have clicked Update, you
cannot click Reset to undo changes.
For Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Adobe Acrobat, Text,
and Rich Text objects, a View button appears on the Properties page. Provided that
you have the appropriate software installed on your browser machine, you can
click the View button to open and view the object.
Crystal Enterprise Administrator’s Guide
181
General object management
Similarly, for report objects, a Preview button appears. The Preview button enables
you to view a report on demand with all of your current report settings. Crystal
Enterprise connects to the report’s data source(s) if no cached pages are available.
To use the Preview function, the user will need to have rights at the Schedule level
or higher. (To preview a report with saved data, the user will need to have rights
at the View level or higher.) By default, administrators have rights at the Full
Control level (the highest rights setting) for all report objects. For details about
object rights, see “Setting object rights for users and groups” on page 182.
For reports, the “Show report thumbnail” check box is selected by default. If you do
not want a thumbnail preview of this report to be available in the Crystal Enterprise
web desktop or another web application, clear the Show report thumbnail check box.
Note: A thumbnail is a graphical representation of the first page of a report. If the
original report does not contain a thumbnail, then a thumbnail will not be stored
on Crystal Enterprise.
For object packages, the ”Scheduled package fails upon individual component
failure” check box is selected by default. (A component is an object in an object
package.) This means that if one of the component instances in a package fails, the
object package instance in the History will appear as Failed. If you do not want the
object package instance to fail if one of the component instances fails, clear the
“Scheduled package fails upon individual component failure” check box.
Setting object rights for users and groups
Object rights enable you to set access levels for your users and groups. You control
which folders, reports, and other objects users and groups can access using Crystal
Enterprise. You set security settings at the object level. For objects that can be
scheduled, the security settings are also reflected in the object instances object.
To facilitate administration, Crystal Enterprise includes a set of predefined rights
(“access modes”) that allow you to set common security levels quickly. These
include the following:
• Inherited Rights
• No Access
• View
• Schedule
• View On Demand
• Full Control
• Advanced
In addition to setting user and group rights for report objects from the Objects
management area, you can also set user and group rights at the folder level. When
you set rights at the folder level, these limits will be in effect for all objects that
inherit rights from the folder (including any objects found within the subfolders).
182
Crystal Enterprise Administrator’s Guide
11: Managing Objects
For detailed information on the different “access modes” for object rights and
information on inherited rights, see “Controlling users’ access to objects” on
page 142.
To add groups or users to an object’s rights settings
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Rights tab.
The Rights tab appears.
3 Click Add/Remove.
4 Select an option in the Select Operation list.
5 Select the group(s) or user(s) you would like to add or remove.
6 Click the > arrow to add the group(s) or user(s); click the < arrow to remove
the group(s) or user(s).
7 Click OK.
To change a group or user’s report rights
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Rights tab.
The Rights tab appears.
Crystal Enterprise Administrator’s Guide
183
Report object management
3 Change the access level for a group or user by selecting a right from the
appropriate list in the Access Level column; then click Update.
If you select Advanced from the list, you grant or deny granular rights from the
Advanced Rights page. For more information, see “Setting advanced object
rights” on page 146.
Report object management
This section explains report objects and instances, and how to manage them through
the Crystal Management Console (CMC). Managing report objects includes applying
processing extensions, specifying alert notification, changing database information,
updating parameters, using filters, and working with hyperlinked reports.
Note:
• When you update a report object from the CMC, your changes affect users
who schedule and view reports through Crystal Enterprise; for instance, if you
change the parameter settings for a report object in the CMC, when users
schedule and view reports through a web-based client such as the Crystal
Enterprise web desktop or a custom web application, the parameter
information will be changed for them as well. As such, if you want to update
the settings of a report object without changing the settings of the report object
and its instances permanently, then schedule the reports through the web
desktop or a custom web application. For information on the Crystal
Enterprise web desktop, see the Crystal Enterprise User’s Guide.
• Crystal Enterprise supports reports created in versions 6 through 10 of Crystal
Reports. Once published to Crystal Enterprise, reports are saved, processed,
and displayed in version 10 format.
What are report objects and instances?
A report object is an object that is created using a Crystal designer component
(such as Crystal Reports or Crystal Analysis). Report objects contain report
information (such as database fields). When you schedule a report, Crystal
Enterprise generates an instance or instances of the object. A report object can be
made available to everyone or to individuals in selected user groups.
Note: When you publish a report object to Crystal Enterprise, only the structure
of the report (the template information) is saved; that is, the published report
object contains no saved data.
Crystal Enterprise creates report instances from report objects—that is, an instance
is created when a report object is processed by the Report Job Server. Essentially,
an instance is a report object that contains report data that is retrieved from one or
more databases. Each instance contains data that is current at the time the report
or query is processed.
184
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Typically, report objects are designed such that you can create several instances with
varying characteristics. You can schedule a report object to have several instances.
For example, if you run a report object with parameters, you can schedule one
instance that contains report data that is specific to one department and schedule
another instance that contains information that is specific to another department,
even though both instances originate from the same report object. For more
information about scheduling, see “Scheduling objects overview” on page 212.
Changes that are made to the report object affect future scheduled instances. These
changes also affect instances that users schedule through a Crystal Enterprise
application, such as the Crystal Enterprise web desktop or a custom web application.
Setting report refresh options
You can set report refresh options that determine which settings of a report object
are updated when you refresh it in Crystal Enterprise.
When you refresh a report object, Crystal Enterprise compares the report object
stored in Crystal Enterprise with the original .rpt file stored in the Input File
Repository. Crystal Enterprise deletes or adds report elements in the report object
to make it match the .rpt file, overwriting any changes you’ve made in Crystal
Enterprise. Where report elements are the same in the source report and the report
object, the report refresh settings allow you to control which settings in the report
object are updated with values from the source .rpt file.
For example, if a prompt appears only in the source .rpt file, then refreshing the
report adds the prompt to the report object. This holds true no matter which report
refresh options you select.
If a prompt appears in both the source .rpt and the report object and you have
selected the “Prompt Values” option, then Crystal Enterprise updates the default
value of the prompt in the report object. Any changes that you have made to the
default value of the parameter in Crystal Enterprise are overwritten.
To preserve your changes to the values of report elements when you refresh a
report, clear the appropriate report refresh option.
Note:
• If you select Prompt Values, Crystal Enterprise ensures that changes to either
the default value of a prompt or to the current value of a prompt are updated
in the report object when the report is refreshed.
• If you select Prompt Options, Crystal Enterprise ensures that changes to the
metadata describing a prompt is updated in the report object. For example,
“Can be null” is a prompt option.
• If you select “Use Object Repository when refreshing report”, repository
objects in the report object will be refreshed against the repository. For more
information, see “Refreshing repository objects in published reports” on
page 258.
Crystal Enterprise Administrator’s Guide
185
Report object management
To set a report object’s refresh options
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 On the Properties page, click the Refresh Options link.
3 Choose the report elements that you want to refresh from the source report file.
4 Click Refresh Report.
Setting report viewing options
The report viewing options available in Crystal Enterprise allow you to balance
users’ need for up-to-date information with the need to optimize data retrieval
times and overall system performance.
Crystal Enterprise allows you to enable data sharing, which permits different users
accessing the same report object to use the same data when viewing or refreshing
a report. Enabling data sharing reduces the number of database calls, thereby
reducing the time needed to generate a report instance for subsequent users of the
same report, while greatly improving overall system performance under load.
You can control data sharing settings on either a per-report or a per-server basis. If
you specify which servers a report uses for viewing, you can use per-server
settings to standardize data sharing settings for groups of reports, and centrally
administer these settings. (See “Specifying servers for viewing and modification”
on page 187.) Per-report settings permit you to specify that particular reports will
not share data. They also allow you to tailor the data sharing interval for each
report to meet the needs of that report’s users. In addition, per-report settings
enable you to decide on a report-by-report basis whether it is appropriate to allow
users to access the database whenever they refresh reports.
Data sharing may not be ideal for all organizations, or for all reports. To get full
value from data sharing, you must permit data to be reused for some period of
time. This means that some users may see “old” data when they view a report on
demand, or refresh a report instance that they are viewing.
The default report viewing options for Crystal Enterprise emphasize data
freshness and integrity. By default, when you add a report to Crystal Enterprise it
is configured to use per-server settings for report sharing. The default server
settings ensure that users always receive up-to-date information when they refresh
a report, and guarantee that the oldest data given to any user is 0 minutes old. If
you choose to enable per-report settings, the default settings allow data sharing,
allow a viewer refresh to retrieve fresh data from the database, and ensure that the
oldest data given to a client is 5 minutes old.
Tip: Disabling the sharing of report data between clients is not the same as setting
the “Oldest on-demand data given to a client” to 0 minutes. Under high load, your
system may receive more than one request for the same report instance at the same
186
Crystal Enterprise Administrator’s Guide
11: Managing Objects
time. In this case, if the data sharing interval is set to 0 but the “Share report data
between clients” option is enabled, Crystal Enterprise shares data between the
client requests. If it is important that data not be shared between different clients
(for example, because the report uses a User Function Library (UFL) that is
personalized for each user), disable data sharing for that report.
For details on setting report viewing options on a per-server basis, see:
• “Modifying Cache Server performance settings” on page 301
• “Modifying Page Server performance settings” on page 304
• “Modifying performance settings for the RAS” on page 308
For more information on configuring Crystal Enterprise to optimize report
viewing in your system, see the planning chapter in the Crystal Enterprise
Installation Guide.
To set report viewing options for a report
1 In the Objects management area of the CMC, select a report by clicking its link.
2 Click the Process tab.
3 In the “Data Refresh for Viewing” area, click “Use report specific viewing
settings.” Then select the options that you want to set for this report.
4 Click Update.
Specifying servers for viewing and modification
You can specify the default Cache Servers, Page Servers, or Report Application
Servers that Crystal Enterprise will use when a user views or modifies a report.
When specifying your servers, you have three options:
• Use the first available server.
• Use the servers that belong to a selected group first (and, if the servers from
that group aren’t available, use any available server).
• Use only servers that belong to a specific group.
By selecting a particular server or server group, you can balance the load of your
viewing, as specific reports can be processed using specific servers. You must first
create server groups by going to the Server Groups management area in the CMC
before you are able to select servers that belong to a selected group. You can also
set the maximum number of jobs a server will accept. For more information, see
“Modifying Cache Server performance settings” on page 301, “Modifying Page
Server performance settings” on page 304, or “Modifying performance settings for
the RAS” on page 308.
Note:
• If you choose the “Use the first available server” option, the Crystal
Management Server (CMS) will check the servers to see which one has the
lowest load. The CMS does this by checking the percentage of the maximum
Crystal Enterprise Administrator’s Guide
187
Report object management
load on each server. If all of the servers have the same load percentage, then
the CMS will randomly pick a server.
• See “Specifying servers for scheduling” on page 212 for information on
specifying Job Servers used to schedule an object.
To specify the servers to use for a report object
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Process tab.
3 In the “Default Servers To Use For Viewing” area, choose from one of the three
options:
• Use the first available server
Crystal Enterprise will use the server that has the most resources free at the
time of viewing.
• Give preference to servers belonging to the selected group
Select a server group from the list. This option will attempt to process the
object from the servers that are found within your server group. If the
specified servers are not available, then the object will be processed on the
next available server.
• Only use servers belonging to the selected group
This option ensures that Crystal Enterprise will only use the specified
servers that are found within the selected server group. If all of the servers
in the server group are unavailable, then the object will not be processed.
4 Click Update.
188
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Applying processing extensions to reports
Crystal Enterprise supports the use of customized processing extensions. A
processing extension is a dynamically loaded library of code that applies your
business logic to particular Crystal Enterprise view or schedule requests before they
are processed by the system. This section shows how to register your processing
extension with Crystal Enterprise, and how to apply an available processing
extension to a particular report object.
For general information about processing extensions and how you can use them to
customize report processing and security, see “Processing extensions” on page 56.
For information on writing your own processing extensions with the Processing
Extension API, see the developer documentation available on your product CD.
Note: On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded
libraries are often referred to as shared libraries (.so file extension). You must
include the file extension when you name your processing extensions. Also, file
names cannot include the \ or / characters.
Registering processing extensions with the system
Before you can apply your processing extensions to particular objects, you must
make your library of code available to each machine that will process the relevant
schedule or view requests. The Crystal Enterprise installation creates a default
directory for your processing extensions on each Job Server, Page Server, and
Report Application Server (RAS). It is recommended that you copy your
processing extensions to the default directory on each server. On Windows, the
default directory is C:\Program Files\Crystal Decisions\Enterprise
10\win32_x86\ProcessExt. On UNIX, it is the crystal/processext directory.
Tip: It is possible to share a processing extension file. For details, see “Sharing
processing extensions between multiple servers” on page 191.
Depending upon the functionality that you have written into the extension, copy
the library onto the following machines:
• If your processing extension intercepts schedule requests only, copy your
library onto each machine that is running as a Job Server.
• If your processing extension intercepts view requests only, copy your library
onto each machine that is running as a Page Server or RAS.
• If your processing extension intercepts schedule and view requests, copy your
library onto each machine that is running as a Job Server, Page Server, or RAS.
Note: If the processing extension is required only for schedule/view requests
made to a particular Server Group, you need only copy the library onto each
processing server in the group.
Crystal Enterprise Administrator’s Guide
189
Report object management
To register a processing extension with the system
1 Go to the Objects management area of the CMC.
2 Click Object Settings.
3 In the Name field, type a display name for your processing extension.
4 In the Location field, type the file name of your processing extension along
with any additional path information:
• If you copied your processing extension into the default directory on each
of the appropriate machines, just type the file name (but not the file
extension).
• If you copied your processing extension to a subfolder below the default
directory, type the location as: subfolder/filename
Note: Although the actual file name must include the .dll or .so extension (as
appropriate to the server’s operating system), you must not include the file
extension in the Location field.
5 Use the Description field to add information about your processing extension.
6 Click Add.
Tip: You can now select this processing extension to apply its logic to particular
objects.To delete a processing extension, select its check box and click Delete.
(Make sure that no recurring jobs are based on this processing extension
because any future jobs based on this processing extension will fail.)
Selecting a processing extension for a report
1 Go to the Objects management area of the CMC.
2 Click the link to the report object that you want to apply your processing
extension to.
190
Crystal Enterprise Administrator’s Guide
11: Managing Objects
3 Click the object’s Process tab and then click the Filters link.
4 Select your processing extension in the Available Processing Extensions list.
Note: Your processing extensions appear in this list only after you have
registered them with the system.
5 Click Add.
Tip: You may apply more than one processing extension to a report object.
Repeat steps 4 and 5 for each processing extension; then use the up and down
arrows to specify the order in which the processing extensions should be used.
6 Click Update.
Your processing extension is now enabled for this report object.
Sharing processing extensions between multiple servers
If you want to put all processing extensions in a single location, you can override
the default processing extensions directory for each Job Server, Page Server, and
RAS. First, copy your processing extensions to a shared directory on a network
drive that is accessible to all of the servers. Map (or mount) the network drive from
each server’s machine.
Note: Mapped drives on Windows are valid only until you reboot the machine.
For details, see “Ensuring that server resources are available on local drives” on
page 404.
If you are running servers on both Windows and on UNIX, you must copy a .dll
and an .so version of every processing extension into the shared directory. In
addition, the shared network drive must be visible to Windows and to UNIX
machines (through Samba or some other file-sharing system).
Crystal Enterprise Administrator’s Guide
191
Report object management
Finally, change each server’s command line to modify the default processing
extensions directory. Do this by adding “-report_ProcessExtPath <absolute
path>” to the command line. Replace <absolute path> with the path to the new
folder, using whichever path convention is appropriate for the operating system
that the server is running on (for example, M:\code\extensions, /home/shared/code/
extensions, and so on).
The procedure for making this modification depends upon your operating system:
• On Windows, use the CCM to stop the server. Then open the server’s
Properties to modify the command line. Start the server again when you have
finished.
• On UNIX, run ccm.sh to stop the Report Job Server/Page Server. Then edit
ccm.config to modify the server’s command line. Start the server again when
you have finished. For reference, see “ccm.sh” on page 436.
Specifying alert notification
Alerts are custom messages, created in Crystal Reports, that appear when certain
conditions are met by data in a report. Alerts may indicate action to be taken by the
user or information about report data. If the alert condition (as defined in Crystal
Reports) is true, the alert is triggered and its message is displayed.
In Crystal Enterprise, you can choose to send alert notification when scheduling a
report. If you enable alert notification, messages are sent through an SMTP server.
You can configure email delivery options, specify the “To,” “Cc,” and “From”
fields for the email, add subject and message information, set a URL for the viewer
you want the email recipient to use, and set the maximum number of alert records
to send.
Note:
• The Alert Notification link is available only if the report object contains alerts.
• Alerts are triggered in the report object even if you disable alert notification.
• To enable alert notification, you must also ensure that the Report Job Server’s
SMTP Destination is enabled and configured. For details, see “Setting the
default email (SMTP) destination” on page 312.
To set alert notification
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Schedule tab, and then click the Alert Notification link.
The Alert Notification page appears.
192
Crystal Enterprise Administrator’s Guide
11: Managing Objects
3 Clear the Enable alert notification check box if you do not want to send an
alert notification.
4 Select either Use the Crystal Job Server’s defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will deliver the alert notification
using the Report Job Server’s default settings. You can change these settings in
the Servers management area. For more information, see “Setting default
scheduling destinations for Job Servers” on page 309.
If you select the second option, you can specify the email settings:
• From
Type a return address or distribution list.
• To
Type the addresses or distribution list that you wish to send the report to.
Crystal Enterprise Administrator’s Guide
193
Report object management
• Cc
Type the addresses or distribution list that you wish to send a copy of the
alert notification to.
• Subject
Complete the subject field.
• Message
Type a short message, if required.
Note: Separate multiple addresses or distribution lists using semicolons.
5 Type the URL for the viewer in which you want the email recipient to view the
report. Alternatively, you can select the default viewer by clicking Use default.
The viewer URL appears in the hyperlink that is sent in the alert notification
email. You can set the default URL by clicking Object Settings on the main page
of the objects management area of the CMC. For more information, see the
developer documentation available on your product CD.
Note: You must use World Wide Web Consortium (W3C) URL encoding when
typing the viewer URL. For example, replace spaces in the path with %20. For
more information, see http://www.w3.org/
6 Type the maximum number of alert records to be included in the alert
notification.
The hyperlink in the alert notification displays a report page that contains the
records that triggered the alert. Use this field to limit the number of records
displayed.
Tip: The Alert Name and Status fields are set in Crystal Reports.
7 Click Update.
Changing database information
You can select your database type and set the default database logon information
on the Database page for a report. The Database page displays the data source or
data sources for your report object and its instances. You can choose to prompt the
user for a logon name and password when he or she views a report instance.
To change database settings
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Process tab, and then click the database link.
194
Crystal Enterprise Administrator’s Guide
11: Managing Objects
The Database page appears.
3 In the Data Source(s) list, select the data source.
4 Select Use original database logon information from the report or Use
custom database logon information specified here.
If you select the first option, you can specify a user name and password to be
used with the original report database.
If you select the second option, you can specify a server name (or a DSN in the
case of an ODBC data source), a database name, a user name, and a password
for a number of predefined database drivers, or for a custom database driver
that you’ve specified. If you’ve changed the default table prefix in your
database, specify a custom table prefix here.
The predefined database drivers include: ODBC drivers and native Oracle,
DB2, Sybase, and Informix drivers.
Crystal Enterprise Administrator’s Guide
195
Report object management
5 Select the Prompt the user for database logon when viewing check box if you
want users to be prompted for a password when they refresh a report after
viewing it once.
Note: This option has no effect on a scheduled instance. Also, Crystal
Enterprise only prompts users when they first refresh a report; that is, if they
refresh the report a second time, they will not be prompted.
6 Click Update.
Updating parameters
Parameter fields (with preset values) enable users to view and to specify the data
that they want to see. If a report contains parameters, you can set the default
parameter value for each field or fields (which is used whenever a report instance
is generated). Through a Crystal Enterprise application such as the Crystal
Enterprise web desktop, your users are either able to use the report with the preset
default value(s) or choose another value or values. If you do not specify a default
value, users will have to choose a value when they schedule the report.
Note: The Parameters link is available only if the report object contains parameters.
To view parameter settings
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Process tab, and then click the Parameters link.
3 Under the Value column, select the value associated with the parameter you
want to change.
A page opens that allows you to change the parameter value. Depending on the
parameter value type, you either type a value in the field or choose a value from
a list. If there is a list, you can also click Edit to type a new value.
196
Crystal Enterprise Administrator’s Guide
11: Managing Objects
4 Select the Clear the current parameter value(s) check box if you want to clear
the current value that is set for the specified parameter.
5 Select the Prompt the user for new value(s) when viewing check box if you
want your users to be prompted when they view a report instance through a
Crystal Enterprise application such as the Crystal Enterprise web desktop.
6 Click Submit.
Using filters
In the Filters page, you set the default selection formulas for the report. Selection
formulas are similar to parameter fields in that they are used to filter results so that
only the required information is displayed. Unlike parameters, end users will not
be prompted for selection formula values when they view or refresh the report.
When users schedule reports through a web-based client such as the Crystal
Enterprise web desktop, they can choose to modify the selection formulas for the
reports. By default, if any formulas are set in the CMC, they will be used by the
web-based client. For more information on selection formulas, see the Crystal
Reports User’s Guide.
In addition to changing selection formulas, if you have developed your own
processing extensions, you can select the processing extensions that you want to
apply to your report. For more information, see “Applying processing extensions
to reports” on page 189. When you use filters in conjunction with processing
extensions, a subset of the processed data is returned. Selection formulas and
processing extensions act as filters for the report.
Crystal Enterprise Administrator’s Guide
197
Report object management
To use filters
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Process tab, and then click the Filters link.
The Filters page appears.
3 Update or add new selection formulas.
• Record Selection Formula
Use the Record Selection Formula to create or edit a record selection
formula or formulas that limit the records used when you or a user
schedules a report.
• Group Selection Formula
Use the Group Selection Formulas to create or edit a group selection
formula or formulas that limit the groups used when you or a user
schedules a report.
4 In the processing extensions area, where appropriate, select a processing
extension from the Available Processing Extensions list and then click Add.
5 Click Update.
198
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Working with hyperlinked reports
Crystal Reports lets you use hyperlinks to navigate from one report object to
another. You can move to a Report Part within the report itself, to other report
objects or their parts, or to specific instances of reports or Report Parts. This
navigation is available only in the new script-based DHTML viewers (zero-client,
server-side viewers) included in Crystal Enterprise 10. By linking directly from one
object to another, the required data context is passed automatically so that you
navigate to the object and data that is relevant.
Initially, when you add hyperlinks between reports in Crystal Reports, you create
a link from one file directly to another. However, when you publish linked report
files simultaneously to the same object package, the links are modified to point to
managed report objects. (Each link is changed, so that it references the appropriate
destination report by Enterprise ID, rather than by file path.) Also, the modified
links become relative inside the object package. When you schedule the object
package, Crystal Enterprise processes its reports, and again modifies hyperlinks
within each report instance: hyperlinks between report objects in an object package
are converted to hyperlinks between report instances in a specific instance of the
object package. For more information on object packages, see “Scheduling objects
in batches” on page 232.
To view hyperlinked reports, you must publish both the home and destination
reports to the same Crystal Enterprise system. (A home report is one that contains
a hyperlink to another report: the destination report.)
Note: For information about how to create hyperlinks between report objects, see
the Crystal Reports Online Help.
Publishing and hyperlinking reports
The most efficient way to hyperlink between published reports is first to publish
the individual reports, then create the hyperlinks between them. To do so, create
the reports—without hyperlinks—in Crystal Reports, and publish them to Crystal
Enterprise. Next, use Crystal Reports to log on to your Crystal Enterprise system
and create the hyperlinks between the home and destination reports. (For details,
see the Crystal Reports Online Help.) Crystal Reports automatically determines what
type of link—relative or absolute—to establish between the reports. In Crystal
Enterprise, relative links are those between reports in the same object package, and
absolute links are links to specific report objects or instances.
Publishing reports with existing hyperlinks
The recommended method for creating hyperlinked reports is first to publish the
individual reports, then create hyperlinks between them. However, because this is
not always possible, this section explains how to publish reports after they have
been hyperlinked.
Crystal Enterprise Administrator’s Guide
199
Report object management
Depending on how you choose to publish hyperlinked reports to Crystal Enterprise,
existing hyperlinks between reports may be broken or modified. To preserve
existing hyperlinks between reports, you must use the Crystal Publishing Wizard to
publish the reports (that are linked to each other) to the same object package. When
you publish reports this way, the hyperlinks are converted to relative links.
If you publish hyperlinked reports independently of each other, rather than
publishing them simultaneously to the same object package, all hyperlinks
between the reports will break. You must re-establish the links using Crystal
Reports and save the report back to Crystal Enterprise. (For more information, see
the Crystal Reports Online Help.)
Viewing hyperlinks in a report
You can view a list of the links in a report by clicking the Links link on the report’s
Properties page. The links are listed as either relative or absolute. In Crystal
Enterprise, relative links are those between reports in the same object package, and
absolute links are links to specific report objects or instances.
To view a list of links in a report object
1 In the Objects management area of the CMC, select the report object by
clicking its link.
2 Click the Properties tab, and then click the Links link.
The Links page appears.
Viewing hyperlinked reports
Crystal Enterprise supports navigation between hyperlinked reports only with
script-based viewers, specifically the DHTML and Advanced DHTML viewers in
the Crystal Enterprise web desktop. To change your preferred viewer in the CMC,
click the Preferences button in the upper-right corner of the CMC, and select the
appropriate viewer from the Viewer list. For information on how to change your
preferred viewer, see the Crystal Enterprise User’s Guide.
Parameter information is not carried over between the home and destination reports.
That is, when you view a destination report by clicking a hyperlink in a home report,
you are prompted to enter any parameters that the destination report requires.
Security considerations
To view hyperlinked reports through Crystal Enterprise, you must have the
appropriate rights both in Crystal Enterprise and at the database level.
In Crystal Enterprise, to view a destination report through a hyperlink in a home
report, you must have View rights to the destination report. When the hyperlink
points to a report object, you must have View On Demand rights to be able to
refresh the data against the data source. For information about setting the levels of
access to objects, see “Setting common access levels” on page 144.
200
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Database logon information is carried over between hyperlinked reports. If the
credentials you specified to view the home report are not valid for the destination
report, you are prompted for a valid set of database logon credentials for the
destination report.
Program object management
This section explains program objects and instances, and how to manage them
through the Crystal Management Console (CMC). Additionally, this section covers
type-specific program object configuration, and security considerations for
program objects.
What are program objects and instances?
A program object is an object in Crystal Enterprise that represents an application.
Publishing a program object to Crystal Enterprise allows you to use Crystal
Enterprise to schedule and run the program object and to manage user rights in
relation to the program object. For information about publishing program objects,
see “Publishing overview” on page 116.
When you publish a program object or its associated files to Crystal Enterprise, they
are stored in the File Repository Server (FRS). Each time a Crystal Enterprise program
runs, the program and files are passed to the Program Job Server, and Crystal
Enterprise creates a program instance. Unlike report instances, which you can view
in their completed format, program instances exist as records in the object history.
Crystal Enterprise stores the program’s standard out and standard error in a text
output file. This file appears when you click a program instance in the object History.
Three types of applications can be published to Crystal Enterprise as program objects:
• Executable
Executable programs are binary files, batch files, or shell scripts. They generally
have file extensions such as: .com, .exe, .bat, .sh. You can publish any executable
program that can be run from the command line on the machine that runs the
Program Job Server.
• Java
You can publish any Java program to Crystal Enterprise as a Java program
object. For Java program objects to have access to Java SDK objects, your class
must implement the IProgramBase interface from the Crystal Enterprise Java
SDK (com.crystaldecisions.sdk.plugin.desktop.program.IProgramBase). For
details, see the Crystal Enterprise Java SDK Guide.
• Script
Script program objects are JScript and VBScript scripts. They are run on Windows
using an embedded COM object and can—once published—reference the Crystal
Enterprise SDK objects. For details, see the Crystal Enterprise COM SDK Guide.
Note: Script program objects are not supported on UNIX.
Crystal Enterprise Administrator’s Guide
201
Program object management
Note: As the administrator, you can choose to enable or disable any of the types of
program objects. For details, see “Authentication and program objects” on
page 206.
Once you have published a program object to Crystal Enterprise, you can
configure it in the Objects management area of the CMC. For each type of program
object (Executable, Java, or Script) you can choose to specify command-line
arguments and a working directory. For executable and Java programs, there are
additional ways, both required and optional, to configure the program objects and
provide them with access to other files.
Tip: Program objects allow you to write, publish, and schedule scripts or Java
programs that run against Crystal Enterprise, and perform maintenance tasks,
such as deleting instances from the history. Furthermore, you can design these
scripts and Java programs to access Crystal Enterprise session information. This
ensures that the scheduled program objects retain the security rights or restrictions
of the user who scheduled the job. (Your scripts or java programs require access to
the Crystal Enterprise SDK. For details, see the Crystal Enterprise COM SDK Guide
or the Crystal Enterprise Java SDK Guide.)
Specifying command-line arguments
For each program object that you publish to Crystal Enterprise, you can specify
command-line arguments on the Parameters page of the CMC’s Objects
management area. You can specify any argument that is supported by the
command-line interface for your program. Arguments are passed directly to the
command-line interface, without parsing.
To specify command-line arguments
1 In the Objects management area of the CMC, select the program object by
clicking its link.
2 Click the Process tab, then click the Parameters link.
The Parameters page appears.
3 In the Arguments field, type the command-line arguments for your program,
using the same format you would use at the command line itself.
For example, if your program has a loops option, to set the loops value to 100,
you might type -loops 100
Setting a working directory for a program object
By default, when a program object runs, Crystal Enterprise creates a temporary
subdirectory in the Program Job Server’s working directory, and uses this
subdirectory as the working directory for the program. The subdirectory is
automatically deleted when the program finishes running.
202
Crystal Enterprise Administrator’s Guide
11: Managing Objects
You can specify an alternative working directory for the program object by
modifying the Working Directory field on the Parameters page of the object. Or, you
can modify the default setting for the working directory for the Program Job Server.
Note: The account under which the program runs must have appropriate rights to
the folder that you set as the working directory. The level of file permissions
required depend on what the program does; however, the program’s account
generally needs read, write, and execute permissions to the working directory.
For information about setting credentials for an account under which a program
object will run, see “Authentication and program objects” on page 206
To set a working directory for a program object
1 In the Objects management area of the CMC, select the program object by
clicking its link.
2 Click the Process tab, then click the Parameters link.
The Parameters page appears.
3 In the Working Directory field, type the full path to the directory that you
want to set as the program object’s working directory.
For example, on Widows, if you created a working directory named
working_directory, type C:\working_directory
On UNIX, type /working_directory
To modify the default working directory for the Program Job Server
1 Go to the Servers management area of the CMC.
2 Click the link for Program Job Server.
The Properties page appears.
3 In the Temp Directory field, type the full path to the directory you want to set
as the working directory for the Program Job Server.
Configuring executable programs
When you publish an executable program object to the CMC, you can configure it
by providing access to external or auxiliary files either by specifying the full paths
to the files (if the files are on the same machine as the Program Job Server) or by
uploading the files. In the CMC, you can also customize environment variables for
the shell in which Crystal Enterprise runs the program.
When you publish an executable program object to the CMC, you can configure it
by providing it with access to other files. In the CMC, you can also customize
environment variables for the shell in which Crystal Enterprise runs the program.
Crystal Enterprise Administrator’s Guide
203
Program object management
Providing executable programs with access to other files
Some binary files, batch files, and shell scripts require access to external or auxiliary
files to run. Aside from setting a working directory for the program object, there are
two ways to provide access to these files. If a required file is on the same machine
as the Program Job Server, you can specify the full path to the file. Alternatively, if
the file is not located on the Program Job Server, you can upload the file to the File
Repository Server, which will pass the files to the Program Job Server as necessary.
To specify paths to required files
1 In the Objects management area of the CMC, select the executable program
object by clicking its link.
2 Click the Process tab, then click the Parameters link.
The Parameters page appears.
3 In the External Dependencies field, type the full path to the required file and
click Add.
4 Repeat step 3 for each file required.
Tip: To edit or remove external dependencies that you have specified, select the
file path (in the list of external dependencies on the Parameters page) and click the
appropriate button, either Edit or Remove.
To upload required files
1 In the Objects management area of the CMC, select the executable program
object by clicking its link.
2 Click the Process tab, then click the Auxiliary Files link.
The Auxiliary Files page appears.
3 Click Browse to navigate to the required file, then click Add File.
4 Repeat step 3 for each required file.
Tip: To remove auxiliary files that you have specified, select the file(s) (in the list
of external dependencies on the Parameters page) and click Remove File(s).
Specifying environment variables
In the CMC, you can configure your program by adding or modifying environment
variables. Modifications to an existing environment variable override this variable,
rather than append to it. Any changes you make to environment variables exist
only in the temporary shell in which Crystal Enterprise runs the program. Thus,
when the program exits, the environment variables are destroyed.
To add an environment variable
1 In the Objects management area of the CMC, click the link for the program object.
204
Crystal Enterprise Administrator’s Guide
11: Managing Objects
2 Click the Process tab, then click the Parameters link.
The Parameters page appears.
3 In the Environment Variables field, type the environment variables you want
to set.
Use the form name=value, where name is the environment variable name and
value is the value for the environment variable. For example, you can set the
path variable to append a user’s bin directory to the existing path:
• On Windows, you might type: path=%path%;c:\usr\bin
• On UNIX, you might type:PATH=$PATH:/usr/bin
Note: Crystal Enterprise sets your environment variables using the syntax that
is appropriate for your operating system. However, on UNIX you must follow
convention, and use the appropriate case. For example, all name values on
UNIX must be typed in upper-case.
Tip: To edit or remove environment variables that you have specified, select the
variable (in the list of environment variables on the Parameters page), and click the
appropriate button, either Edit or Remove.
Configuring Java programs
To successfully schedule and run Java programs in Crystal Enterprise, you must
specify the required parameters for the program object. Additionally, you can
provide the Java program with access to other files located on the Program Job
Servers, and you can specify Java Virtual Machine options.
Setting required parameters for Java programs
To successfully schedule and run a Java program, you must provide Crystal
Enterprise with the base name of the .class file that implements the IProgramBase
interface from the Crystal Enterprise Java SDK.
Note: The Java Runtime Environment must be installed on each machine that is
running a Program Job Server.
To specify required parameters for Java programs
1 In the Objects management area of the CMC, click the link for the Java
program object.
2 Click the Parameters tab.
The Parameters page appears.
3 In the Class to run field, type the base name of the .class file that implements
the IProgramBase from the Crystal Enterprise Java SDK
(com.crystaldecisions.sdk.plugin.desktop.program.IProgramBase).
For example, if the file name is Arius.class, type Arius
Crystal Enterprise Administrator’s Guide
205
Program object management
Providing Java programs with access to other files
You can provide Java programs with access to files, such as Java libraries, located
on the Program Job Server.
To provide Java programs with access to other files
1 In the Objects management area of the CMC, click the link for the Java
program object.
2 Click the Process tab, then click the Parameters link.
The Parameters page appears.
3 In the Classpath field, type the full paths to the locations of any Java library
files that are required by the Java program, and stored on the Program Job
Server.
You must separate multiple paths with the classpath separator that is
appropriate to your operating system: a semi-colon for Windows, a colon for
UNIX.
Authentication and program objects
Be aware of the potential security risks associated with the publication of program
objects. As the administrator, you must protect the system against abuse. The level
of file permissions for the account under which a program object runs will
determine what modifications, if any, the program can make to files.
You can control the types of program objects users can run, and you can configure
the credentials required to run program objects.
Enabling or disabling a type of program object
As a first level of security, you can configure the types of program objects available
for use.
To enable or disable a type of program object
1 In the Objects management area of the CMC, click Object Settings.
2 Click the Program Objects tab.
3 Select the type or types of program objects you want users to run.
Authentication on all platforms
In the Objects management area of the CMC, you must specify credentials for the
account under which the program runs. This feature allows you, the administrator,
to set up a specific user account for the program, and assign it appropriate rights,
to have the program object run as that account. For details, see “Controlling users’
access to objects” on page 142. Alternatively, users who publish program objects to
206
Crystal Enterprise Administrator’s Guide
11: Managing Objects
Crystal Enterprise can assign their own credentials to a program object, to give the
program access to the system. Thus, the program will run under that user account,
and the rights of the program will be limited to those of the user. If you choose not
to specify a user account for a program object, it runs under the default system
account, which generally has rights locally but not across the network.
Note: By default, when you schedule a program object, the job fails if credentials
are not specified. To provide default credentials, click Object Settings in the
Objects management area, then click the Program Objects tab. Click “Schedule
with the following operating system credentials” and provide a default user name
and password.
To specify a user account for a program object
1 In the Objects management area of the CMC, click the link for the program
object.
2 Click the Process tab, then click the Logon link.
The Logon page appears.
3 In the User Name and Password fields, type the credentials for the user
account under which the program should run.
4 Click Update.
Authentication for Java programs
Crystal Enterprise allows you to set security for all program objects. For Java
programs, Crystal Enterprise forces the use of a Java Policy File, which has a
default setting that is consistent with the Java default for unsecure code. Use the
Java Policy Tool (available with the Java Development Kit) to modify the Java
Policy File, to suit your specific needs.
The Java Policy Tool has two code base entries. The first entry points to the Crystal
Enterprise Java SDK and allows program objects full rights to all Crystal Enterprise
JAR files. The second code base entry applies to all local files. It uses the same
security settings for unsecure code as the Java default for unsecure code.
Note:
• The settings for the Java Policy are universal for all Program Job Servers
running on the same machine.
• By default, the Java Policy File is installed to the Java SDK directory in the
Crystal Enterprise install root directory. For example, a typical location on
Windows is:
C:\Program Files\Crystal Decisions\Enterprise 10\JavaSDK\crystalprogram.policy
On Unix, a typical location is
.../solaris_install/crystal/enterprise/JavaSDK/crystal-program.policy
Crystal Enterprise Administrator’s Guide
207
Object package management
Object package management
This section explains object packages and instances, and how to manage them
through the Crystal Management Console (CMC). Additionally, this section
explains how to create an object package and how to add objects to an object
package.
Related topics
• “Scheduling objects in batches” on page 232
• “Publishing overview” on page 116
What are object packages, components, and instances?
Object packages function as distinct objects in Crystal Enterprise. Think of them as
folders you can schedule, along with all of their contents.
Object packages can be composed of any combination of report and program
objects that are published to the Crystal Enterprise system. (Non-Crystal
Enterprise objects, such as Excel, Word, Acrobat, Text, Rich Text, PowerPoint, and
Hyperlink objects, cannot be added to object packages.) The objects within an
object package are called object package component objects. Placing multiple
component objects in a single object package allows you to schedule them
simultaneously. For reports, object packages allow users to view synchronized
data across reports. Component objects are not autonomous. They have more
limited configuration options than other objects, and they do not appear in the list
of all objects on the first page of the Objects management area of the CMC. Rather,
you can only view them by opening their object package.
Crystal Enterprise creates an object package instance each time it runs an object
package. The object package instance contains individual instances of each of its
component objects. Component instances are tied to object package instances,
rather than to component objects. For example, if you run an object package, and
thereby create an instance, then remove a report object from the object package, the
existing object package instance does not change; it still contains the report
instance from the report object that you removed. Future instances of the object
package, however, will reflect the change.
For hyperlinked report instances in object package instances, the hyperlinks point
to the other report instances in the same object package instance. For details about
hyperlinked reports, see “Working with hyperlinked reports” on page 199.
Creating an object package
1 Go to the Objects management area of the CMC.
2 Click New Object, then click the Object Package tab.
The Object Package tab appears.
208
Crystal Enterprise Administrator’s Guide
11: Managing Objects
3 In the Title field, type the name of the object package you want to create.
4 In the Description field, type a description of the object package.
This field is optional.
5 Ensure the correct folder name appears in the Destination field.
Note: You cannot place object packages in the top level folder or inside other
object packages.
Tip:
• To expand a folder, select it and click Show Subfolders.
• To search for a specific folder, use the Look For field.
6 Click OK.
Note: When the object package has been added to the system, the CMC
displays the Properties page. You can now modify the properties, contents,
scheduling information, destination, user rights, object settings, and
notification for the object package.
Adding objects to an object package
In the CMC, after you have created an object package, you can add report and/or
program component objects to it. You can add previously unpublished objects
directly to the object package, or you can copy existing objects into the object package.
You can only move copies of existing objects into the object package, or between object
packages; you cannot move the existing objects themselves. For details on copying
objects, see “Copying, moving, or creating a shortcut for an object” on page 179.
When you copy an object into an object package, the component object retains the
same settings as the original object. However, once you create the copy of the
original object inside the object package, the component and the original are
separate entities. Changes in one object are not reflected in the other.
Note: You publish objects to new or existing object package using the Crystal
Publishing Wizard. For details, see “Publishing with the Crystal Publishing
Wizard” on page 117.
To publish a new object directly to an object package
1 In the Objects management area of the CMC, view an object package by
clicking its link.
2 Click the Objects tab, then click the New Object button.
3 A list of object tabs appears. Note that you can add only report objects or
program objects to an object.
4 Click the appropriate tab, Report or Program.
5 Specify the file name or, or click browse to navigate to the object you want to
publish.
Crystal Enterprise Administrator’s Guide
209
Object package management
6 Set the appropriate properties.
• For reports, set whether to generate a thumbnail for the report, and
whether to use the Object Repository when refreshing the report.
• For programs, set the program type: Executable, Java, or Script.
7 Click OK.
Configuring object packages and component objects
You can configure object packages as described in “General object management”
on page 178. Additionally, you can, and in some cases you must, configure each
component object individually. For example, you must set logon credentials and
parameters for each component object individually, rather than at the object
package level.
Component objects inside an object package have the same functionality as they
would outside of the object package, regardless of limitations of the object
package. For example, with respect to notification, object packages support only
event notification; however, you can set audit, email, and event notification for the
individual component objects inside the object package. For report objects in object
packages, processing extensions and alert notification are both supported.
However, again, these do not apply to the object package as a whole.
In contrast, you cannot set destinations or server groups for component objects.
You can only set these at the object package level. For details on setting
destinations, see “Selecting a destination” on page 237. For details on setting server
groups for objects, see “Specifying servers for scheduling” on page 212.
On the Properties page of an object package, the ”Scheduled package fails upon
individual component failure” check box is selected by default. This means that if
one of the component instances in a package fails, the object package instance in
the History will appear as Failed. If you do not want the object package instance to
fail if one of the component instances fails, clear the “Scheduled package fails upon
individual component failure” check box.
Authentication and object packages
Object packages simplifies both Enterprise and database authentication. You enter
your Enterprise authentication only once to schedule the object package, including
all of its component objects. Consequently, you must have scheduling rights for
each of the objects inside the object package. If you attempt to schedule a package
that contains one or more component objects to which you do not have schedule
rights, the component instance(s) fail(s).
For database authentication, you specify database logon information for each report
component object in the object package. (If you copied the report into the object
package, it initially inherits the database logon information of the original report.)
210
Crystal Enterprise Administrator’s Guide
Scheduling Objects
12
This chapter provides information on scheduling objects. It
includes information about configuring servers and
creating calendars for scheduling. It provides detailed
instructions for scheduling objects individually and in
batches, and scheduling with events. It also describes
distributing objects, specifying schedule notifications, and
managing instances.
Crystal Enterprise Administrator’s Guide
211
Scheduling objects overview
Scheduling objects overview
Scheduling an object lets you run it automatically at specified times. You can schedule
report objects, program objects, and object packages. (For details about object types
and object management, see “Managing objects overview” on page 178.)
When you schedule an object, Crystal Enterprise generates an instance that
contains information that is captured when the object is run. Report instances
contain relevant database information; for example, instances for program objects
contain the standard out and standard error produced by that instance of the
program. Your instance uses all of the settings that you have set in the CMC for the
original object. This chapter explains how to schedule and manage object instances
through the Crystal Management Console (CMC).
This chapter is organized into three main sections:
• Setting up scheduling
This section describes how to prepare your system for scheduling. You can
specify the servers that objects use for scheduling, and you can create calendars
to provide your users with sets of common scheduling dates.
• Scheduling objects
This section provides information on scheduling objects in various ways, such
as scheduling objects on demand, daily or monthly, in batches, or with events.
• Managing instances
This section describes how to manage instances that are created after you
schedule objects. In the CMC, you can choose from various notification options,
or you can distribute objects by choosing output formats and destinations. You
can also manage an object’s historical instances and control how many
instances are available for each object.
Setting up scheduling
Before your users can schedule objects, you need to set up the servers and prepare
the tools they’ll need for scheduling. After you publish objects, you can specify the
servers used to schedule their instances. To make scheduling easier for your users
you can create custom calendars of run dates.
Specifying servers for scheduling
You can specify the default job servers that Crystal Enterprise will use to run an
object, and to schedule and process instances. When specifying your servers, you
have three options:
• Use the first available server.
• Use the servers that belong to a selected group first (and, if the servers from
that group aren’t available, use any available server).
• Use only servers that belong to a specific group.
212
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
By selecting a particular server or server group, you can balance the load of your
scheduling, because specific objects can be processed by specific job servers. You
must first create server groups by using the Server Groups management area in the
CMC, before you can select servers that belong to a selected group. You can also
set the maximum number of jobs that a job server will accept. For more
information, see “Modifying performance settings for Job Servers” on page 308.
Also, you can balance the load of your scheduling, because specific objects can be
processed by specific job servers. You must first create server groups by using the
Server Groups management area in the CMC, before you can select servers that
belong to a selected group. You can also set the maximum number of jobs that a job
server will accept. For more information, see “Modifying performance settings for
Job Servers” on page 308.
Note:
• If you choose the “Use the first available server” option, the Crystal
Management Server (CMS) will check the job servers to see which one has the
lowest load. The CMS does this by checking the percentage of the maximum
load on each job server. If all of the job servers have the same load percentage,
then the CMS will randomly pick a job server.
• If you are scheduling a program object that requires access to files stored
locally on a Program Job Server, but you have multiple Program Job Servers,
you must specify which server to use to run the program.
• See “Specifying servers for viewing and modification” on page 187 for
information on specifying the servers used to view or modify an object.
To specify the servers to use for an object
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Process tab.
Crystal Enterprise Administrator’s Guide
213
Setting up scheduling
3 In the “Default Servers To Use For Scheduling” area, choose from one of the
three options:
• Use the first available server
Crystal Enterprise will use the server that has the most resources free at the
time of scheduling.
• Give preference to servers belonging to the selected group
Select a server group from the list. This option will attempt to process the
object from the servers that are found within your server group. If the
specified servers are not available, then the object will be processed on the
next available server.
• Only use servers belonging to the selected group
This option ensures that Crystal Enterprise will only use the specified
servers that are found within the selected server group. If all of the servers
in the server group are unavailable, then the object will not be processed.
4 Click Update.
5 In the “Default Servers To Use For Viewing” area, repeat the activities from
steps 3 and 4.
Note: “Default Servers To Use For Viewing” applies only to report objects.
Managing calendars
Calendars make it easy for you to schedule complex recurring jobs efficiently. A
calendar is a customized list of run dates for scheduled jobs. When users schedule
objects, they can use a calendar to run the job on a predefined set of dates. By
providing calendars for your users, you can create more complex processing
schedules than you can with the standard scheduling options.
Calendars are particularly useful when you want to run a recurring job on an
irregular schedule, or if you want to provide users with sets of regular scheduling
dates to choose from. Calendars also allow you to create more complex processing
schedules, combining unique scheduling dates with recurring ones.
For example, if you want a report object to run every business day except for your
country’s statutory holidays, you can create a calendar with the holidays marked
as “non-run” days, on which the report object cannot be run. Crystal Enterprise
will run the job every day you have specified as a “run” day in your calendar.
You can set up as many calendars as you want in Crystal Enterprise. Calendars you
create appear in the Calendar selection list available when you choose to schedule
an object using a calendar. When you apply the calendar to a job, Crystal
Enterprise runs the job on the run dates as scheduled.
You can apply calendars to any object that can be scheduled, including report
objects, program objects, and object packages.
214
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Creating calendars
In the Crystal Management Console (CMC), go to the Calendars management area
to create new calendars and to modify existing calendars. To create a calendar, you
need to provide a name and description. When the calendar is created, you can add
run dates to it using the Dates tab.
Tip: It is good practice to create a calendar for users to use as a template for
creating new calendars. They can copy this template calendar and modify it as
necessary. For example, you can create a default Weekdays calendar that includes
all days as run dates except weekends and company holidays.
To create a calendar
1 Go to the Calendars management area of the CMC.
2 Click New Calendar.
3 On the Properties tab, type the name and description of the new calendar.
This example creates a calendar for Canadian employees that schedules an
object on all weekdays except statutory Canadian holidays.
4 Click Update.
The new calendar is added to the system, and its Properties tab is refreshed.
You can now use the Dates tab to add run dates to this calendar. For details, see
“Adding dates to a calendar” on page 215.
Adding dates to a calendar
You can add dates to a calendar using a number of different formats. You can
choose specific dates using a yearly, quarterly, or monthly view of the calendar, or
you can choose recurring dates using general formats based on the day of the
month or week.
Crystal Enterprise Administrator’s Guide
215
Setting up scheduling
Specific dates
To add a specific date to a calendar, use the Yearly, Quarterly, and Monthly
formats to add dates to the calendars.
The Yearly format displays the run schedule for the entire year. The Quarterly
format displays the run dates for the current quarter. You can also view the
Monthly format for the calendar, which displays the run dates for the current
month. In all three formats, you can change the displayed time range by clicking
the previous and next buttons.
You can add specific dates in the Monthly calendar format. To add dates for the
Yearly and Quarterly calendar formats, click a month to open it in the Monthly
format, where you can select specific days as run dates.
For example, if your company ships products according to an irregular schedule
that cannot be defined using the daily or weekly settings, you can create a list of
these dates in a “Shipping dates” calendar. The Shipping department can now
check the inventory after each shipment by scheduling a report that uses the
calendar to run at the end of each shipping day.
216
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Recurring dates
To create a recurring pattern of monthly run dates, use the generic Monthly
formats. You can add the generic dates based on the day of the week or the day of
the month. To view existing run dates, you must use the Yearly, Quarterly, or
Monthly format; the generic formats are used to add dates to the calendar.
Although you can set a recurring schedule using the standard scheduling options,
calendars allow you to specify several different recurring run patterns at once. You
can also run instances on dates that do not follow the pattern by adding individual
days to a calendar.
For example, to schedule a report object to run on the first four days of every
month, and on the second and fourth Friday of every month, first create a new
calendar object and name it. Then, use the Generic Monthly, by Day of Month
format to add the first four days of the month to this calendar. When you update
the calendar, the Yearly format appears with the new run dates.
Crystal Enterprise Administrator’s Guide
217
Setting up scheduling
To add every second and fourth Friday to the calendar, use the Generic Monthly,
by Day of Week format.
To add dates to a calendar
1 Go to the Calendars management area of the CMC.
2 Click the link for the calendar you want to change.
3 Click the Dates tab.
4 In the “Select a calendar displaying format” list, choose from one of the five
calendar format options:
• Yearly
Yearly displays the calendar’s run dates for the year. To change the year
displayed, you can click the Previous Year and Next Year buttons. To add a
date from the Yearly format, click a month to open it in Monthly format,
where you can add run dates to specific days.
• Quarterly
Quarterly displays the calendar’s run dates for the current calendar quarter.
You can change the displayed quarter using the Previous Quarter and Next
Quarter buttons. To add a date from the Quarterly format, click a month to
open it in Monthly format, where you can add run dates to specific days.
218
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• Monthly
Monthly displays the calendar’s run dates for the current month. You can
change the displayed month using the Previous Month and Next Month
buttons.
• Generic Monthly, by Day of Week
Generic Monthly, by Day of Week allows you to add general recurring
dates based on the day of the week. The dates are applied to the months
specified between the Start and End Dates. Week 1 starts on the Sunday of
the week of the Start Date you specify. Note that this format does not
display the currently selected dates from the calendar; it only allows you to
add new dates and update the schedule.
• Generic Monthly, by Day of Month
Generic Monthly, by Day of Month allows you to add general recurring
dates based on the day of the month. The dates are applied to the months
specified between the Start and End Dates. This format allows you to add
new dates and update the schedule; it does not display currently selected
dates from the calendar.
5 Click the days of the month that you want to include as run days for the
calendar.
To remove a run day, click the day again.
Tip: For the Monthly and Generic Monthly, by Day of Week formats, you can
select multiple dates at once by clicking the row or column headings.
6 To add the new dates to the calendar, click Update.
If you added dates using a generic format, the Yearly format will automatically
appear, displaying the new dates.
Note: When you change an existing calendar, Crystal Enterprise checks all
currently scheduled instances in your system. Objects that use the edited
calendar are automatically updated to run on the revised date schedule.
Deleting calendars
When you delete a calendar, objects can no longer use it for scheduling jobs. If
existing scheduled jobs use the deleted calendar, they will fail if you do not select
a new calendar or create another schedule for them.
To delete a calendar
1 Go to the Calendars management area of the CMC.
2 Select the check box associated with the calendar you want to delete.
Tip: Select multiple check boxes to delete several calendars.
3 Click Delete, and click OK to confirm.
Crystal Enterprise Administrator’s Guide
219
Scheduling objects
Specifying calendar rights
You can grant or deny users and groups access to calendars. Depending how you
organize your calendars, you may have specific sets of dates that you want to be
available only for certain employees or departments. For example, your finance
team may use a series of financial tracking dates that aren’t useful for other
departments. Users will only be able to see the calendars they have the rights to see,
so you can use rights to hide calendars that aren’t applicable to a particular group.
Follow this procedure to change the rights for a calendar. By default, calendars are
based on current security settings, inheriting rights from the users’ parent folders.
To grant access to a calendar
1 Go to the Calendars management area of the CMC.
2 Select the calendar you want to grant access to.
3 Click the Rights tab.
4 Click Add/Remove to add users or groups that you want to give access to the
selected calendar.
The Add/Remove page appears.
5 In the Select Operation list, select Add/Remove Groups, Add Users, or
Remove Users.
6 Select the user or group you want to grant access to the specified calendar.
If you have many users on your system, select the Add Users operation; then
use the “Look for” field to search for a particular account.
7 Click OK.
8 On the Rights tab, change the Access Level for each user or group, as required.
9 To choose specific rights, choose Advanced.
For complete details on the predefined access levels and advanced rights, see
“Rights and Access Levels” on page 413.
10 Click Update.
Scheduling objects
When you schedule an object, Crystal Enterprise generates an instance that
contains information from the time the object is run. Report instances contain
relevant database information; program instances contain the standard out and
standard error produced by that instance of the program. Your instance uses all of
the settings that you have set in the CMC for the original object. The following
sections provide information on scheduling objects in various ways, such as
scheduling objects on demand, daily or monthly, in batches, or with events.
220
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Note:
• In order for a program object to be successfully scheduled and run, you must
provide logon information for the account that the program object will run as.
For details, see “Authentication and program objects” on page 206.
• Your end users, when using Crystal Enterprise to schedule and run objects,
should use a web-based client such as the Crystal Enterprise web desktop or a
custom web application. The Crystal Enterprise web desktop is designed
primarily for scheduling instances and viewing reports (whereas the CMC
enables you to manage and administer object properties and settings in
addition to scheduling and viewing reports).
• For many of the scheduling options, you can choose to schedule an instance to
with events. For information on events, see “Scheduling an object with events”
on page 234.
Scheduling on demand
When you select the schedule “On Demand” option, an object runs only when
users specifically run the object through their web application (the Crystal
Enterprise web desktop or a custom web application). For more information on the
Crystal Enterprise web desktop, see the Crystal Enterprise User’s Guide.
To set an object to be scheduled on demand
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the On Demand option.
Crystal Enterprise Administrator’s Guide
221
Scheduling objects
4 Complete the following fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to
process an object if the first attempt is not successful. By default, the
number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
5 Click Update.
Scheduling an object to run once
This option enables you to schedule an object to run once, whether it is run
immediately, or at a specific time. You can also schedule an object with events. For
detailed information on applying events, see “Scheduling an object with events”
on page 234.
To schedule an object to run once
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the Once option.
The page refreshes.
4 In the Run list, select from the following:
• Now
If you select this option, the object will be run immediately.
222
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• Now, with events
Choose this option to use the event or events that you have already defined.
• At a specific time
Select a start date in the Start Date area and an optional end date in the End
Date area. To select a date, you can either enter a date in the date field, or
click the Popup Calendar button to select a date from the calendar that
appears in a separate window.
• At a specific time, with events
Choose this option to use the event or events that you have already
defined. Select a start date in the Start Date area and an optional end date in
the End Date area. To select a date, you can either enter a date in the date
field, or click the Popup Calendar button to select a date from the calendar
that appears in a separate window.
5 Regardless of which option you select from the Run list, complete the
following fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to
process an object if the first attempt is not successful. By default, the
number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
6 Click Schedule to schedule the object.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved after this instance.
Scheduling a daily object
When you schedule an object to run daily, you can choose to have the object run
every day at a specified time, every set number of hours and minutes, or every
specified number of days. A separate instance is created each time an object is run.
You can also schedule an object with events. For more information on events, see
“Scheduling an object with events” on page 234.
To schedule a daily object
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the Daily option.
Crystal Enterprise Administrator’s Guide
223
Scheduling objects
The page refreshes.
4 In the Run list, select from the following:
• Once each day
The object will be run once a day, and will begin on the day and time that
you specify in the Start Date area. You can also select an optional end date
for the object in the End Date area. To select a date, you can either enter a
date in the date field, or click the Popup Calendar button to select a date
from the calendar that appears in a separate window.
• Daily, with events
Choose this option to use the event or events that you have already
defined. The object will be run once a day, and will begin on the day and
time that you specify in the Start Date area. You can also select an optional
end date for the object in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
• Every X hour(s), N minute(s)
For this option, the object will be run every X hour(s) and N minute(s), and
will start on the day and time that you enter in the Start Date area. You can
also select an optional end date for the object in the End Date area. To select
a date, you can either enter a date in the date field, or click the Popup
Calendar button to select a date from the calendar that appears in a
separate window. To specify the hour and minute values, enter numeric
values in the “Where X is” field and the “Where N is” field. By default, X
equals 1 and N equals 0.
224
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• Every X hour(s), N minute(s), with events
Choose this option to use the event or events that you have already
defined. For this option, the object will be run every X hour(s) and N
minute(s), and will start on the day and time that you enter in the Start Date
area. You can also select an optional end date for the object in the End Date
area. To select a date, you can either enter a date in the date field, or click
the Popup Calendar button to select a date from the calendar that appears
in a separate window. To specify the hour and minute values, enter
numeric values in the “Where X is” field and the “Where N is” field. By
default, X equals 1 and N equals 0.
• Every X day(s)
For this option, the object will be run every X day(s) and will start from the
start date and time that you enter in the Start Date area. You can also select
an optional end date for the object in the End Date area. To select a date,
you can either enter a date in the date field, or click the Popup Calendar
button to select a date from the calendar that appears in a separate window.
To specify the day value, enter a numeric value in the “Where X is” field.
By default, X has a value of 1.
• Every X day(s), with events
Choose this option to use the event or events that you have already
defined. For this option, the object will be run every X day(s) and will start
from the start date and time that you enter in the Start Date area. You can
also select an optional end date for the object in the End Date area. To select
a date, you can either enter a date in the date field, or click the Popup
Calendar button to select a date from the calendar that appears in a
separate window. To specify the day value, enter a numeric value in the
“Where X is” field. By default, X has a value of 1.
5 Regardless of which option you select from the Run list, complete the following
fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to
process an object if the first attempt is not successful. By default, the
number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
6 Click Schedule to schedule the object.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved after this instance.
Crystal Enterprise Administrator’s Guide
225
Scheduling objects
Scheduling a weekly object
When you schedule an object to run weekly, you choose the day of the week and
the time when you want it to run. You can also schedule an object with events. For
more information on events, see “Scheduling an object with events” on page 234.
To schedule a weekly object
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the Weekly option.
The page refreshes.
4 In the Run list, select from the following:
• Every week on
When you select this option, the object will be run once a week, on the day
that you select from the days of the week check boxes. You also specify a
start date in the Start Date area and an optional end date for the object in
the End Date area. To select a date, you can either enter a date in the date
field, or click the Popup Calendar button to select a date from the calendar
that appears in a separate window.
226
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• Weekly, with events
Choose this option to use the event or events that you have already
defined. When you select this option, the object will be run once a week
(along with events), on the day that you select from the days of the week
check boxes. You also specify a start date in the Start Date area and an
optional end date for the object in the End Date area. To select a date, you
can either enter a date in the date field, or click the Popup Calendar button
to select a date from the calendar that appears in a separate window.
5 Regardless of which option you select from the Run list, complete the following
fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to
process an object if the first attempt is not successful. By default, the
number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
6 Click Schedule to schedule the object.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved after this instance.
Scheduling a monthly object
You can schedule an object so that it runs on a monthly basis, on a certain day of
the month or specified day of the week, on every set number of months, on the first
Monday of the month, or on the last day of the month. You can also schedule an
object with events. For detailed information on applying events, see “Scheduling
an object with events” on page 234.
To schedule a monthly object
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the Monthly option.
Crystal Enterprise Administrator’s Guide
227
Scheduling objects
The page refreshes.
4 In the Run list, select from the following:
• On the Nth day of the month
When you select this option, the object will be run once a month, on the day
that you select from the “Where N is” list (by default, N equals 15, so
objects will be run on the 15th of every month). If you use 31 as your value
for N, then the object will run only on months that have 31 days, and skip
the months that don’t have 31 days. Similarly, if you choose either 29, 30, or
31 for N, the object will skip February (on non-leap years). If you want to
run an object on the last day of every month, select “On the last day of the
month” in the Run list.
You specify a start date in the Start Date area and an optional end date for
the object in the End Date area. To select a date, you can either enter a date
in the date field, or click the Popup Calendar button to select a date from
the calendar that appears in a separate window.
• On the Nth day of the month, with events
Choose this option to use the event or events that you have already
defined. When you select this option, the object will be run once a month,
on the day that you select from the “Where N is” list (by default, N equals
15, so objects will be run on the 15th of every month). If you use 31 as your
value for N, then the object will run only on months that have 31 days, and
skip the months that don’t have 31 days. Similarly, if you choose either 29,
30, or 31 for N, the object will skip February (on non-leap years). If you
228
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
•
•
•
•
want to run an object on the last day of every month, select “On the last day
of the month, with events” in the Run list.
You specify a start date in the Start Date area and an optional end date for
the object in the End Date area. To select a date, you can either enter a date
in the date field, or click the Popup Calendar button to select a date from
the calendar that appears in a separate window.
On the Nth X of the month
When you select this option, the object will be run once a month. You select
the day of the week and which week the object will be run. Select a day of
the week from the “Where X” list and the particular week of the month
from the “Where N” list. By default, objects will be run on Monday (X) of
the first (N) week of the month. You also specify a start date in the Start
Date area and an optional end date for the object in the End Date area. To
select a date, you can either enter a date in the date field, or click the Popup
Calendar button to select a date from the calendar that appears in a
separate window.
On the Nth X of the month, with events
Choose this option to use the event or events that you have already
defined. When you select this option, the object will be run once a month.
You select the day of the week and which week the object will be run. Select
a day of the week from the “Where X” list and the particular week of the
month from the “Where N” list. By default, objects will be run on Monday
(X) of the first (N) week of the month. You also specify a start date in the
Start Date area and an optional end date for the object in the End Date area.
To select a date, you can either enter a date in the date field, or click the
Popup Calendar button to select a date from the calendar that appears in a
separate window.
Every N months
For this option, an object will be run every set number of months. By
default, the “Where N is” field has a value of one, so an object will be run
every month. You specify a start date in the Start Date area and an optional
end date for the object in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
Every N months, with events
Choose this option to use the event or events that you have already
defined. For this option, an object will be run every set number of months.
By default, the “Where N is” field has a value of one, so an object will be
run every month. You specify a start date in the Start Date area and an
optional end date for the object in the End Date area. To select a date, you
can either enter a date in the date field, or click the Popup Calendar button
to select a date from the calendar that appears in a separate window.
Crystal Enterprise Administrator’s Guide
229
Scheduling objects
• On the first Monday of the month
When you select this option, an object will be run on the first Monday of
every month. You specify a start date in the Start Date area and an optional
end date for the object in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
• On the first Monday of the month, with events
Choose this option to use the event or events that you have already
defined. When you select this option, an object will be run on the first
Monday of every month. You specify a start date in the Start Date area and
an optional end date for the object in the End Date area. To select a date,
you can either enter a date in the date field, or click the Popup Calendar
button to select a date from the calendar that appears in a separate window.
• On the last day of the month
When you select this option, an object will be run on the last day of every
month. You specify a start date in the Start Date area and an optional end
date for the object in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
• On the last day of the month, with events
Choose this option to use the event or events that you have already
defined. When you select this option, an object will be run on the last day of
every month. You specify a start date in the Start Date area and an optional
end date for the object in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
5 Regardless of which option you select from the Run list, complete the following
fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to
process an object if the first attempt is not successful. By default, the
number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
6 Click Schedule to schedule the object.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved after this instance.
230
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Scheduling an object with a calendar
When you cannot provide a detailed schedule using the standard settings for
recurring jobs, use a calendar to run the object on the specific dates you need.
When you schedule an object according to a calendar, it will run on each date
specified in the calendar, creating a new instance each time it runs. You can choose
the time of day the instance will run, and for how long, but the dates that the object
runs are controlled by the calendar you choose. For details on creating a calendar,
see “Creating calendars” on page 215.
You can also schedule objects with calendars and events. For more information on
events, see “Scheduling an object with events” on page 234.
To schedule an object with a calendar
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule tab appears.
3 Select the Calendar option.
The page refreshes.
4 In the Run list, select from the following:
• Calendar
When you select this option, the object runs on all specified run dates in the
calendar. To specify a start time and end time for the scheduled job on each
run date, choose values from the lists.
Crystal Enterprise Administrator’s Guide
231
Scheduling objects
• Calendar, with events
Choose this option to use an event or events that you have already defined.
When you select this option, the object and its associated events run on all
specified run dates in the calendar. Choose a start time and end time for the
scheduled job and its events to run on each run date.
For details on scheduling with calendars and events, see “Scheduling an
object with events” on page 234.
5 In the Calendar to run for list, choose the calendar that provides the scheduled
dates you want.
6 Complete the following fields:
• Number of retries allowed
This number indicates the number of times a job server will attempt to process
an object if the first attempt is not successful. By default, the number is zero.
• Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process an object again (if the first attempt failed). The
default setting is 1800 seconds.
7 Click Schedule to schedule the object.
8 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved after this instance.
Scheduling objects in batches
You can schedule objects in batches using the object packages feature. Object
packages function as distinct objects in Crystal Enterprise. They can be composed
of any combination of report and program objects published to the Crystal
Enterprise system. (Other types of objects, such as Excel, Word, Acrobat, Text, Rich
Text, PowerPoint, and Hyperlink objects, cannot be added to object packages.)
Using object packages to schedule batches of objects simplifies authentication. In
terms of reports, it allows users to view synchronized data across report instances.
This procedure describes how to use the CMC to schedule published objects in
batches. First you publish an object package. Then, you copy existing objects into the
object package. Finally, you schedule the object package as you would any object.
Alternatively, you can publish objects directly to an object package, and then you
can schedule that object packages as you would any object. For details on publishing
directly to an object package, see “Publishing overview” on page 116. For details on
configuring object packages, see “Object package management” on page 208.
Note:
• You must configure the processing information of each of the components of
an object package individually. For example, if you want a report object in an
232
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
object package to print when scheduled, you must configure it through the
Print Setup link available on the report object’s Process tab. For more
information about configuring objects, see “Managing Objects” on page 177.
• For information about publishing hyperlinked report objects, see “Working
with hyperlinked reports” on page 199.
To schedule objects in a batch
1 Create an object package in Crystal Enterprise.
Go to the Objects management area of the CMC. Click New Object, and then
click the Object Package tab. Type the package name and select a destination. For
details, see “Publishing with the Crystal Management Console” on page 125.
2 Go to the Objects management area of the CMC.
3 Select the check boxes associated with each object you want to place in the
object package.
4 Click Copy/Move/Shortcut.
The Copy/Move/Create Shortcut page appears.
5 Select Copy to.
Note: Existing objects cannot be moved into an object packages; they must be
copied to the object package.
6 Select the object package you created as the Destination for the objects; then
click OK.
Tip:
• Object packages are indicated by [square brackets].
• To expand a folder, select it and click Show Subfolders.
• To search for a specific folder or object package, use the Look For field.
7 Schedule the object package.
For details, see “Scheduling objects” on page 220.
Crystal Enterprise Administrator’s Guide
233
Scheduling objects
Scheduling an object with events
When you schedule an object with events, the object will be run only when the
additional condition (that is, the event) occurs. You can tell an object to wait for
any, or all of the three event types: file-based, custom-based, and schedule-based.
If you want a scheduled object to trigger an event, you must choose a schedulebased event.
Note: A file-based event is triggered upon the existence of a specified file. A
custom-based event is triggered manually. A schedule-based event is triggered by
another object being run.
When you schedule an object that waits for a specified event, the object will run
only when the event is triggered, and only when the rest of the schedule conditions
are met. If the event is triggered before the start date of the object, the object will
not run. If you have specified an end date for this object, and if the event is not
triggered before the end date occurs, the object will not run because not all of the
conditions will have been met. Also, if you choose a weekly, monthly, or calendar
schedule, the object will have a specified time frame in which it can be processed.
The event must be triggered within this specified time for the object to run. For
example, if you schedule a weekly report object that runs every Monday, the event
must be triggered within the 24-hour period on Monday; if the event is triggered
outside of the 24-hour period, then the report will not run.
You can also schedule an object which triggers a schedule-based event upon
completion of the object being run. When the object is run, Crystal Enterprise will
trigger the specified event. For a schedule-based event, if the event is based on the
instance being run successfully, for example, the event won’t be triggered if the
instance fails. For a sample scenario on when you would use a schedule-based
event, see “Schedule-based events” on page 264.
When you schedule an object through the Objects management area, you can
specify in the Run list in the Schedule page whether you want to schedule an object
with events or not. For detailed information on scheduling objects without events,
see “Scheduling objects” on page 220.
To schedule an object with events, first ensure that you have created an event in
the Events management area. When you schedule an object, select any Run option
which includes the phrase, “with events.” For more information on creating events
(and sample scenarios for each type of event), see “Managing events overview” on
page 262.
To select an event or events to wait for
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
The Schedule page appears.
234
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
3 From the list on the left of the page, select a recurrence pattern: Once, Daily,
Weekly, Monthly, or by Calendar.
4 In the Run list, select a run option that contains the words, “with events.”
5 Select and complete the schedule parameters for your object (scheduling
option, Start Date, End Date, and so on).
6 In the Available Events area, select from the list of events and click Add.
For example, the report object above is set to wait for a Custom-based event to
occur before the report is processed.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved.
8 Click the Schedule button to schedule the object.
To trigger a schedule-based event or events upon completion
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab.
3 From the list on the left of the page, select a recurrence pattern: Once, Daily,
Weekly, Monthly, or by Calendar.
Crystal Enterprise Administrator’s Guide
235
Managing instances
4 In the Run list, select a run option that contains the words, “with events.”
5 Select and complete the schedule parameters for your object (scheduling
option, Start Date, End Date, and so on).
6 In the Available Schedule Events area, select from the list of events and click
Add.
For example, the report object above is set to trigger a Schedule-based event
only if the report is successfully processed.
Note: You can only select schedule-based events in this list.
7 To update the default scheduling information, click Update.
If you don’t click Update, any changes you made to the scheduling information
are not saved.
8 Click the Schedule button to schedule the object.
Managing instances
After you publish an object, Crystal Enterprise allows you to control the instances.
You can select the output destination of the object. For reports, you can choose the
output format of the report, and you can specify printer and page layout options.
To manage storage space, it is good practice to limit the number of possible
instances for an object, or to provide a time limit for the instances. You can also
work with instances in an object’s History tab, where you can delete, pause, run,
and refresh instances.
236
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Selecting a destination
Using Crystal Enterprise, you can specify the output destination of a scheduled
object. By default, when you schedule an object, the instances will be saved on the
File Repository Server (FRS). The option to choose a destination provides you with
the flexibility to deliver objects across your enterprise solution in different and
applicable ways. For example, you are able to schedule objects that will be sent via
email to other users.
Note: You can also schedule objects that, upon generation, will be printed. For
more information, see “Setting printer and page layout options” on page 244.
When users schedule objects to specific destinations (other than the default FRS
location), Crystal Enterprise generates a unique name for each output file. To
generate a file name, users can use a combination of ID, name or title of the object,
owner information, or the date and time information.
The following destination support locations are available:
• “Default destination support” on page 237
• “Unmanaged Disk destination support” on page 238
• “FTP support” on page 239
• “Email (SMTP) support” on page 241
Note: You can change your destination settings either in the Crystal Management
Console (CMC) or in the Crystal Enterprise web desktop. When you specify the
destination settings through the CMC, these settings are also reflected in the
default scheduling settings for the web desktop; that is, if a user selects the
Default destination setting in the web desktop, the object will be delivered to the
specified destination (as set on the Schedule page in the CMC).
Default destination support
By default, scheduled objects are saved to the File Repository Server (FRS). If you
want to save instances to the FRS, select this option.
To set your destination to default
1 In the Objects management area of the CMC, select an object by clicking its
link.
2 Click the Schedule tab, then click the Destination link.
The Destination tab appears.
3 Select Default from the Destination list.
4 Click Update.
Crystal Enterprise Administrator’s Guide
237
Managing instances
Unmanaged Disk destination support
You can specify the location where an instance will be saved when it is scheduled
by you or another user.
Note:
• The location must be a local or mapped directory on the processing server. For
servers using Windows, the location can also be a Universal Naming
Convention (UNC) path.
• The processing server must have sufficient rights to the specified location.
• You must have this destination feature enabled in the Job Server in order to use
unmanaged disk destination support. For more information on the Job Server,
see “Setting default scheduling destinations for Job Servers” on page 309.
To set your destination to unmanaged disk
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab, then click the Destination link.
The Destination tab appears.
Select Unmanaged Disk from the Destination list.
238
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
3 Select either Use the Crystal Job Server’s defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule an object using the
Job Server’s default settings. You can change these settings in the Servers
management area. For more information, see “Setting default scheduling
destinations for Job Servers” on page 309.
If you select the second option, you can set the file name properties and enter
user information:
• Destination Directory
Enter a local location, mapped location, or a UNC path.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
• Specified File Name
Select this option if you want to specify a file name—you can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add. When the instance is run, the
variable will be replaced with the specified information from the instance.
For example, if you add the variable “Owner,” when you schedule an
object, its file name will include the object owner’s name.
• User Name
Specify a user who has permission to write files to the destination directory.
• Password
Type the password for the user.
Note: You can specify a user name and password only for servers using
Windows.
4 Click Update.
FTP support
Crystal Enterprise enables you and your users to schedule an object to a File
Transfer Protocol (FTP) server. To connect to the FTP server, you must specify a
user who has the necessary rights to upload files to the server.
Note: You must have this destination feature enabled in the Job Server in order to
schedule an object to an FTP server.
To set an FTP server as the destination
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab, then click the Destination link.
The Destination tab appears.
Crystal Enterprise Administrator’s Guide
239
Managing instances
3 Select FTP from the Destination list.
4 Select either Use the Crystal Job Server’s defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule an object using the
Job Server’s default settings. You can change these settings in the Servers
management area. For more information see “Setting default scheduling
destinations for Job Servers” on page 309.
If you select the second option, you can set the FTP and file name properties:
• Host
Enter the FTP host information.
• Port
Enter the FTP port number (the default is 21).
• FTP User Name
Specify a user who has the necessary rights to upload an object to the FTP
server.
240
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• FTP Password
Enter the user’s password.
• Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
• Destination Directory
Enter the FTP directory that you want the object to be saved to.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
• Specified File Name
Select this option if you want to enter a file name—you can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
5 Click Update.
Email (SMTP) support
With Simple Mail Transfer Protocol (SMTP) mail support, you and your users can
do the following:
• Send an object as an attachment in the email.
• Specify the “To,” “Cc,” and “From” in the email.
• Add subject information.
• Include additional information in the body message, which will accompany
the object that is being delivered.
Crystal Enterprise supports Multipurpose Internet Mail Extensions (MIME)
encoding.
Note: You must have this destination feature enabled and configured in the
Report Job Server in order to schedule an object to be sent via email. For details,
see “Setting default scheduling destinations for Job Servers” on page 309.
To send an object via email
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the Schedule tab, then click the Destination link.
The Destination tab appears.
Crystal Enterprise Administrator’s Guide
241
Managing instances
3 Select Email (SMTP) from the Destination list.
4 Select either Use the Crystal Job Server’s defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule an object using the
Job Server’s default settings. You can change these settings in the Servers
management area. For more information, see “Setting default scheduling
destinations for Job Servers” on page 309.
If you select the second option, you can specify the email settings and the file
name properties:
• From
Enter a return address.
• To
Enter an address or addresses that you wish to send the object to. Separate
multiple addresses with semicolons.
242
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
• Cc
Enter an address or addresses that you wish to send a carbon copy of the
object to.
• Subject
Complete the subject field.
• Message
Type a short message, if required.
• Add viewer hyperlink to message body
Click Add if you want to add the URL for the viewer in which you want the
email recipient to view the object. You can set the default URL by clicking
Object Settings on the main page of the Objects management area of the CMC.
• Attach object instance to email message
Clear this check box if you do not want a copy of the instance attached to
the email.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
• Specified File Name
Select this option if you want to enter a file name—you can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
5 Click Update.
Choosing a format
For report objects only, you can select the format that a report instance will be
saved in when it is generated by Crystal Enterprise. This format will be saved to
the destination you have selected for the report object and its instances. For more
information on destinations, see “Selecting a destination” on page 237. You can
select from the following formats:
• Crystal Report
• Excel
• Excel (Data Only)
• Word
• Acrobat
• Rich Text
• Plain Text
• Paginated Text
• Tab-separated Text
• Tab-separated Values
• Character-separated Values
Crystal Enterprise Administrator’s Guide
243
Managing instances
For Excel, Paginated Text, Tab-separated Values, and Character-separated Values,
you specify certain formatting properties for the report. For example, if you select
Character-separated Values, you can enter characters for the separator and
delimiter; you can also select the two check boxes: “Same number formats as in
report” and “Same date formats as in report.”
Note:
• If you choose to print the report when it is scheduled (by checking the “Print in
Crystal Reports format using the selected printer when scheduling” check box
on the Print Setup page), the report instance is automatically sent to the printer
in Crystal Reports format. This does not conflict with the format you select
when scheduling the report.
• The difference between Excel and Excel (Data only) is that Excel attempts to
preserve the look and feel of your original report, while Excel (Data only)
saves only the data, with each cell representing a field.
• The Tab-separated Values format places a tab character between values; the
Character-separated Values format places a specified character between
values. Each of these two formats produce data lists. In contrast, the Tabseparated Text format attempts to preserve the formatting of the report.
To select a format for the report
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 On the Schedule tab, click the Format link.
The Format page appears.
3 Select a format from the Format list.
4 Complete any fields that appear below the list and select (where appropriate)
the check boxes that appear.
5 Click Update.
Setting printer and page layout options
You can choose to print a report instance when scheduling it; report instances are
always printed in Crystal Reports format. When printing a report, you can set the
number of copies and the page range.
The Print Setup page contains two areas: the first area specifies whether or not a
report instance is printed, and if printed, the printer to use, the number of copies, and
the page range; the second area specifies custom layout settings for changing the
page size and orientation (regardless of whether the report instance is printed or not).
244
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Specifying a printer
You can choose to print a report (each time it runs) using the Report Job Server’s
default printer or a different printer. By selecting the Printer destination, Crystal
Enterprise prints your report after it is processed.
Note: The Report Job Server must run under an account that has sufficient
privileges to access the printer you specify. See “Changing the server user
account” on page 326 for information on changing the user account.
To assign a printer
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 On the Process tab, click the Print Setup link.
The Print Setup page appears.
3 Select Print in Crystal Reports format using the selected printer when
scheduling if you want report instances to be sent directly to a printer.
The report instances are automatically sent to the printer in Crystal Reports format.
This does not interfere with the format selected when scheduling the report.
4 Leave Default printer selected if you want to print to the Job Server’s default
printer, otherwise, select Specify a printer.
5 Enter a printer’s path and name, select the number of copies, and choose the
print page range.
If your Job Server is using Windows, in the “Specify a printer” field, type:
\\printserver\printername
Where printserver is the name of your printer server, and printername is the
name of your printer.
If your Job Server is running on UNIX, in the “Specify a printer” field, type the
print command that you normally use. For instance, type:
lp -d printername
Note: Ensure that the printer you are using (on UNIX) is “shown” and not
“hidden.”
6 Click Update.
Specifying page layout
When viewing or scheduling a report instance to any format, you can first specify
page layout criteria such as page orientation, page size, and so on. The settings you
choose in this section of the Print Setup page affect how you’ll see a report instance
when displaying it.
Note: Page layout settings are not specifically related only to scheduling a report
to a printer, but also to the overall look of the report. The overall look is affected
Crystal Enterprise Administrator’s Guide
245
Managing instances
by the properties of the device for which the report is displayed in (that is, the
font metrics and other layout settings of the display and/or the printer).
To set a report’s page layout
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 On the Process tab, click the Print Setup link.
The Print Setup page appears.
3 Make your settings according to the type of layout you want. The options are
as follows:
• Report file default
Choose this option if you want the page layout to conform to the settings
that were chosen for the report in Crystal Reports.
• Specified printer settings
Choose this option if you want the page layout to conform to the settings of
a specified printer. You can choose the Job Server’s default printer or
another printer. For information about specifying another printer, see
“Specifying a printer” on page 245.
When you choose this option, you can print scheduled report instances
only to the printer you specify in the “Specified printer settings” area. In
other words, you cannot set your report to display with one printer’s
setting and then print to a different printer.
• Custom settings
Choose this option if you want to customize all page layout settings. You
can choose page orientation, page size, measurement units (inches or
millimeters), page width, and page height.
4 Click Update.
Setting instance limits for an object
In the Limits page, you can set the limits for the selected object and its instances.
You set limits to automate regular clean-ups of old Crystal Enterprise content. At
the object level, you can limit the number of instances that remain on the system
for the object or for each user or group; you can also limit the number of days that
an instance remains on the system for a user or group.
246
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
In addition to setting the limits for the objects from the Objects management area,
you can also set limits at the folder level. When you set limits at the folder level,
these limits will be in effect for all objects that reside within the folder (including
any objects found within the subfolders). For information on setting folder limits,
see “Setting limits for folders, users, and groups” on page 112.
Note: When you set the limits at the object level, the object limits will override the
limits set for the folder; that is, the object will not inherit the limits of the folder.
To set limits for instances
1 In the Objects management area of the CMC, select an object by clicking its link.
2 On the History tab, click the Limits link.
The Limits page appears.
3 Make your settings according to the types of limits you want to set for your
instances. The options are as follows:
• Delete excess instances when there are more than N instances of an
object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
• Delete excess instances for the following users/groups
To limit the number of instances for users or groups, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
• Delete instances after N days for the following users/groups
To limit the number of days that instances are saved for users or groups,
click Add/Remove in this area. Select from the available users and groups
and click OK. Then type the maximum age of instances in the Maximum
Days column. (The default value is 100.)
4 Click Update.
Crystal Enterprise Administrator’s Guide
247
Managing instances
Managing and viewing the history of instances
The History page displays all of the instances for a selected object. The Instance
Time column displays the title of the instances and the date of the last update for
each instance. The Status column displays the status of each instance. The Run By
column indicates which user scheduled the instance.
For report objects, the Format column displays which format the report is, or will
be stored in and the Parameters column indicates what parameters were or will be
used for each instance. For program objects, the Arguments column lists the
command-line options that were or will be passed to the command line interface
for each instance.
Crystal Enterprise creates instances from objects. That is, a report instance is
created when a report object is scheduled and run by the Report Job Server.
Essentially, a report instance is a report object that contains report data that is
retrieved from one or more databases. Each instance contains data that is current
at the time the report is processed. You can view specific report instances on the
History page of the report object.
Crystal Enterprise creates a program instance each time that a program object is
scheduled and run by the Program Job Server. Unlike report instances, which can
be viewed in their completed format, program instances exist as records in the
object history. Crystal Enterprise stores the program’s standard out and standard
error in a text output file. This file appears when you click a program instance in
the object History.
To manage instances
1 In the Objects management area of the CMC, select an object by clicking its link.
2 Click the History tab.
The History tab appears.
3 Select an instance or instances by selecting the appropriate check boxes.
4 Click either Run Now, Pause, Resume, Delete, Select All, Clear All, or
Refresh.
Note: If you click Run Now, a new instance will be generated (which uses the
current settings of the object).
248
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
To view an instance
1 Select a object in the Objects management area of the CMC.
2 Click the History tab.
The History page appears.
3 In the Instance Time column, click the instance you want to view.
Tip: You can also use the Instance Manager tool to view a list of instances by status
or by user. Access the Instance Manager by clicking its link in the Administrative
Tools area of the Crystal Enterprise Admin Launchpad.
Setting notification for an object’s success or failure
You can set scheduling options that automatically send notification when an object
instance succeeds or fails. You can send notification using audit or email
notification. You can also combine multiple notification methods, and provide
different notification settings for successful and failed instances.
For example, you may have a large number of reports that run a new instance
every day. You need to check each instance to make sure it ran properly, and then
send out emails to the users who need to know that the new report is available.
With thousands of reports, it would take too much time to manually check the
reports and contact the users who need the information. Using notification settings
in Crystal Enterprise, you can set each object to automatically notify you when the
report fails to run properly, and you can automatically inform users when new
report instances run successfully.
Determining an object’s success or failure
When you schedule an object, the scheduled instance either succeeds or fails. The
conditions required for an instance’s success or failure depend on the type of object
you schedule:
• Report objects
A report instance runs successfully if it doesn’t encounter any errors while
processing the report or accessing the database. A report instance may fail if the
user does not provide the correct parameters or logon information.
• Program objects
For program objects, the program must run in order to succeed. If the program
does not run, the instance is considered a failure. If the program runs, but does
not perform the tasks it is supposed to, it is still considered a successful instance
because the program object ran. Crystal Enterprise does not monitor problems
with the program object’s code.
• Object packages
An object package may fail if one of its components fails. To change this setting,
click the object package’s Properties tab and clear the “Scheduled package fails
upon individual component failure” option.
Crystal Enterprise Administrator’s Guide
249
Managing instances
You can also set scheduling options for individual objects within an object package.
Note: You cannot set audit or email notification for object packages, but you
can set any type of notification for the individual objects in the object package.
You can also schedule object packages with events on the Schedule tab. For
more information about events, see “Schedule-based events” on page 264.
About notification
You can set notification at the object level, and you can apply it to all objects that
can be scheduled in Crystal Enterprise. You can select unique notification options
for each object, sending different types of notification for different conditions. For
object packages, you can set only event notification, which will trigger an event
based on success or failure of the object package. To monitor object successes and
failures from a more general perspective, use the auditing functionality within
Crystal Enterprise.
If notification fails, then the object instance fails. For example, if an email
notification sends a message to an invalid email address, then the notification fails
and the object instance is recorded as a failure in the object’s history.
You can choose to notify using:
• Audit notification
To use audit notification, you must configure the auditing database and enable
auditing for the servers. If you use auditing to monitor your Crystal Enterprise
system, you can use audit notification. For more information about configuring
the auditing database and enabling auditing, see “Managing Auditing” on
page 329.
When you select audit notification, information about the scheduled object is
written to the auditing database. You can choose to have a notification sent to the
auditing database when the job runs successfully, when it fails to run, or both.
Note: For the Crystal Report Server and the Crystal Program Server, you can
also set audit notification on the Auditing tab.
• Email notification
You can send an email as a notification of an object instance’s success or failure.
You can choose the sender and recipients of the email message. You can send
an email when the instance fails and when it succeeds. For example, you could
send your administrator an email if the report fails, but when the report
succeeds you can automatically send a notification to everyone who needs the
report to let them know it is now available.
Note: For information on changing the Crystal Job Server’s default email, see
“Setting the default email (SMTP) destination” on page 312.
• Event notification
You can choose a Crystal Enterprise event that will be triggered based on the
completion of the object instance. For more information about events, see
“Schedule-based events” on page 264.
250
Crystal Enterprise Administrator’s Guide
12: Scheduling Objects
Note: Notification of a scheduled object’s success or failure is not the same as alert
notification. Alert notification must be built into the design of the report. For
example, alert notification can send an email to you whenever a specific value in
the report exceeds $1000000. In this case, the notification has nothing to do with
the contents of the report - it’s just about whether or not the report object instance
has failed or succeeded.
To set notification for an instance’s success or failure
1 Select a object in the Objects management area of the CMC.
2 Click the Schedule tab, then click the Notification link.
3 Click the notification type (or types) you want to use.
Note: If the notification type is already being used, it will be labelled
“Enabled”. If not, it will be labelled “Not in use”.
4 Choose the specific settings for the notification.
Audit notification
To send a record to the auditing database when the job succeeds, select “A job
has been run successfully.”
To send a record when the job fails, select “A job has failed to run.”
Email notification
Choose whether you want to send a notification when the job fails or when it
succeeds.
To specify the contents and recipients of the email notification, select “Set the
vales to be used here” and provide the From and To email addresses, the email
subject line, and the message.
Note: By default, the notification is sent to the server’s default email
destination. For details on how to change the default email settings, see
“Setting the default email (SMTP) destination” on page 312.
5 Click Update.
Crystal Enterprise Administrator’s Guide
251
Managing instances
252
Crystal Enterprise Administrator’s Guide
Managing Crystal Repository
13
This chapter discusses installing and managing Crystal
Repository in Crystal Enterprise. It explains how to migrate
data from previous versions of Crystal Repository, and
discusses how to refresh repository objects in reports.
Crystal Enterprise Administrator’s Guide
253
Crystal Repository overview
Crystal Repository overview
The Crystal Repository is a database in which you manage shared report elements
such as text objects, bitmaps, custom functions, and custom SQL commands. When
you save any Business View, it is also saved to the Crystal Repository.You can
refresh a report’s repository objects with the latest version from your Crystal
Repository when you publish reports to Crystal Enterprise. Alternatively, you can
refresh a report’s repository objects on demand over the Web.
The Crystal Repository is now hosted by the Crystal Management Server (CMS)
system database. Before publishing reports that reference repository objects, move
your existing Crystal Repository to the Crystal Management Server (CMS)
database. See the rest of this chapter for details.
Copying data from one repository database to another
Crystal Enterprise enables you to copy the contents of one Crystal Repository
database into another database. This procedure is also referred to as migrating a
Crystal Repository database. You can migrate repository data from a different
repository database (from version 9 of Crystal Reports, or version 9 of Crystal
Enterprise) into your current CMS database. Or, you can migrate the repository
data from your current CMS database into a different data source.
Throughout this section, the source CMS database refers to the database that holds
the data you are copying; this data is copied into the destination database.
Copying data from a Crystal Enterprise 10 CMS
You may want to copy repository objects from one Crystal Enterprise 10
installation to another. For example, you may have repository data on a test system
that you want to move onto a production server.
Use the Crystal Import Wizard to copy repository data from the source CMS. You
can choose to merge the contents of the source repository into the destination
repository, or you can update the destination with the contents of the source CMS.
Merging repositories
When you merge the contents of the source repository with the destination
repository, you add all repository objects from the source CMS into the destination
CMS without overwriting objects in the destination.
This is the safest import option. All of the objects in the destination repository are
preserved. Also, at a minimum, all repository objects from the source system with
a unique title are copied to the destination repository.
If an object from the source has the same title as an object in the destination, the
object is imported to the destination repository if:
• The object is not a Business View.
254
Crystal Enterprise Administrator’s Guide
13: Managing Crystal Repository
• You have selected “Automatically rename top-level folders that match toplevel folders on the destination system.”
The end result is a destination repository that contains all objects from the source
repository that have unique titles, copies of all non-Business View objects from the
source repository that have titles that match titles of objects in the destination, and
all objects originally in the destination repository.
When an object is copied from the source CMS to the destination CMS, the folder or
folders that contain the object are also copied, replicating the folder hierarchy of the
source system on the destination. However, the names of top-level folders must be
unique. Selecting “Automatically rename top-level folders that match top-level folders
on the destination system” allows these folders to be renamed on the destination
repository, and the objects in such folders to be copied to these renamed folders.
Note: Top-level folders containing Business Views are not renamed, regardless of
the options set. Renaming these folders would change the unique identifier
associated with the Business View, causing the Business View functionality to fail.
Updating the destination repository
When you update the contents of the destination repository using the source
repository as a reference, you add all objects in the source CMS to the destination
CMS. If an object in the source repository has the same unique identifier as an object
in the destination, the object in the destination is overwritten.
All object titles in a folder must be unique. By default, if copying an object from the
source CMS to the destination CMS would result in more than one object in a
folder with the same title, the copy fails.
If you want these objects to be copied, select the check box “Automatically rename
objects if an object with that title already exists in the destination folder.”
Note: System Objects (users, user groups, servers, server groups, events, and
calendars), are not renamed when you import them from one CMS to another,
regardless of the options set. Changing the names of these objects would cause user
management, server management, and event management for these objects to fail.
See “Importing with the Crystal Import Wizard” on page 135 for full instructions
on using the Import Wizard to copy objects from one Crystal Enterprise 10
repository to another.
Copying data from a Crystal Enterprise 9 repository database
In Crystal Enterprise 9, the Crystal Repository database was hosted on a separate
database server that you could connect to through ODBC.
In a Crystal Enterprise environment, begin by making a backup copy of the source
repository database. Then replace the repository by importing its contents into the
CMS database using the Crystal Repository Migration Wizard.
Crystal Enterprise Administrator’s Guide
255
Copying data from one repository database to another
When you use the Crystal Repository Migration Wizard, neither the source nor the
destination database is overwritten. Objects from the source repository will be
added to the destination repository database. If the Wizard finds identical objects
(that is, objects with the same unique identifier) in the source and destination
repositories, the source objects will not be copied.
When you copy repository objects into Crystal Enterprise 10, only the most recent
version of each object is copied.
Note: Reports configured to use the source repository will now refer to the
destination data source.
To copy repository data from Crystal Enterprise 9
1 From the Crystal Enterprise program group, click Crystal Repository
Migration Wizard. You must run the wizard on the machine containing your
source repository.
2 From the Source list in the Select Source Repository dialog, click the name of
the repository that you want to import.
3 Type the UserID and Password of a user with administrative rights to the
repository database. Click Next.
4 The Select Destination Data Source dialog appears. In the CMS field, type the
name of the destination data source’s Crystal Management Server.
5 Type the User Name and Password of an Enterprise account that provides you
with administrative rights to the CMS; then click Next.
256
Crystal Enterprise Administrator’s Guide
13: Managing Crystal Repository
6 From the “Source Repository Objects” list, select the items that you want to
copy to your Crystal Enterprise repository database. Click Next.
Crystal Enterprise exports the selected repository objects from your Crystal
Repository, reporting success or failure for each object.
7 Click Next, and then Finish to complete the transfer and close the Crystal
Repository Migration Wizard.
Copying data from a Crystal Reports 9 repository database
The Crystal Repository shipped with Crystal Reports 9 was an Access database
(Repository.mdb). By default, it was located in the following directory of your
Crystal Reports installation:
C:\Program Files\Common Files\Crystal Decisions\2.0\bin\
Begin by making a backup copy of this default database. Then replace the default
repository by importing its contents into the CMS database using the Crystal
Repository Migration Wizard.
When you use the Crystal Repository Migration Wizard, neither the source nor the
destination database is overwritten. Objects from the source repository will be
added to the destination repository database. If the Wizard finds identical objects
in the source and destination repositories, the source objects will not be copied.
When you copy repository objects into Crystal Enterprise 10, only the most recent
version of each object is copied.
Note: Reports configured to use the source repository will now refer to the
destination data source.
To copy repository data from Crystal Reports 9
1 From the Crystal Enterprise program group, click Crystal Repository
Migration Wizard. You must run the wizard on the machine containing your
source repository.
2 From the Source list in the Select Source Repository dialog, click the name of
the repository that you want to import.
If you created security for your repository database, type a User id and
Password valid for the repository database.
3 Click Next.
4 Log on to the CMS using a user name with administrative rights to Crystal
Enterprise.
Crystal Enterprise Administrator’s Guide
257
Refreshing repository objects in published reports
5 From the “Source Repository Objects” list, select the items that you want to
copy to your Crystal Enterprise repository database. Click Next.
6 Select the folder in your destination repository where objects from your source
directory will be placed.
• To add objects to a new folder, select “Insert a new folder”, and then type
the name of the folder.
• To delete an existing folder from your repository, select it, and then click
“Delete the item/folder”.
7 Click Next.
Crystal Enterprise exports the selected repository objects from your Crystal
Reports repository, reporting success or failure for each object.
8 Click Next, and then Finish to complete the transfer and close the Crystal
Repository Migration Wizard.
Refreshing repository objects in published reports
As you update objects stored in your Crystal Repository, you will want to update
the published Crystal reports that reference those repository objects. When you
refresh a report in this way, the old repository objects stored in the report are
replaced with the latest versions from the Crystal Repository.
Note: Although refreshing with the repository is faster, you can also refresh
reports by setting options that compare reports to their original source .rpt files.
For more information, see “Setting report refresh options” on page 185.
258
Crystal Enterprise Administrator’s Guide
13: Managing Crystal Repository
Tip: If you use Crystal Reports to open reports directly from your Crystal
Enterprise folders, you can update repository objects at that time. You can also
refresh repository objects when you publish reports. For details, see “Publishing
Objects to Crystal Enterprise” on page 115.
To refresh a published report’s repository objects
1 Go to the Objects management area of the CMC.
2 Click the link to the report you want to refresh.
3 On the Properties tab, click the Refresh Options link.
4 Verify that the Use Object Repository when refreshing report check box is
selected.
Note: If the check box is cleared, select it now and click Update.
5 Click Refresh Report.
Tip: Once you have enabled repository refresh for each report, you can refresh
multiple reports simultaneously using the Report Repository Helper. The Report
Repository Helper is available from Administrative Tools area in the Crystal
Enterprise Admin Launchpad.
Crystal Enterprise Administrator’s Guide
259
Refreshing repository objects in published reports
260
Crystal Enterprise Administrator’s Guide
Managing Events
14
This chapter provides information on creating and
managing events. It describes file-based events, custom
events, and schedule-based events.
Crystal Enterprise Administrator’s Guide
261
Managing events overview
Managing events overview
Event-based scheduling provides you with additional control over scheduling
objects: you can set up events so that objects are processed only after a specified
event occurs. Working with events consists of two steps: creating an event and
scheduling an object with events. That is, once you create an event, you can select
it as a dependency when you schedule an object. The scheduled job is then
processed only when the event occurs. This chapter shows how to create events in
the Events management area of the Crystal Management Console (CMC).
You can create three kinds of events:
• File events
When you define a file-based event, you specify a filename that the Event
Server should monitor for a particular file. When the file appears, the Event
Server triggers the event. For instance, you might want to make some reports
dependent upon the regular file output of other programs or scripts.
For details, see “File-based events” on page 263.
• Schedule events
When you define a schedule-based event, you select an object whose existing
recurrence schedule will serve as the trigger for your event. In this way,
schedule-based events allow you to set up contingencies or conditions between
scheduled objects. For instance, you might want certain large reports to run
sequentially, or you might want a particular sales summary report to run only
when a detailed sales report runs successfully.
For details, see “Schedule-based events” on page 264.
• Custom events
When you create a custom event, you create a shortcut for triggering an event
manually. Basically, your custom event occurs only when you or another
administrator clicks the corresponding “Trigger this event” button in the CMC.
For details, see “Custom events” on page 266.
When working with events, keep in mind that an object’s recurrence schedule still
determines how frequently the object runs. For instance, a daily report that is
dependent upon a file-based event will run, at most, once a day (so long as the file
that you specify appears every day). In addition, the event must occur within the
time frame established when you actually schedule the event-based report.
Note: For information on scheduling an event-based object in the Objects
management area of the CMC, see “Scheduling an object with events” on page 234.
262
Crystal Enterprise Administrator’s Guide
14: Managing Events
File-based events
File-based events wait for a particular file (the trigger) to appear before the event
occurs. Before scheduling an object that waits for a file-based event to occur, you must
first create the file-based event in the Events management area of the CMC. Then you
can schedule the object and select this event. For more information on scheduling an
object with events, see “Scheduling an object with events” on page 234.
File-based events are monitored by the Event Server. When the file that you specify
appears, the Event Server triggers the event. The Crystal Management Server
(CMS) then releases any schedule requests that are dependent on the event.
For instance, suppose that you want your daily reports to run after your database
analysis program has finished and written its automatic log file. To do this, you
specify the log file in your file-based event, and then schedule your daily reports
with this event as a dependency. When the log file appears, the event is triggered
and the reports are processed.
Note: If the file already exists prior to the creation of the event, the event is not
triggered. In this case, the event is triggered only when the file is removed and
then recreated. If you want an event to be triggered multiple times, you must
remove and recreate the file each time.
To create a file-based event
1 Go to the Events management area of the CMC.
2 Click New Event.
The New Event page appears.
3 In the Type list, select File.
Crystal Enterprise Administrator’s Guide
263
Schedule-based events
4 Type a name for the event in the Event Name field.
5 Complete the Description field.
6 In the Server list, select the Event Server that will monitor the specified file.
7 Type a filename in the Filename field.
Note: Type the absolute path to the file that the Event Server should look for
(for example, C:\folder\filename, or /home/folder/filename). The drive and
directory that you specify must be visible to the Event Server. Ideally, the
directory should be on a local drive.
8 Click OK.
Schedule-based events
Schedule-based events are dependent upon scheduled objects. That is, a schedulebased event is triggered when a particular object has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
object, or it can be based simply on the completion of the job.
Most importantly, you must associate your schedule-based event with at least two
scheduled objects. The first object serves as the trigger for the event: when the object
is processed, the event occurs. The second object is dependent upon the event:
when the event occurs, this second object runs. For more information on scheduling
objects with events, see “Scheduling an object with events” on page 234.
For instance, suppose that you want report objects R1 and R2 to run after program
object P1 runs. To do this, you create a schedule-based event in the Events
management area. You specify the “Success” option for the event, which means
that the event is triggered only when program P1 runs successfully. Then, you
schedule reports R1 and R2 with events, and select your new schedule-based event
as the dependency. Schedule program P1 with events, and set program P1 to
trigger the schedule-based event upon successful completion. Now, when
program P1 runs successfully, the schedule-based event is triggered, and reports
R1 and R2 are subsequently processed.
To create a schedule-based event
1 Go to the Events management area of the CMC.
2 Click New Event.
264
Crystal Enterprise Administrator’s Guide
14: Managing Events
The New Event page appears.
3 In the Type list, select Schedule.
4 Type a name for the event in the Event Name field.
5 Complete the Description field.
6 In the “Event based on” area, select from three options:
• Success
The event is triggered only upon successful completion of a specified object.
• Failure
The event is triggered only upon non-successful completion of a specified
object.
• Success or Failure
The event is triggered upon completion of a specified object, regardless of
whether that object was processed successfully or not.
7 Click OK.
Crystal Enterprise Administrator’s Guide
265
Custom events
Custom events
A custom event occurs only when you explicitly click its “Trigger this event” button.
As with all other events, an object based on a custom event runs only when the event
is triggered within the time frame established by the object’s schedule parameters.
Custom events are useful because they allow you to set up a shortcut that, when
clicked, triggers any dependent schedule requests.
Tip: When developing your own web applications, you can trigger Custom events
from within your own code, as required. For more information, see the developer
documentation available on your product CD.
For instance, you may have a scenario where you want to schedule a number of
reports, but you want to run them after you have updated information in your
database. To do this, create a new custom event, and schedule the reports with that
event. When you update the data in the database and you need to run the reports,
return to the event in the CMC and trigger it manually. Crystal Enterprise then
runs the reports. For more information on event-based scheduling, see
“Scheduling an object with events” on page 234.
Note: You can trigger a custom event multiple times. For example, you might
schedule two sets of event-based program objects to run daily—one set runs in
the morning, and one set runs in the afternoon. When you first trigger the related
custom event in the morning, one set of programs is run; when you trigger the
event again in the afternoon, the remaining set of programs is run. If you neglect
to trigger the event in the morning and trigger it only in the afternoon, both sets of
programs run at that time.
To create a custom event
1 Go to the Events management area of the CMC.
2 Click New Event.
3 In the Type list, select Custom.
4 Type a name for the event in the Event Name field.
5 Complete the Description field.
6 Click OK.
Note: Before you trigger this custom event, schedule an object that is dependent
upon this event.
To trigger a custom event
1 Go to the Events management area of the CMC.
2 In the Event Name column, select a custom event by clicking its link.
3 Click Trigger this event.
A message appears: “This event has been triggered.”
266
Crystal Enterprise Administrator’s Guide
14: Managing Events
Specifying event rights
You can grant or deny users and groups access to events. Depending how you
organize your events, you may have specific events that you want to be available
only for certain employees or departments. For example, you may want certain
events to be triggered only by management or IT.
Users will only be able to see events they have the rights to see, so you can use
rights to hide events that aren’t applicable to a particular group. For example, by
granting only the ITadmin group access to IT-related events, those events won’t
appear for a user from the HRadmin group; this makes the event list easier for the
HRadmin group to navigate.
Follow this procedure to change the rights for an event. By default, events are
based on current security settings, inheriting rights from the users’ parent folders.
To grant access to an event
1 Go to the Events management area of the CMC.
2 Select the event you want to grant access to.
3 Click the Rights tab.
4 Click Add/Remove to add users or groups that you want to give access to the
event.
The Add/Remove page appears.
5 In the Select Operation list, select Add/Remove Groups, Add Users, or
Remove Users.
6 Select the user or group you want to grant access to the specified event.
7 If you have many users on your system, select the Add Users operation; then
use the “Look for” field to search for a particular account.
8 Click OK.
9 On the Rights tab, change the Access Level for each user or group, as required.
10 To choose specific rights, choose Advanced.
Note: For complete details on the predefined access levels and advanced
rights, see “Rights and Access Levels” on page 413.
11 Click Update.
Crystal Enterprise Administrator’s Guide
267
Specifying event rights
268
Crystal Enterprise Administrator’s Guide
Managing and Configuring Servers
15
This chapter provides information on a range of server
tasks that allow you to customize the behavior of Crystal
Enterprise. The chapter first covers straightforward tasks
like starting and stopping servers, and then proceeds to
more advanced configuration options, including CMS
clustering and other server-specific settings.
Crystal Enterprise Administrator’s Guide
269
Server management overview
Server management overview
This chapter provides information on a range of server tasks that allow you to
customize the behavior of Crystal Enterprise. It also includes information on the
server settings that you can alter to accommodate the needs of your organization.
The default values for these settings have been chosen to maximize the reliability,
predictability, and consistency of operation of a typical Crystal Enterprise
installation. The default settings guarantee the highest degree of data accuracy and
timeliness. For example, by default, data sharing between reports is disabled.
When running reports on demand, disabling data sharing means that every user
can always assume that they will receive the latest data.
If you prefer to place more emphasis on the efficiency, economy, and scalability of
Crystal Enterprise, you can tune server settings to set your own balance between
system reliability and performance. For example, enabling data sharing between
reports markedly increases system performance when user loads are heavy. To
take advantage of this feature while ensuring that every user receives data that
meets your criteria for timeliness, you can also specify how long data will be shared
between users.
Crystal Enterprise includes two key administrative tools that allow you to view and
to modify a variety of server settings. These two tools are the Crystal Management
Console and the Crystal Configuration Manager:
• Crystal Management Console (CMC)
The CMC is the web-based administration tool that allows you to view and to
modify server settings while Crystal Enterprise is running. For instance, you
will use the CMC when you need to change the status of a server, change server
settings, access server metrics, or create server groups. Because the CMC is a
web-based interface, you are able to configure your Crystal Enterprise servers
remotely over the Internet or through your corporate intranet.
• Crystal Configuration Manager (CCM)
The CCM is a program that allows you to view and to modify server settings
while Crystal Enterprise is offline. It also allows you to accomplish tasks that
require you to take Crystal Enterprise offline. For instance, you use the CCM to
stop the Web Component Server (WCS) or the Crystal Management Server
(CMS), to start Crystal Enterprise after you have stopped the system
completely, and to change the default server port numbers. This tool also allows
you to configure Crystal Enterprise remotely over your corporate network.
You can accomplish some configuration tasks with both tools, while other tasks must
be performed with a specific tool. This chapter takes a task-oriented approach to server
management by first explaining the server settings that are available to you, and then
by showing how to accomplish each task with whichever tool(s) are appropriate.
Related topics
• For an overview of the multi-tier architecture and the Crystal Enterprise server
components, see “Crystal Enterprise Architecture” on page 27.
270
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• For information about creating groups of servers, see “Server group overview”
on page 350.
• With the Crystal Enterprise Software Development Kit (SDK), you can now
access and modify server metrics and settings from your own web
applications. For more information, see the developer documentation available
on your product CD.
Viewing current metrics
The CMC allows you to view server metrics over the Web. These metrics include
general information about each machine, along with details that are specific to the
type of server. The CMC also allows you to view system metrics, which include
information about your product version, your CMS, and your current system activity.
Tip: For an example of how to use server metrics in your own web applications, see
the “View Server Summary” sample on the Crystal Enterprise Admin Launchpad.
Viewing current server metrics
The Servers management area of the CMC displays server metrics that provide
statistics and information about each Crystal Enterprise server. The general
information displayed for each server includes information about the machine that
the server is running on—its name, operating system, total hard disk space, free hard
disk space, total RAM, number of CPUs, and local time. The general information
also includes the time the server started and the version number of the server.
This example shows the metrics for an Event Server that is running on a machine
called Baracus.
Crystal Enterprise Administrator’s Guide
271
Viewing current metrics
For some servers, the Metrics tab includes additional server-specific information:
• Input and Output File Repository Servers
The Metrics tab of each File Repository Server lists the root directory of the files
that the server maintains, indicates the maximum idle time, and displays the
number of active files and active client connections. It also lists the total
available hard disk space, as well as the number of bytes sent and received.
Each File Repository Server also has an Active Files tab, which lists the
filename, the number of readers, and the number of writers for each active file.
• Web Component Server
The Metrics tab of the Web Component Server (WCS) includes statistical data
about the requests that it handles. It lists the total number of requests, the
current number of requests, the total number of bytes sent, the average bytes
per request, the total time taken, and the average time taken per request. This
information is useful in determining how efficiently the WCS is handling the
requests that are sent to it.
• Cache Server
The Metrics tab of the Cache Server displays the maximum number of
processing threads, the maximum cache size, the minutes before an idle job is
closed, the minutes between refreshes from the database, whether or not the
database is accessed whenever a viewer’s file (object) is refreshed, the location
of the cache files, the total threads running, the number of requests served, the
number of bytes transferred, the cache hit rate, the number of current
connections, and the number of requests that are queued.
The Metrics tab also provides a table that lists the Page Servers that the Cache
server has connections to, along with the number of connections made to each
Page Server.
• Event Server
The Metrics tab of the Event Server contains statistics on the files that the server
is monitoring. This tab includes a table showing the file name and the last time
the event occurred.
• Page Server
The Metrics tab of the Page Server contains information on how the server is
running. It lists the maximum number of simultaneous report jobs, the location of
temporary files, the number of minutes before an idle connection is closed, the
minutes before a report job is closed, the maximum number of database records
shown when previewing or refreshing a report, the oldest processed data given to
a client, whether a viewer refresh always hits the database, and the setting for the
Report Job Database Connection. It also shows the number of current connections,
the number of requests queued, the current number of processing threads
running, the total number of requests served, and the total bytes transferred.
• Report Application Server
The Metrics tab of the Report Application Server (RAS) shows the number of
reports that are open, and the number of reports that have been opened. It also
272
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
shows the number of open connections, along with the number of open
connections that have been created.
• Report Job Server
The Metrics tab of the Job Server lists the current number of jobs that are being
processed, the total number of requests received, the total number of failed job
creations, the processing mode, and the location of its temporary files.
• Program Job Server
The Metrics tab of the Program Job Server lists the current number of program
objects that are being processed, the total number of requests received, the total
number of failed program object creations, the processing mode, and the
location of its temporary files.
• Crystal Management Server
The Metrics tab of the CMS lists only the general information about the machine
it is running on. The Properties tab, however, shows a list of users who have
active sessions on the system. Click any user’s link to view the associated
account details.
To view server metrics
1 Go to the Servers management area of the CMC.
2 Click the link to the server whose metrics you want to view.
3 Click the Metrics tab.
Viewing system metrics
The Settings management area of the CMC displays system metrics that provide
general information about your Crystal Enterprise installation. The Properties tab
includes information about the product version and build. It also lists the data
source, database name, and database user name of the CMS database. The Metrics
tab lists current account activity, along with statistics about current and processed
jobs. The Cluster tab lists the name of the CMS you are connected to, the name of
the CMS cluster, and the names of other cluster members.
To view system metrics
1 Go to the Settings management area of the CMC.
2 View the contents of the Properties, Metrics, and Cluster tabs.
Related topics
• For more information about licenses and account activity, see “Licensing
overview” on page 408.
• For information about CMS clusters, see “Clustering Crystal Management
Servers” on page 284.
Crystal Enterprise Administrator’s Guide
273
Viewing and changing the current status of servers
Viewing and changing the current status of servers
The status of a server is its current state of operation: a server can be started,
stopped, enabled, or disabled. To respond to Crystal Enterprise requests, a server
must be started and enabled. A server that is disabled is still running as a process;
however, it is not accepting requests from the rest of Crystal Enterprise. A server
that is stopped is no longer running as a process. This section shows how to modify
the status of servers with the CMC and the CCM.
Starting, stopping, and restarting servers
Starting, stopping, and restarting servers are common actions that you perform
when you configure servers or take them offline for other reasons. The remainder
of this chapter tells you when a certain configuration change requires that you first
stop or restart the server. However, because these tasks appear frequently, the
concepts and differences are explained first, and the general procedures are
provided for reference.
Action
Description
Stopping a server
You must stop Crystal Enterprise servers before you can
modify certain properties and settings.
Starting a server
If you have stopped a server to configure it, you need to
start it to effect your changes and to have the server
resume processing requests.
Restarting a server
Restarting a server is a shortcut to stopping a server
completely and then starting it again. You can change
certain settings without stopping the server; however, the
changes typically do not take effect until your restart the
server.
For example, if you want to change the name of a CMS, or if you want to configure
the WCS to support NT Single Sign On, then you must first stop the server. Once
you have made your changes, you start the server again to effect your changes.
Tip: When you stop (or restart) a server, you terminate the server’s process,
thereby stopping the server completely. If you want to prevent a server from
receiving requests without actually stopping the server process, you can also
enable and disable servers. We recommend that you disable Report Job Servers
and Program Job Servers before stopping them so that they can finish processing
any jobs they have in progress before stopping. For details, see “Enabling and
disabling servers” on page 276.
274
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To start, stop, or restart servers over the Web
Note: You cannot stop the CMS or the WCS over the Web. You must use the CCM
instead. See “Stopping a Crystal Management Server” on page 276 for more
information.
1 Go to the Servers management area of the CMC.
A list of servers appears. The icon associated with each server identifies its
status:
• Running is indicated by a server with a green arrow.
• Stopped is indicated by a server with a red arrow.
• Disabled is indicated by a server with a red circle.
2 Select the check box for the server whose status you want to change.
3 Depending upon the action you need to perform, click Start, Stop, or Restart.
You may be prompted for network credentials that allow you to start and stop
services running on the remote machine.
4 Click Refresh to update the page.
To start, stop, or restart a Windows server with the CCM
1 Start the CCM.
2 Select the server that you want to start, stop, or restart.
3 On the toolbar, click the appropriate button.
Toolbar Icon
Action
Start the selected server.
Stop the selected server.
Restart the selected server.
You may be prompted for network credentials that allow you to start and stop
services running on the remote machine.
The CCM performs the action and refreshes the list of servers.
To start, stop, or restart a UNIX server with the CCM
Use the ccm.sh script. For reference, see “ccm.sh” on page 436.
Crystal Enterprise Administrator’s Guide
275
Viewing and changing the current status of servers
Stopping a Crystal Management Server
If your Crystal Enterprise installation has a single Crystal Management Server
(CMS), shutting it down will make Crystal Enterprise unavailable to your users
and will interrupt the processing of reports and programs. Before stopping your
CMS, you may wish to disable your processing servers so that they can finish any
jobs in progress before Crystal Enterprise shuts down. See “Enabling and disabling
servers” on page 276 for more information.
If you have a CMS cluster consisting of more than one active CMS, you can shut
down a single CMS without losing data or affecting system functionality. The
other CMS in the cluster will assume the workload of the stopped server. Using a
CMS cluster enables you to perform maintenance on each of your Crystal
Management Servers in turn without taking Crystal Enterprise out of service.
For more information on CMS clusters, see “Clustering Crystal Management
Servers” on page 284.
Enabling and disabling servers
When you disable a Crystal Enterprise server, you prevent it from receiving and
responding to new Crystal Enterprise requests, but you do not actually stop the
server process. This is especially useful when you want to allow a server to finish
processing all of its current requests before you stop it completely.
For example, you may want to stop a Report Job Server before rebooting the machine
it is running on. However, you want to allow the server to fulfill any outstanding
report requests that are in its queue. First, you disable the Report Job Server so it
cannot accept any additional requests. Next, go to the Crystal Management Console
to monitor when the server completes the jobs it has in progress. (From the Servers
management area, choose the server name and then the metrics tab). Then, once it
has finished processing current requests, you can safely stop the server.
Note: The CMS must be running in order for you to enable and/or disable other
servers.
To enable and disable servers over the Web
1 Go to the Servers management area of the CMC.
The icon associated with each server identifies its status. In this example, the
Event Server is disabled (but not stopped), and the remaining servers are
running and enabled.
276
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
2 Select the check box for the server whose status you want to change.
3 Depending upon the action you need to perform, click Enable or Disable.
To enable or disable a Windows server with the CCM
1 Start the CCM.
2 On the toolbar, click Enable/Disable.
3 When prompted, log on to your CMS with the credentials that provide you
with administrative privileges to Crystal Enterprise.
4 Click Connect.
The Enable/Disable Servers dialog box appears.
This dialog box lists all of the Crystal Enterprise servers that are registered with
your CMS, including servers running on remote machines. By default, servers
running on remote machines are displayed as MACHINE.servertype. So, in this
example, LCONNORS02.eventserver is an Event Server running on a remote
machine called LCONNORS02. The server named Input is the Input File Repository
Server running on the local machine. In this example, all of the listed servers are
currently enabled.
Crystal Enterprise Administrator’s Guide
277
Viewing and changing the current status of servers
5 To disable a server, clear the check box in the Server Name column.
This example disables all servers running on LCONNORS02.
6 Click OK to effect your changes and return to the CCM.
To enable or disable a UNIX server with the CCM
Use the ccm.sh script. For reference, see “ccm.sh” on page 436.
Printing, copying, and refreshing server status
When using the CCM on Windows, you can print and copy the properties of a
server, and refresh the list of servers.
To print the status of a server
1 Start the CCM.
2 Select the server(s).
3 Click Print.
The Print dialog box appears.
4 Click OK.
A brief listing of the server’s properties is printed, including the Display Name,
Version, Command Line, Status, and so on.
To copy the status of a server
To save the status of a server, you can copy the details from the CCM to a document
or to an email message (if you want to send the status information to someone else).
1 Start the CCM.
2 Select the server(s).
3 Click Copy.
4 Paste the information into a document for future reference.
278
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To refresh the list of servers
• To ensure you are looking at the latest information, click Refresh.
Note: Disabled servers may not appear in this list. Click Enable/Disable to view a
list of servers and ensure that each is enabled.
Configuring the application tier
This section includes technical information and procedures that show how you can
modify settings for the application tier. If you are already familiar with the Crystal
Enterprise architecture, you will recognize this graphic representation of the
application tier.
The majority of the settings discussed here allow you to integrate Crystal Enterprise
more effectively with your current hardware, software, and network configurations.
Consequently, the settings that you choose will depend largely upon your own
requirements.
Note: This section does not show how to configure your web server with the Web
Connector, nor does it show how to set up effective communication between the
Web Connector and the Web Component Server, or how to configure your Web
Application Server to deploy Crystal Enterprise applications. These tasks are
typically performed when you install Crystal Enterprise. For details, see the
Crystal Enterprise Installation Guide. For further troubleshooting, see “Working
with Firewalls” on page 367.
Configuring properties for the Web Component Server
Modifying logging behavior of the Web Component Server
The Properties tab of the Web Component Server (WCS) allows you to specify the
location of its log files and the types of information that it logs for each Crystal
Enterprise web request.
The web attributes that you can audit include: Date, Time, IP address and port,
Duration, Bytes transferred, Used cache, Method, URI, URI-stem, URI-query, and
Status. There are no performance penalties for logging this information. It is
recommended that you leave logging enabled.
Crystal Enterprise Administrator’s Guide
279
Configuring the application tier
To change the logging behavior of the WCS
1 Go to the Servers management area of the CMC.
2 Click the link to the WCS whose settings you want to change.
3 Make your changes on the Properties tab.
This example shows the Logging area of the Properties tab. Here, the log files
are saved to the default file location for a WCS that is running on Windows.
4 Click either Apply or Update:
• Click Apply to submit changes and restart the server so that the changes
take effect immediately.
• Click Update to save the changes. You must restart the server for the
changes to take effect.
Modifying report viewing and viewer options
The Properties tab of the WCS allows you to modify report viewing settings that
affect users who view reports with the legacy DHTML, ActiveX, and Java viewers.
You can change the default directory where the WCS stores its temporary image
files. And you can customize the “look and feel“ of the different viewer controls to
suit users’ preferences or to suit your administrative requirements.
Note: Changing options here affects only the properties of legacy DHTML viewers
(that is, viewers shipped with previous versions of Crystal Enterprise). To change
these options for a DHTML viewer shipped with Crystal Enterprise 10, you must
change the CSP pages that invoke the viewers. See the developer documentation
for details.
Tip: On Windows, you can also change some of these settings in the CCM. Stop the
WCS and view its Properties. Then click the Configuration tab.
280
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
This table lists the properties that you can change for each of the viewer controls.
Viewer Property
DHTML Viewer ActiveX Viewer Java Viewer
Drilldown for more detail
Supported
Supported
Supported
Hide the Group Tree
(if it is displayed)
Supported
Supported
Supported
Group Tree
Supported
Supported
Supported
Refresh Report data
Not Supported
Supported
Supported
Search the Report
Not Supported
Supported
Supported
Export the Report
Not Supported
Supported
Supported
Zoom
Not Supported
Supported
Supported
Print the Report
Not Supported
Supported
Supported
Product logo (if applicable)
Not Supported
Supported
Supported
To modify report viewing and viewer settings
1 Go to the Servers management area of the CMC.
2 Click the link to the WCS whose settings you want to change.
3 Make your changes on the Properties tab.
This example shows the Report Viewing area of the Properties tab. Here, the
WCS is using the default values.
4 Click either Apply or Update:
• Click Apply to submit changes and restart the server so that the changes
take effect immediately.
• Click Update to save the changes. You must restart the server for the
changes to take effect.
Crystal Enterprise Administrator’s Guide
281
Configuring the application tier
Enabling Single Sign On
On the Properties tab, use the Single Sign On check boxes only when you are
running more than one WCS. (If you are running a single WCS, use the CCM
instead.) This feature requires your web server to support Integrated Windows
Authentication. For more information on Single Sign On, see “Setting up NT Single
Sign On” on page 83 or “Using AD Single Sign On” on page 102.
Configuring the Web Component Adapter
In Crystal Enterprise installations that use the Crystal Enterprise Java SDK, the
Web Component Server is replaced by a Web Component Adapter (WCA) running
on a Java application server. (These Crystal Enterprise installations include all
UNIX installations, and any installation of Crystal Enterprise on Windows that has
been configured to use the Java version of the Crystal Enterprise web desktop, as
per the instructions in Crystal Enterprise Installation Guide. The WCA provides
support for the Crystal Management Console and CSP applications. The Web
Component Adapter is a Java web application; it does not appear as a server in the
Crystal Management Console or in the Crystal Configuration Manager.
If you need to configure any of the parameters formerly controlled through the
WCS, you can do so by editing the web.xml deployment descriptor file associated
with the WCA.
To configure web.xml
The web.xml file used by the WCA is in the WEB-INF subdirectory of the
webcompadapter.war archive file stored in the crystal_root/enterprise/JavaSDK/
applications directory on UNIX, or C:\Program Files\Common Files\Crystal
Decisions\2.5\jars\JavaSDK\applications on Windows.
Each of the options displayed in the CMC or the CCM for the WCS appears as a
context parameter in web.xml. For example, the context parameter that controls
whether a group tree will be generated looks like this:
<context-param>
<param-name>viewrpt.groupTreeGenerate</param-name>
<param-value>true</param-value>
<desctiption>”true” or “false” value determining whether a group tree
will be generated.</description>
</context-param>
To change the value of a context parameter, edit the value between the <paramvalue> </param-value> tags.
Your Java Web Application Server may provide tools to allow you to edit web.xml
directly from an administrative console. Otherwise you need to stop your
application server and extract the web.xml file from the webcompadapter.war archive
before editing it using a text editor such as Notepad or vi. Once you have made
282
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
your changes to web.xml, you must reinsert the file into the WEB-INF directory in
webcompadapter.war, and restart your application server.
Tip: To reinsert web.xml into WEB-INF using WinZip, right-click on the WEB-INF
directory that contains your edited web.xml file and select “Add to Zip File...”.
Adding the file in this way ensures that it is placed in the correct directory inside
the archive.
When you install more than one WCA, each webcomponentadapter.war file contains
its own web.xml file containing configuration parameters for that WCA. However,
you can only set the parameters listed in the following table individually for each
WCA. The remaining parameters must be the same for all WCA in your system.
Context Parameter
Description
display-name
Equivalent to WCA name, or friendly name
of WCS
cspApplication.defaultPage
The default page that will be loaded if no
filename is specified in a particular request.
cspApplication.dir
This is the real path to the directory
containing the CSP/WAS application(s) that
you would like to host. This is a required
field.
connection.cms
This is the name (or name and port number)
of the CMS that you would like your
application(s) to connect to. This is
equivalent to setting -requestport for the
WCS.
connection.listeningPort
This field defaults to the port that the WCA
related servlets are running on. This setting
is equivalent to configuring the WCS to listen
on a port for the web connector, using -port.
log.file
Filename of the logfile including full real
path to file, excluding extension. Defaults to
WCA with no path
log.ext
File extension of logfile, defaults to .log
log.isRolling
Determines whether or not the logs will be
rotated, defaults to true.
log.size
If log rolling is turned on, this will govern
the max size before logfile is rotated.
Accepted suffix: MB, KB and GB.
log.level
The default loglevel is “error.”
log.entryPattern
Please refer to log4j documentation for
accepted log entry patterns.
Crystal Enterprise Administrator’s Guide
283
Configuring the intelligence tier
Configuring the intelligence tier
This section includes technical information and procedures that show how you can
modify settings for the Crystal Enterprise servers that make up the intelligence
tier. If you are already familiar with the Crystal Enterprise architecture, you will
recognize this graphic representation of the intelligence tier.
The majority of the settings discussed here allow you to integrate Crystal
Enterprise more effectively with your current hardware, software, and network
configurations. Consequently, the settings that you choose will depend largely
upon your own requirements.
Clustering Crystal Management Servers
If you have a large or mission-critical implementation of Crystal Enterprise, you
will probably want to run several CMS machines together in a CMS cluster. A CMS
cluster consists of two or more CMS servers working together to maintain the
system database. If a machine that is running one CMS fails, a machine with
another CMS will continue to service Crystal Enterprise requests. This “failover”
support helps to ensure that Crystal Enterprise users can still access information
when there is equipment failure.
This section shows how to add a new CMS cluster member to a production system
that is already up and running. When you add a new CMS to an existing cluster,
you instruct the new CMS to connect to the existing CMS database and to share the
processing workload with any existing CMS machines. For information about your
current CMS and CMS cluster, go to the Settings management area of the CMC and
click the Cluster tab.
Before clustering CMS machines, you must make sure that each CMS is installed
on a system that meets the detailed requirements (including version levels and
patch levels) for operating system, database server, database access method,
database driver, and database client outlined in the platforms.txt file included in
your product distribution.
In addition, you must meet the following clustering requirements:
• For best performance, the database server that you choose to host the system
database must be able to process small queries very quickly. The CMS
communicates frequently with the system database and sends it many small
queries. If the database server is unable to process these requests in a timely
manner, Crystal Enterprise performance will be greatly affected.
284
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• For best performance, run each CMS cluster member on a machine that has the
same amount of memory and the same type of CPU.
• Configure each machine similarly:
• Install the same operating system, including the same version of operating
system service packs and patches.
• Install the same version of Crystal Enterprise (including patches, if applicable).
• Ensure that each CMS connects to the CMS database in the same manner:
whether you use native or ODBC drivers, ensure that the drivers are the
same on each machine, and are a supported version.
• Ensure that each CMS uses the same database client to connect to its system
database, and that it is a supported version.
• Check that each CMS uses the same database user account and password to
connect to the CMS database. This account must have create, delete, and
update rights on the system database.
• Run each CMS service/daemon under the same account. (On Windows, the
default is the “LocalSystem” account.)
• Verify that the current date and time are set correctly on each CMS machine
(including settings for daylight savings time).
• Ensure that each and every CMS in a cluster is on the same Local Area
Network.
• If you wish to enable auditing, each CMS must be configured to use the same
auditing database and to connect to it in the same manner. The requirements
for the auditing database are the same as those for the system database in
terms of database servers, clients, access methods, drivers, and user IDs.
Tip: By default, a CMS cluster name reflects the name of the first CMS that you
install, but the cluster name is prefixed by the @ symbol. For instance, if your
existing CMS is called CRYSTALCMS, then the default cluster name is @CRYSTALCMS. To
modify the default name, see “Changing the name of a CMS cluster” on page 288.
There are two ways to add a new CMS cluster member. Follow the appropriate
procedure, depending upon whether or not you have already installed a second CMS:
• “Installing a new CMS and adding it to a cluster” on page 286
See this section if you have not already installed the new CMS on its own
machine.
• “Adding an installed CMS to a cluster” on page 286
Follow this procedure if you have already installed a second, independent CMS
on its own machine. While testing various server configurations, for instance,
you might have set up an independent Crystal Enterprise system with its own
CMS. Follow this procedure when you want to incorporate this independent
CMS into your production system.
Note: Back up your current CMS database before making any changes. If necessary,
contact your database administrator.
Crystal Enterprise Administrator’s Guide
285
Configuring the intelligence tier
Installing a new CMS and adding it to a cluster
When you install a new CMS, you can quickly cluster it with your existing CMS.
Run the Crystal Enterprise installation and setup program on the machine where
you want to install the new CMS cluster member. The setup program allows you
to perform an Expand installation. During the Expand installation, you specify the
existing CMS whose system you want to expand, and you select the components
that want to install on the local machine. In this case, specify the name of the CMS
that is running your existing system, and choose to install a new CMS on the local
machine. Then provide the Setup program with the information it needs to connect
to your existing CMS database. When the Setup program installs the new CMS on
the local machine, it automatically adds the server to your existing CMS cluster.
For complete information on running the Setup program and performing the
Expand installation, see the Crystal Enterprise Installation Guide.
Adding an installed CMS to a cluster
In these steps, the independent CMS refers to the one that you want to add to a
cluster. You will add the independent CMS to your production CMS cluster. By
adding an independent CMS to a cluster, you disconnect the independent CMS
from its own database and instruct it to share the system database that belongs to
your production CMS.
Before starting this procedure, ensure that you have a database user account with
Create, Delete, and Update rights to the database storing the Crystal Enterprise
tables. Ensure also that you can connect to the database from the machine that is
running the independent CMS (through your database client software or through
ODBC, according to your configuration). Also ensure that the CMS you are adding
to the cluster meets the requirements outlined in
Note: Back up your current CMS database before beginning this procedure. If
necessary, contact your database administrator.
To add an installed CMS to a cluster on Windows
1 Use the CCM to stop the independent Crystal Management Server.
2 With the CMS selected, click Specify CMS Data Source on the toolbar.
286
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
The CMS Database Setup dialog box appears.
3 Click Select a Data Source; then click OK.
4 In the Select Database Driver dialog box, specify whether you want to connect
to the production CMS database through ODBC, or through one of the native
drivers.
5 Click OK.
6 The remaining steps depend upon the connection type you selected:
• If you selected ODBC, the Windows “Select Data Source” dialog box
appears. Select the ODBC data source that corresponds to your production
CMS database; then click OK. If prompted, provide your database
credentials and click OK. The CCM connects to the database server and
adds the new CMS to the cluster.
• If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Once you provide this information,
the CCM connects to the database server and adds the new CMS to the cluster.
The SvcMgr dialog box notifies you when the CMS database setup is complete.
7 Click OK.
8 Start the Crystal Management Server.
To add an installed CMS to a cluster on UNIX
Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 438.
Crystal Enterprise Administrator’s Guide
287
Configuring the intelligence tier
Changing the name of a CMS cluster
By default, a CMS cluster name reflects the name of the first CMS that you install,
but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS
is called CRYSTALCMS, then the default cluster name is @CRYSTALCMS.
This procedure allows you to change the name of a cluster that is already installed
and running. To change the cluster name, you need only stop one of the CMS
cluster members. The remaining CMS cluster members are dynamically notified of
the change.
For optimal performance, after changing the name of the CMS cluster reconfigure
each Crystal Enterprise server so that it registers with the CMS cluster, rather than
with an individual CMS.
To change the cluster name on Windows
1 Use the CCM to stop any Crystal Management Server that is a member of the
cluster.
2 With the CMS selected, click Properties on the toolbar.
3 Click the Configuration tab.
4 Select the Change Cluster Name to check box.
5 Type the new name for the cluster.
6 Click OK and then start the Crystal Management Server.
The CMS cluster name is now changed. All other CMS cluster members are
dynamically notified of the new cluster name (although it may take several
minutes for your changes to propagate across cluster members).
7 Go to the Servers management area of the CMC and check that all of your
servers remain enabled. If necessary, enable any servers that have been
disabled by your changes.
To change the cluster name on UNIX
Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 438.
To register servers with the CMS cluster on Windows
1 Use the CCM to stop a Crystal Enterprise server.
2 Select the server from the list, and then click Properties.
3 Click the Configuration tab.
4 In the CMS Name box, type the name of the cluster.
The name of the cluster begins with the @ symbol. For example, if the cluster
name was changed to ENTERPRISE, type @ENTERPRISE in the box.
5 Click OK, and then start the server. Repeat for each Crystal Enterprise server
in your installation.
288
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To registers servers with the CMS cluster on UNIX
1 Use ccm.sh to stop each server.
2 Use a text editor such as vi to open the ccm.config file found in the root
directory of your Crystal Enterprise installation.
3 Find the -ns command in the launch string for each server, and change the
name of the CMS to the name of the CMS cluster.
The name of the cluster begins with the @ symbol. For example, if the cluster
name was changed to ENTERPRISE, type @ENTERPRISE. Do not include a port
number with the cluster name.
4 Save the file, and then use ccm.sh to restart the servers.
Copying CMS data from one database to another
Crystal Enterprise enables you to copy the contents of one CMS database into
another database. This procedure is also referred to as migrating a CMS database.
You can migrate CMS data from a different CMS database (versions 8.0 through 10
of Crystal Enterprise) into your current CMS database. Or, you can migrate the
data from your current CMS database into a different data source.
Throughout this section, the source CMS database refers to the database that holds
the data you are copying; this data is copied into the destination database. The
destination database is initialized before the new data is copied in, so any existing
contents of the destination database are permanently deleted (all Crystal Enterprise
tables are destroyed permanently and then recreated). Once the data has been
copied, the destination database is established as the current database for the CMS.
Note: Prior to Crystal Enterprise 10, the CMS was known as the Automated
Process Scheduler (APS).
Tip: If you want to import users, groups, folders, and reports from one system to
another, without deleting the contents of the current CMS database, see
“Importing with the Crystal Import Wizard” on page 135.
Preparing to migrate a CMS database
Before migrating a CMS database, take the source and the destination environments
offline by disabling and subsequently stopping all servers. Back up both CMS
databases, and back up the root directories used by all Input and Output File
Repository Servers. If necessary, contact your database or network administrator.
Ensure that you have a database user account that has permission to read all data
in the source database, and a database user account that has Create, Delete, and
Update rights to the destination database. Ensure also that you can connect to both
databases—through your database client software or through ODBC, according to
your configuration—from the CMS machine whose database you are replacing.
Crystal Enterprise Administrator’s Guide
289
Configuring the intelligence tier
Make a note of the license keys you purchased for the current version of Crystal
Enterprise. During migration, license keys that are present in the destination
database are retained only if the source database contains no license keys that are
valid for the current version of Crystal Enterprise. License keys in the destination
database are replaced with license keys from the source database when the source
license keys are valid for the current version of Crystal Enterprise. License keys
from earlier versions of Crystal Enterprise are not copied.
If you are copying CMS data from a different CMS database (version 8.0, 8.5, 9, or
10) of Crystal Enterprise) into your current CMS database, your current CMS
database is the destination database whose tables are deleted before they are
replaced with the copied data. In this scenario, make note of the current root
directories used by the Input and Output File Repository Servers in the source
environment. The database migration does not actually move report files from one
directory location to another. After you migrate the database, you will connect
your new Input and Output File Repository Servers to the old root directories, thus
making the report files available for the new system to process. Log on with an
administrative account to the CMS machine whose database you want to replace.
Complete the procedure that corresponds to the version of the source environment:
• “Copying data from a CMS on Windows” on page 291
• “Copying data from a Crystal Enterprise 8 APS on Windows” on page 292
If you are copying a CMS database from its current location to a different database
server, your current CMS database is the source environment. Its contents are
copied to the destination database, which is then established as the active database
for the current CMS. This is the procedure to follow if you want to move the default
CMS database on Windows from the local Microsoft Data Engine (MSDE) to a
dedicated database server, such as Microsoft SQL Server, Informix, Oracle, DB2, or
Sybase. Log on with an administrative account to the machine that is running the
CMS whose database you want to move. Complete the following procedure:
• “Copying data from a CMS on Windows” on page 291
• “Copying data from a CMS installed on UNIX” on page 293
Note:
• When you migrate a CMS database from an earlier version of Crystal
Enterprise, the database and database schema are upgraded to the format
required by the current version of Crystal Enterprise.
• When you copy data from one database to another, the destination database is
initialized before the new data is copied in. That is, if your destination
database does not contain the four Crystal Enterprise 10 system tables, these
tables are created. If the destination database does contain Crystal Enterprise
10 system tables, the tables will be permanently deleted, new system tables
will be created, and data from the source database will be copied into the new
tables. Other tables in the database, including previous versions of Crystal
Enterprise system tables, are unaffected.
290
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
Copying data from a CMS on Windows
Use this procedure if your CMS is installed on Windows and you are copying data
from Crystal Enterprise versions 8.5, 9, or 10. If you are copying data from version
8 of Crystal Enterprise, please see “Copying data from a Crystal Enterprise 8 APS
on Windows” on page 292.
1 Use the CCM to stop the Crystal Management Server.
2 With the CMS selected, click Specify CMS Data Source on the toolbar.
3 Click Copy data from another Data Source; then click OK.
The Specify Data Source dialog box appears.
4 In the “Source contains data from version” list, click Autodetect (or explicitly
select the version of the source CMS database).
You must now specify the source CMS database whose contents you want to copy.
5 Click Specify.
6 In the Select Database Driver dialog box, specify whether you want to connect
to the source CMS database through ODBC, Informix, or through one of the
native drivers.
7 Click OK.
8 The next steps depend upon the connection type you selected:
• If you selected ODBC or Informix, the Windows “Select Data Source”
dialog box appears. Select the data source that corresponds to the source
CMS database; then click OK. If prompted, provide your database
credentials and click OK.
• If you selected a native driver, provide your database Server Name, your
Login ID, and your Password; then click OK.
You are returned to the Specify Data Source dialog box. You must now specify
the destination CMS database whose contents you want to replace with the
copied data.
Crystal Enterprise Administrator’s Guide
291
Configuring the intelligence tier
Tip: If the correct destination database already appears in the “Copy to the
following data source” field, proceed to step 13.
9 Click Browse.
10 In the Select Database Driver dialog box, specify whether you want to connect
to the destination CMS database through ODBC, or through one of the native
drivers.
11 Click OK.
12 The next steps depend upon the connection type you selected:
• If you selected ODBC, the Windows “Select Data Source” dialog box
appears. Select the ODBC data source that corresponds to the destination
CMS database; then click OK. If prompted, provide your database
credentials and click OK.
• If you selected a native driver, provide your database Server Name, your
Login ID, and your Password; then click OK.
You are returned to the Specify Data Source dialog box. You are now ready to
copy the CMS data.
13 Click OK and, when prompted to confirm, click Yes.
The SvcMgr dialog box notifies you when the CMS database setup is complete.
14 Click OK.
15 Proceed to “Completing a CMS database migration” on page 294.
Copying data from a Crystal Enterprise 8 APS on Windows
Note: Prior to Crystal Enterprise 10, the CMS was known as the Automated
Process Scheduler (APS).
Use this procedure if your CMS is installed on Windows, and you are copying data
from a Crystal Enterprise 8 APS system database.
1 Use the CCM to stop the Crystal Management Server.
2 With the CMS selected, click Specify CMS Data Source on the toolbar.
3 Click Copy data from another Data Source; then click OK.
The Specify Data Source dialog box appears.
4 In the “Source contains data from version” list, click Crystal Enterprise 8.0.
You must now specify the source CMS database whose contents you want to copy.
5 Click Specify.
6 In the “Browse data” dialog box, click one of the following:
• CMS machine name
Click this option if you have administrative rights to the Crystal Enterprise 8
CMS machine. Your administrative rights allow the CCM to read the data
292
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
source information from the Windows Registry on the CMS machine. Click
OK and use the Browse for Computer dialog box to specify the CMS machine.
• CMS ODBC data source
Click this option if you do not have administrative rights to the Crystal
Enterprise 8 CMS machine. Use the Windows “Select Data Source” dialog
box to select (or create) an ODBC data source that provides the local
machine with access to the Crystal Enterprise 8 CMS database. If prompted,
provide your database credentials and click OK.
You are returned to the Specify Data Source dialog box. You must now specify
the destination CMS database whose contents you want to replace with the
copied data.
Tip: If the correct destination database already appears in the “Copy to the
following data source” field, proceed to step 11.
7 Click Browse.
8 In the Select Database Driver dialog box, specify whether you want to connect
to the destination CMS database through ODBC, or through one of the native
drivers.
9 Click OK.
10 The next steps depend upon the connection type you selected:
• If you selected ODBC, the Windows “Select Data Source” dialog box
appears. Select the ODBC data source that corresponds to the destination
CMS database; then click OK. If prompted, provide your database
credentials and click OK.
• If you selected a native driver, provide your database Server Name, your
Login ID, and your Password; then click OK.
You are returned to the Specify Data Source dialog box. You are now ready to
copy the CMS data.
11 Click OK and, when prompted to confirm, click Yes.
The SvcMgr dialog box notifies you when the CMS database setup is complete.
Note: Migration of a large source database could take several hours.
12 Click OK.
13 Proceed to “Completing a CMS database migration” on page 294.
Copying data from a CMS installed on UNIX
Note: Prior to Crystal Enterprise 10, the CMS was known as the Automated
Process Scheduler (APS).
Use this procedure if your CMS is installed on UNIX and you are copying data
from Crystal Enterprise versions 8.5, 9, or 10.
Then proceed to “Completing a CMS database migration” on page 294.
Crystal Enterprise Administrator’s Guide
293
Configuring the intelligence tier
Note:
• On UNIX you can not migrate directly from a source environment that uses an
ODBC connection to the CMS database. If your source CMS database uses
ODBC, you must first migrate that system to a supported native driver. (See
“Copying data from a CMS on Windows” on page 291.)
• If your CMS is installed on UNIX, you cannot migrate directly from a Crystal
Enterprise version 8 APS.
To copy data from a CMS installed on UNIX
1 Use ccm.sh to stop the Crystal Management Server. (See “ccm.sh” on page 436
for details.)
2 Run cmsdbsetup.sh. When prompted, enter the name of your CMS or press
enter to select the default name.
Tip: For information on finding the name of your CMS, see “ccm.sh” on
page 436.
3 Type copy to begin the database migration.
4 The script prompts you to confirm that all data in the destination database will
deleted. Type yes, and then press enter to proceed.
5 Next the script asks you for the version of your source Crystal Enterprise
installation. You can also select autodetect to have the version of the source
detected automatically. Press Enter.
6 Now the script asks you if you want to use the current CMS database as your
destination.
If you type no, you are first asked for information about the new destination
database, and are then prompted for information on the source database. If you
type yes, you are prompted for information about the source CMS database.
7 After entering the source information, the script will begin the migration process.
Note: Migration of a large source database could take several hours.
8 The script notifies you when migration is complete.
If errors occurred during the migration, the script gives you the location of a log
file explaining the migration results.
9 Proceed to “Completing a CMS database migration” on page 320.
Completing a CMS database migration
When you finish copying data from the source database to the destination
database, complete these steps before allowing users to access the system.
When migrating from an older version of Crystal Enterprise, servers that existed
in the source installation do not appear in the migrated install. This occurs because
there cannot be a mix of old and new servers in a Crystal Enterprise installation.
294
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
Server groups from the old installation appear in the new system, but they will be
empty. New servers are automatically detected and added to the servers list
(outside of any group) in a disabled state. You must enable these servers before they
can be used. You may add the new servers to the imported groups as appropriate.
Reports that depend on a particular server group for scheduled processing will not
execute until a job server is added to that group. Reports that depend on a particular
server group for processing are not available until servers are added to that group.
To complete a CMS database migration on Windows
1 If errors occurred during migration, a db_migration log file was created in the
logging directory on the machine where you ran the CCM to carry out the
migration. The CCM will notify you if you need to check the log file.
The default logging directory is:
C:\Program Files\Crystal Decisions\Enterprise10\Logging\
2 If you migrated CMS data from a different CMS database into your current CMS
database, you need to make your old input and output directories available to the
new Input and Output File Repository Servers. You can do this in several ways:
• Copy the contents of the original input root directory into the root directory
that the new Input File Repository Server is already configured to use. Then
copy the contents of the original output directory into the root directory
that the new Output File Repository is already configured to use.
• Reconfigure the new Input and Output File Repository Servers to use the
old input and output root directories.
• If the old Input and Output File Repository Servers are running on a
dedicated machine, you can run the Crystal Enterprise setup program to
upgrade the servers directly. Then you need not move the input and output
directories. Instead, modify the -ns option in both servers’ command lines
to have them register with your new CMS. (Consult “Server Command
Lines” on page 425 for information on command line options.)
For more information, see “Setting root directories and idle times of the File
Repository Servers” on page 300.
3 Use the Crystal Configuration Manager (CCM) to start the CMS on the local
machine.
4 Start and enable the WCS, and check that your web server is running.
5 Log on to the Crystal Management Console with the default Administrator
account, using Enterprise authentication.
Tip: If you just replaced your CMS database with data from an older system,
keep in mind that you now need to provide the Administrator password that
was valid in the older system.
6 Go to the Authorization management area and check that your Crystal
Enterprise license keys are entered correctly.
Crystal Enterprise Administrator’s Guide
295
Configuring the intelligence tier
7 In the CCM, start and enable the Input File Repository Server and the Output
File Repository Server.
8 Go to the Servers management area of the Crystal Management Console and
verify that the Input File Repository Server and the Output File Repository
Server are both started and enabled.
9 Click the link to each File Repository Server and, on the Properties tab, check
that the Root Directory points to the correct location.
10 Return to the Crystal Configuration Manager.
11 If objects in your source database require updating, the Update Objects button
on the toolbar contains a flashing red exclamation mark. Click Update
Objects.
12 When prompted, log on to your CMS with credentials that provide you with
administrative privileges to Crystal Enterprise.
The Update Objects dialog box tells you how many objects require updating.
Objects typically require updating because their internal representation has
changed in the new version of Crystal Enterprise, or because the objects require
new properties to support the additional features offered by Crystal Enterprise
10. Because your Crystal Management Server was stopped when the migration
occurred, you need to update the objects now.
13 If there are objects that require updating, click Update, otherwise click Cancel.
14 Start and enable the remaining Crystal Enterprise servers.
15 Verify that Crystal Enterprise requests are handled correctly, and check that
you can view and schedule reports successfully.
To complete a CMS database migration on UNIX
1 If errors occurred during migration, a db_migration log file was created in the
logging directory on the machine where you ran cmsdbsetup.sh to carry out the
migration. The script will notify you if you need to check the log file.
The default logging directory is:
crystal_root/logging
where crystal_root is the absolute path to the root crystal directory of your
Crystal Enterprise installation.
2 If you migrated CMS data from a different CMS database into your current CMS
database, you need to make your old input and output directories available to the
new Input and Output File Repository Servers. You can do this in several ways:
• Copy the contents of the original input root directory into the root directory
that the new Input File Repository Server is already configured to use. Then
copy the contents of the original output directory into the root directory
that the new Output File Repository is already configured to use.
296
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• Reconfigure the new Input and Output File Repository Servers to use the
old input and output root directories.
• If the old Input and Output File Repository Servers are running on a
dedicated machine, you can run the Crystal Enterprise setup program to
upgrade the servers directly. Then you need not move the input and output
directories. Instead, modify the -ns option in both servers’ command lines
to have them register with your new CMS. (Consult “Server Command
Lines” on page 425 for information on command line options.)
For more information, see “Setting root directories and idle times of the File
Repository Servers” on page 300.
3 Use the ccm.sh script to start the CMS on the local machine. (See “ccm.sh” on
page 436 for instructions.)
4 Ensure that the Java web application server that hosts your Web Component
Adapter is running.
5 Log on to the Crystal Management Console with the default Administrator
account, using Enterprise authentication.
Tip: If you just replaced your CMS database with data from an older system,
keep in mind that you now need to provide the Administrator password that
was valid in the older system.
6 Go to the Authorization management area and check that your Crystal
Enterprise license keys are entered correctly.
7 Use the ccm.sh script to start and enable the Input File Repository Server and
the Output File Repository Server.
8 Go to the Servers management area of the Crystal Management Console and
verify that the Input File Repository Server and the Output File Repository
Server is started and enabled.
9 Click the link to each File Repository Server and, on the Properties tab, check
that the Root Directory points to the correct location.
10 Run the ccm.sh script again. If you migrated a source database from an earlier
version of Crystal Enterprise, enter the following command:
./ccm.sh -updateobjects authentication info
See “UNIX Tools” on page 435 for information on the authentication
information required by ccm.sh.
Objects typically require updating because their internal representation has
changed in the new version of Crystal Enterprise, or because the objects require
new properties to support the additional features offered by Crystal Enterprise 10.
11 Use ccm.sh to start and enable the remaining Crystal Enterprise servers.
12 Verify that Crystal Enterprise requests are handled correctly, and check that
you can view and schedule reports successfully.
Crystal Enterprise Administrator’s Guide
297
Configuring the intelligence tier
Deleting and recreating the CMS database
This procedure shows how to recreate (re-initialize) the current CMS database. By
performing this task, you destroy all data that is already present in the database.
This procedure is useful, for instance, if you have installed Crystal Enterprise in a
development environment for designing and testing your own, custom web
applications. You can re-initialize the CMS database in your development
environment every time you need to clear the system of absolutely all its data.
When you recreate the CMS database with the CCM, your existing license keys
should be retained in the database. However, if you need to enter license keys
again, log on to the CMC with the default Administrator account (which will have
been reset to have no password). Go to the Authorization management area and
enter your information on the License Keys tab.
Note: Remember that all data in your current CMS database will be destroyed if
you follow this procedure. Consider backing up your current CMS database
before beginning. If necessary, contact your database administrator.
To recreate the CMS database on Windows
1 Use the CCM to stop the Crystal Management Server.
2 With the CMS selected, click Specify CMS Data Source on the toolbar.
3 In the CMS Database Setup dialog box, click Recreate the current Data Source.
4 Click OK and, when prompted to confirm, click Yes.
The SvcMgr dialog box notifies you when the CMS database setup is complete.
5 Click OK.
You are returned to the CCM.
6 Start the Crystal Management Server.
While it is starting, the CMS writes required system data to the newly emptied
data source. You may need to click the Refresh button in the CCM to see that
the CMS has successfully started.
To recreate the CMS database on UNIX
Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 438.
Selecting a new or existing CMS database
Follow this procedure if you want to disconnect a CMS from its current database
and connect it to an alternate database. When you complete these steps, none of the
data in the current database is copied into the alternate database. If the alternate
database is empty, the CCM initializes it by writing system data that is required by
Crystal Enterprise. If the alternate database already contains Crystal Enterprise
system data, the CMS uses that data when it starts.
298
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
Generally, there are only a few times when you need to complete these steps:
• If you have changed the password for the current CMS database, these steps
allow you to disconnect from, and then reconnect to, the current database.
When prompted, you can provide the CMS with the new password.
• If you want to select and initialize an empty database for Crystal Enterprise,
these steps allow you to select that new data source.
• If you have restored a CMS database from backup (using your standard
database administration tools and procedures) in a way that renders the
original database connection invalid, you will need to reconnect the CMS to
the restored database. (This might occur, for instance, if you restored the
original CMS database to a newly installed database server.)
Note: These steps are essentially the same as adding a CMS to an existing cluster;
in this case, however, there are no other CMS machines already maintaining the
database. For complete details about CMS clusters, see “Clustering Crystal
Management Servers” on page 284.
To select a new or existing database for a CMS on Windows
1 Use the CCM to stop the Crystal Management Server.
2 With the CMS selected, click Specify CMS Data Source on the toolbar.
The CMS Database Setup dialog box appears.
3 Click Select a Data Source; then click OK.
4 In the Select Database Driver dialog box, specify whether you want to connect
to the new database through ODBC, or through one of the native drivers.
5 Click OK.
6 The remaining steps depend upon the connection type you selected:
Crystal Enterprise Administrator’s Guide
299
Configuring the intelligence tier
• If you selected ODBC, the Windows “Select Data Source” dialog box appears.
Select the ODBC data source that you want to use as the CMS database; then
click OK. (Click New to configure a new DSN.) When prompted, provide
your database credentials and click OK.
• If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Provide this information and
then click OK.
The SvcMgr dialog box notifies you when the CMS database setup is complete.
7 Click OK.
8 Start the Crystal Management Server.
To select a new or existing database for a CMS on UNIX
Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 438.
Setting root directories and idle times of the File Repository
Servers
The Properties tabs of the Input and Output File Repository Servers enable you to
change the locations of the default root directories. These root directories contain
all of the report objects and instances on the system. You may change these settings
if you want to use different directories after installing Crystal Enterprise, or if you
upgrade to a different drive (thus rendering the old directory paths invalid).
Note:
• The Input and Output File Repository Servers must not share the same root
directory, because modifications to the files and subdirectories belonging to
one server could have adverse effects on the other server. In other words, if the
Input and Output File Repository Servers share the same root directory, then
one server might damage files belonging to the other.
• If you run multiple File Repository Servers, all Input File Repository Servers
must share the same root directory, and all Output File Repository Servers
must share the same root directory (otherwise there is a risk of having
inconsistent instances).
• It is recommended that you replicate the root directories using a RAID array or
an alternative hardware solution.
• The root directory should be on a drive that is local to the server.
You can also set the maximum idle time of each File Repository Server. This setting
limits the length of time that the server waits before it closes inactive connections.
Before you change this setting, it is important to understand that setting a value too
low can cause a user's request to be closed prematurely. Setting a value that is too
high can result the uneasier consumption of system resources such as processing
time and disk space.
300
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To modify settings for a File Repository Server
1 Go to the Servers management area of the CMC.
2 Click the link to the File Repository Server you want to change.
By default, the File Repository Servers are named Input and Output,
respectively. If you run multiple instances of each server, their names should be
prefixed with “Input.” and “Output.” as appropriate.
3 Make your changes on the Properties tab.
In this example, the Input File Repository Server is set to use D:\InputFRS\ as its
root directory. The server will remain idle for a maximum of 15 minutes.
4 Click either Apply or Update:
• Click Apply to submit changes and restart the server so that the changes
take effect immediately.
• Click Update to save the changes. You must restart the server for the
changes to take effect.
Modifying Cache Server performance settings
The Properties tab of the Cache Server allows you to set the location of the cache
files, the maximum cache size, the maximum number of simultaneous processing
threads, the number of minutes before an idle job is closed, and the number of
minutes between refreshes from the database.
The “Location of the Cache Files” setting specifies the absolute path to the directory
on the Cache Server machine where the cached report pages (.epf files) are stored.
Note: The cache directory must be on a drive that is local to the server.
The “Maximum Cache Size Allowed” setting limits the amount of hard disk space
(in KBytes) that is used to cache reports. When the Cache Server has to handle large
numbers of reports, or reports that are especially complex, a larger cache size is
needed. The default value is 5000 Kbytes, which is large enough to optimize
performance for most installations.
Crystal Enterprise Administrator’s Guide
301
Configuring the intelligence tier
The “Maximum Simultaneous Processing Threads” setting limits the number of
concurrent reporting requests that the Cache Server processes. The default value is
set to “Automatic”, and is acceptable for most, if not all, reporting scenarios. With
this setting, the Cache Server sets the maximum number of threads using the
number of processors in your system as a guide. If your Cache Server responds
slowly under high load, and resource utilization on the machine is high (that is,
either memory usage is high or CPU utilization is high, particularly in the kernel),
you may wish to decrease the number of threads to improve performance. If the
Cache Server is slow under high load but CPU utilization is low, increasing the
number of threads may improve performance. However, the ideal setting for your
reporting environment is highly dependent upon your hardware configuration,
your database software, and your reporting requirements. Thus, it is
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
The “Minutes Before an Idle Connection is Closed” setting alters the length of time
that the Cache Server waits for further requests from an idle connection. Before you
change this setting, it is important to understand that setting a value too low can
cause a user’s request to be closed prematurely, and setting a value that is too high
can cause requests to be queued while the server waits for idle jobs to be closed.
The “Oldest On-Demand Data Given To a Client (in minutes)” setting determines
how long cached report pages are used before new data is requested from the
database. This setting is respected for report instances with saved data, and for
report objects that do not have on-demand subreports or parameters and that do
not prompt for database logon information. Generally, the default value of 15
minutes is acceptable: as with other performance settings, the optimal value is
largely dependent upon your reporting requirements.
When enabled, the “Viewer Refresh Always Hits Database” setting ensures that,
when users explicitly refresh a report, all cached pages are ignored, and new data
is retrieved directly from the database. When disabled, this setting prevents users
from retrieving new data more frequently than is permitted by the time specified
in the “Minutes Between Refreshes from Database” setting.
To modify Cache Server performance settings
1 Go to the Servers management area of the CMC.
2 Click the link to the Cache Server whose settings you want to change.
3 Make your changes on the Properties tab.
In this example, the Cache Server retains most of the default settings, but the
“Maximum Simultaneous Processing Threads” is increased to 50.
302
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
4 Click either Apply or Update:
• Click Apply to submit changes and restart the server so that the changes
take effect immediately.
• Click Update to save the changes. You must restart the server for the
changes to take effect.
Modifying the polling time of the Event Server
The Properties tab of the Event Server allows you to change the frequency with
which the Event Server checks for file events. This “File Polling Interval in
Seconds” setting determines the number of seconds that the server waits between
polls. The minimum value is 1 (one). It is important to note that, the lower the
value, the more resources the server requires.
Tip: On Windows, you can also change this setting in the CCM. Stop the Event
Server and view its Properties. Then click the Configuration tab.
To modify the polling time
1 Go to the Servers management area of the CMC.
2 Click the link to the Event Server whose settings you want to change.
3 Make your changes on the Properties tab.
The value that you type must be 1 or greater.
4 Click Update.
5 Return to the Servers management area of the CMC and restart the server.
Crystal Enterprise Administrator’s Guide
303
Configuring the processing tier
Configuring the processing tier
This section includes technical information and procedures that show how you can
modify settings for the Crystal Enterprise servers that make up the processing tier.
The processing tier includes one or more Job Servers and one or more Page Servers.
The majority of the settings discussed here allow you to integrate Crystal
Enterprise more effectively with your current hardware, software, and network
configurations. Consequently, the settings that you choose will depend largely
upon your own requirements.
Modifying Page Server performance settings
The Properties tab of the Page Server in the Crystal Management Console lets you
set the location of temporary files, the maximum number of simultaneous report
jobs, the minutes before an idle connection is closed, the minutes before a
processing job is closed, the number of database records to read when previewing
or refreshing a report, the oldest processed data to give a client, and when to
disconnect from the report job database.
The “Location of Temp Files” setting specifies the absolute path to a directory on
the Page Server machine.This directory must have plenty of free hard disk space.
If not enough disk space is available, job processing may be slower than usual, or
job processing may fail.
The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent
reporting requests that any single Page Server processes. The default value of 75 is
acceptable for most, if not all, reporting scenarios. The ideal setting for your
reporting environment, however, is highly dependent upon your hardware
configuration, your database software, and your reporting requirements. Thus, it
is difficult to discuss the recommended or optimum settings in a general way. It is
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
The “Minutes Before an Idle Connection is Closed” setting alters the length of time
that the Page Server waits for further requests from an idle connection. Before you
change this setting, it is important to understand that setting a value too low can
cause a user’s request to be closed prematurely. Setting a value that is too high can
cause system resources to be consumed for longer than necessary.
304
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
The “Minutes before a Report Job is Closed” setting alters the length of time that
the Page Server keeps a report job active. Before you change this setting, it is
important to understand that setting a value too low can cause a user’s request to
be closed prematurely. Setting a value that is too high can cause system resources
to be consumed for longer than necessary. (Note that this setting works in
conjunction with the “Report Job Database Connection” setting.)
The “Database records to read when previewing or refreshing a report” area
allows you to limit the number of records that the server retrieves from the
database when a user runs a query or report. This setting is useful when you want
to prevent users from running on-demand reports containing queries that return
excessively large record sets. You may prefer to schedule such reports, both to
make the reports available more quickly to users and to reduce the load on your
database from these large queries.
The “Oldest On-Demand Data Given To a Client (in minutes):” setting controls
how long the Page Server uses previously processed data to meet requests. If the
Page Server receives a request that can be met using data that was generated to
meet a previous request, and the time elapsed since that data was generated is less
than the value set here, then the Page Server will reuse this data to meet the
subsequent request. Reusing data in this way significantly improves system
performance when multiple users need the same information. When setting the
value of the “oldest processed data given to a client” consider how important it is
that your users receive up-to-date data. If it is very important that all users receive
fresh data (perhaps because important data changes very frequently) you may
need to disallow this kind of data reuse by setting the value to 0.
When enabled, the “Viewer Refresh Always Hits Database” setting ensures that,
when users explicitly refresh a report, all previously processed data is ignored, and
new data is retrieved directly from the database. When disabled, the setting
ensures that the Page Server will treat requests generated by a viewer refresh in
exactly the same way as it treats as new requests.
The “Report Job Database Connection” settings can be used to make a trade-off
between the number of database licenses you use and the performance you can
expect for certain types of reports. If you select “Disconnect when all records have
been retrieved or the job is closed”, the Page Server will automatically disconnect
from the report database as soon as it has retrieved the data it needs to fulfill a
request. Selecting this option limits the amount of time that Page Server stays
connected to your database server, and therefore limits the number of database
licenses consumed by the Page Server. However, if the Page Server needs to
reconnect to the database to generate an on-demand sub-report or to process a
group-by-on-server command for that report, performance for these reports will
be significantly slower than if you had selected “Disconnect when the job is
closed”. (The latter option ensures that Page Server stays connected to the database
server until the report job is closed. Note that you can set the “Minutes before a
Report Job is Closed” above.)
Crystal Enterprise Administrator’s Guide
305
Configuring the processing tier
To modify Page Server performance settings
1 Go to the Servers management area of the CMC.
2 Click the link to the Page Server whose settings you want to change.
3 Make your changes on the Properties tab.
In this example, the “Maximum Simultaneous Report Jobs” is increased to 75.
4 Click either Apply or Update:
• Click Apply to submit changes and restart the server so that the changes
take effect immediately.
• Click Update to save the changes. You must restart the server for the
changes to take effect.
Modifying database interaction settings for the RAS
The Database tab of the Report Application Server (RAS) in the Crystal Management
Console lets you modify the way the server runs reports against your databases.
The “Number of database records to read when previewing or refreshing a report”
area allows you to limit the number of records that the server retrieves from the
database when a user runs a query or report. This setting is particularly useful if
you provide users with ad hoc query and reporting tools, and you want to prevent
them from running queries that return excessively large record sets.
306
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
When the RAS retrieves records from the database, the query results are returned
in batches. The “Number of records per batch” setting allows you to determine the
number of records that are contained in each batch. The batch size cannot be equal
to or less than zero.
The “Number of records to browse” setting allows you to specify the number of
distinct records that will be returned from the database when browsing through a
particular field’s values. The data will be retrieved first from the client’s cache—if
it is available—and then from the server’s cache. If the data is not in either cache,
it is retrieved from the database.
The “Oldest on-demand data given to a client (in minutes)” setting controls how long
the RAS uses previously processed data to meet requests. If the RAS receives a request
that can be met using data that was generated to meet a previous request, and the time
elapsed since that data was generated is less than the value set here, then the RAS will
reuse this data to meet the subsequent request. Reusing data in this way significantly
improves system performance when multiple users need the same information.
When setting the value of the “oldest on-demand data given to a client” consider how
important it is that your users receive up-to-date data. If it is very important that all
users receive fresh data (perhaps because important data changes very frequently)
you may need to disallow this kind of data reuse by setting the value to 0. This is the
default on the RAS, to support the data needs of users performing ad hoc reporting.
The “Report Job Database Connection” settings can be used to make a trade-off
between the number of database licenses you use and the performance you can
expect for certain types of reports. If you select “Disconnect when all records have
been retrieved or the job is closed”, the Report Application Server will automatically
disconnect from the report database as soon as it has retrieved the data it needs to
fulfill a request. Selecting this option limits the amount of time that RAS stays
connected to your database server, and therefore limits the number of database
licenses consumed by the RAS. However, if the RAS needs to reconnect to the
database to generate an on-demand sub-report or to process a group-by-on-server
command for that report, performance for these reports will be significantly slower
than if you had selected “Disconnect when the job is closed”. (The latter option
ensures that RAS stays connected to the database server until the report job is closed.)
Tip: On Windows, you can also change these settings in the CCM. Stop the RAS
and view its Properties. Click the Parameters tab. From the Option Type list, select
Database.
To modify database interaction settings for the RAS
1 Go to the Servers management area of the CMC.
2 Click the link to the RAS whose settings you want to change.
3 Make your changes on the Database tab.
4 Click Apply to submit changes and restart the server so that the changes take
effect immediately.
Crystal Enterprise Administrator’s Guide
307
Configuring the processing tier
Modifying performance settings for the RAS
The Server tab of the Report Application Server (RAS) in the Crystal Management
Console allows you to modify the number of minutes before an idle connection is
closed, and the maximum number of simultaneous processing threads.
The “Minutes Before an Idle Connection is Closed” setting alters the length of time
that the RAS waits for further requests from an idle connection. Before you change
this setting, it is important to understand that setting a value too low can cause a
user’s request to be closed prematurely, and setting a value that is too high can
affect the server’s scalability (for instance, if the ReportClientDocument object is not
closed explicitly, the server will be waiting unnecessarily for an idle job to close).
The “Maximum Simultaneous Report Jobs” setting limits the number of
concurrent reporting requests that a RAS processes. The default value is acceptable
for most, if not all, reporting scenarios. The ideal setting for your reporting
environment, however, is highly dependent upon your hardware configuration,
your database software, and your reporting requirements. Thus, it is difficult to
discuss the recommended or optimum settings in a general way. It is
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
Tip: On Windows, you can also change these settings in the CCM. Stop the RAS
and view its Properties. Click the Parameters tab. From the Option Type list, select
Server.
To modify performance settings for the RAS
1 Go to the Servers management area of the CMC.
2 Click the link to the RAS whose settings you want to change.
3 Make your changes on the Server tab.
4 Click Apply to submit changes and restart the server so that the changes take
effect immediately.
Modifying performance settings for Job Servers
By default, the Job Server runs jobs as independent processes rather than as
threads. This method allows for more efficient processing of large, complex
reports. The “Maximum Jobs Allowed” setting limits the number of concurrent
independent processes (child processes) that the Job Server allows—that is, it limits
the number of scheduled reports that the Job Server will process at any one time.
You can tailor the maximum number of jobs to suit your reporting environment.
The default “Maximum Jobs Allowed” setting is acceptable for most, if not all,
reporting scenarios. The ideal setting for your reporting environment, however, is
308
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
highly dependent upon your hardware configuration, your database software, and
your reporting requirements. Thus, it is difficult to discuss the recommended or
optimum settings in a general way. It is recommended that you contact your
Crystal Decisions, Inc. sales representative and request information about the
Crystal Enterprise Sizing Guide. A Crystal Services consultant can then assess your
reporting environment and assist you in customizing these advanced configuration
and performance settings
You can also change the default directory where the Job Server stores its temporary
files.
To modify performance settings for Job Servers
1 Go to the Servers management area of the CMC.
2 Click the link to the Job Server whose settings you want to change.
3 Make your changes on the Properties tab.
4 Click Update.
5 Return to the Servers management area of the CMC and restart the Job Server.
Setting default scheduling destinations for Job Servers
By default, when users schedule objects, the instances are saved to the Output File
Repository Server. However, Crystal Enterprise also allows users to specify other
output destinations for scheduled objects. The supported output destinations are
unmanaged disk, FTP, and email (Simple Mail Transfer Protocol, or SMTP). This
section shows how to set up destination support on the Report Job Servers and
Program Job Servers. You must perform these tasks in order to enable the
“schedule to destinations” features offered by Crystal Enterprise.
For complete information about scheduling objects to particular destinations, see
“Selecting a destination” on page 237.
Setting the default disk destination
1 Go to the Servers management area of the CMC.
2 Click the link to the Report or Program Job Server whose settings you want to
change.
3 On the Destinations tab, click the Crystal Enterprise.DiskUnmanaged link.
4 On the Properties tab, set the default values to be used at schedule time:
• Destination Directory
Type the absolute path to the directory. The directory can be on a local
drive of the Job Server machine, or on any other machine that you can
specify with a UNC path.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file name.
Crystal Enterprise Administrator’s Guide
309
Configuring the processing tier
• Specified File Name
Select this option if you want to specify a file name—you can also add a variable
to the file name. To add a variable, choose a placeholder for a variable property
from the list and click Add. When each instance runs, the variable is replaced
with the appropriate information. For example, when you add the variable
“Owner,” the file name of each object includes the object owner’s name.
• User Name
Specify a user who has permission to write files to the destination directory.
• Password
Type the password for the user.
In this example, the destination directory is on a network drive that is accessible
to the Report Job Server machine through a UNC path. Each file name will be
randomly generated, and a user name and password have been specified to
grant the Report Job Server permission to write files to the remote directory.
5 Click Update.
6 Return to the server’s Destinations tab, select the check box that corresponds
to your newly defined destination, and click Enable.
Setting the default FTP destination
1 Go to the Servers management area of the CMC.
2 Click the link to the Job Server whose settings you want to change.
3 On the Destinations tab, click the Crystal Enterprise.Ftp link.
4 On the Properties tab, set the default values to be used at schedule time:
• Host
Enter your FTP host information.
310
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• Port
Enter the FTP port number (the standard FTP port is 21).
• FTP User Name
Specify a user who has the necessary rights to upload a report to the FTP
server.
• FTP Password
Enter the user’s password.
• Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
• Destination Directory
Enter the FTP directory that you want the object to be saved to. A relative
path is interpreted relative to the root directory on the FTP server.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
• Specified File Name
Select this option if you want to enter a file name—you can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
In this example, all of the required FTP information is provided. Reports
scheduled to this destination are randomly named and uploaded to the
ftp.crystaldecisions.com site.
Crystal Enterprise Administrator’s Guide
311
Configuring the processing tier
5 Click Update.
6 Return to the server’s Destinations tab, select the check box that corresponds
to your newly defined destination, and click Enable.
Setting the default email (SMTP) destination
1 Go to the Servers management area of the CMC.
2 Click the link to the Job Server whose settings you want to change.
3 On the Destinations tab, click the Crystal Enterprise.Smtp link.
4 On the Properties tab, complete these required fields with the information that
corresponds to your SMTP server:
• Domain Name
Enter the fully qualified domain of the SMTP server.
• Server Name
Enter the name of the SMTP server.
• Port
Enter the port that the SMTP server is listening on. (This standard SMTP
port is 25.)
• Authentication
Select Plain or Login if the Job Server must be authenticated using one of
these methods in order to send email.
• SMTP User Name
Provide the Job Server with a user name that has permission to send email
and attachments through the SMTP server.
• SMTP Password
Provide the Job Server with the password for the SMTP server.
• From
Provide the return email address.
In this example, the SMTP server resides in the crystaldecisions.com domain.
Its name is EMAIL_SERV and it is listening on the standard SMTP port. Plain text
authentication is being used, and an account called CrystalJobAccount has been
created on the SMTP server for use by the Report Job Server.
312
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
5 Complete the optional email fields (To, Cc, Subject, and Message) if you want
to set default values for users who schedule reports to this SMTP destination.
Users can override these defaults with their own values when they schedule
reports to this SMTP destination.
6 Use these optional fields to specify whether you want the email to include a
hyperlink to the report, an attached report instance, or both. (If you send a
hyperlink, the email recipient must log on to Crystal Enterprise to see the report.)
Again, users can override these settings with their own values.
• Add viewer hyperlink to message body
Click Add if you want to add the URL for the viewer in which you want the
email recipient to view the report. You can set the default URL by clicking
Object Settings on the main page of the Objects management area of the CMC.
• Attach report instance to email message
Clear this check box if you do not want a copy of the report instance
attached to the email (for a Report Job Server). For a Program Job Server,
clear this check box if you do not want a copy of the program instance (a
text file containing the standard out and standard error from the program)
attached to the email.
• Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file name.
• Specified File Name
Select this option if you want to enter a file name—you can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
7 Click Update.
8 Return to the server’s Destinations tab, select the check box that corresponds
to your newly defined destination, and click Enable.
Configuring Windows processing servers for your data source
When started on Windows, the report processing servers—Report Job Servers,
Program Job Servers, Page Servers, and Report Application Servers—by default log
on to the local system as services with the Windows NT/2000 “LocalSystem”
account. This account determines the permissions that each service is granted on
the local machine. This account does not grant the service any network permissions.
In the majority of cases, this account is irrelevant in relation to the server’s task of
processing reports against your data source. (The database logon credentials are
stored with the report object.) Thus, you can usually leave each server’s default
logon account unchanged or, if you prefer, you can change it to a Windows user
account with the appropriate permissions.
However, there are certain cases when you must change the logon account used by
the processing servers. These cases arise either because the server needs additional
Crystal Enterprise Administrator’s Guide
313
Configuring the processing tier
network permissions to access the database, or because the database client
software is configured for a particular Windows user account. This table lists the
various database/ driver combinations and shows when you must complete
additional configuration.
Tip: If your reports require ODBC connections, set up identical System Data Source
Names (DSNs) on each machine that is running a processing server. Ensure that
each of these DSNs matches the DSN that was used when the report was designed.
Database
Driver
Additional Configuration Required
Oracle™
Native
None
ODBC (CROR8)
OLE DB
Sybase™
Native
None
ODBC (CRSYB)
Lotus
Domino®
Native
None
Microsoft®
Native
SQL Server™ ODBC (CRSS)
OLE DB
If you use SQL Server’s “Trusted Connection” setting, change
each server’s log on account to a Windows user account that has
permissions within the database. (In this case, the database logon
credentials stored with the report object should be blank.)
DB2™
Native
None
DB2
ODBC (CRDB2) For on-demand viewing, configure the Page Server and RAS to
close idle jobs after one minute, thereby allowing other users to
access the database. For details, see “Modifying Page Server
performance settings” on page 304.
Tip: IBM offers several client applications for connecting to DB2.
The recommended client is IBM DB2 Direct Connect, whose ODBC
drivers were written for actual programmatic interaction with
products like Crystal Enterprise. See the Crystal Care Knowledge
Base for discussions of this and other DB2 clients.
Informix®
Native
• Change the log on account for each processing server to the
account under which the Informix client was installed.
• Add the Informix bin directory to the System Path (for
example, C:\Informix\bin) environment variable.
Informix
ODBC
(CRINF9)
• Change the log on account for each processing server to the
Windows user account under which the Informix client was installed.
• For on-demand viewing, configure the Page Server and RAS to
close idle jobs after one minute, thereby allowing other users to
access the database. For details, see “Modifying Page Server
performance settings” on page 304.
Microsoft
Exchange™
314
• Ensure that the Exchange profile is set up on the local machine.
• Change the log on account of each processing server to the
Windows user account that has access to the mailbox in which the
report data is located.
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
Database
Driver
PC databases Native, ODBC
(Btrieve™,
Microsoft
Access™,
Paradox™,
XML)
Additional Configuration Required
• If the database is installed on the server’s local machine, no
additional configuration is required.
• If the processing server must access the database over the
network, change the server’s log on account to a Windows domain
user account that has the appropriate network permissions.
Ensure that the account has READ access to the shared resource.
Tip: Running a service under an Administrator account does not inadvertently grant
administrative privileges to another user, because users cannot impersonate services.
For details on changing the user account for the Job Server or Page Server, see
“Changing the server user account” on page 326.
Configuring UNIX processing servers for your data source
The Job Servers and Page Server support native and ODBC connections to a
number of reporting databases. This section discusses the environment variables,
software, and configuration files that must be available to the servers in order for
them to process reports successfully. Whether your reports use native or ODBC
drivers, ensure that the reporting environment configured on the server accurately
reflects the reporting environment configured on the Windows machine that you
use when designing reports with Crystal Reports.
See the Platforms.txt file included with your product distribution for a complete
list of tested database software and version requirements.
Native drivers
If you design reports using native drivers, you must install the appropriate database
client software on each Job Server and/or Page Server machine that will process the
reports. The server loads the client software at runtime in order to access the database
that is specified in the report. The server locates the client software by searching the
library path environment variable that corresponds to your operating system
(LD_LIBRARY_PATH on Sun Solaris, LIBPATH on IBM AIX, and so on), so this variable
must be defined for the login environment of each Job Server and Page Server.
Depending on your database, additional environment variables may be required
for the Job Server and Page Server to use the client software. These include:
• Oracle
The ORACLE_HOME environment variable must define the top-level directory of
the Oracle client installation.
• Sybase
The SYBASE environment variable must define the top-level directory of the
Sybase client installation. The SYBPLATFORM environment variable must define
the platform architecture.
Crystal Enterprise Administrator’s Guide
315
Configuring the processing tier
• DB2
The DB2INSTANCE environment variable must define the DB2 instance that is
used for database access. Use the DB2 instance initialization script to ensure
that the DB2 environment is correct.
Note: For complete details regarding these and other required environment
variables, see the documentation included with your database client software.
As an example, suppose that you are running reports against both Sybase and Oracle.
The Sybase database client is installed in /opt/sybase, and the Oracle client is installed
in /opt/oracle/app/oracle/product/8.1.7. You installed Crystal Enterprise under the
crystal user account (as recommended in the Crystal Enterprise Installation Guide).
If the crystal user’s default shell is a C shell, add these commands to the crystal
user’s login script:
setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8.1.7/lib:opt/sybase/
lib:$LD_LIBRARY_PATH
setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.1.7
setenv SYBASE /opt/sybase
setenv SYBPLATFORM sun_svr4
If the crystal user’s default shell is a Bourne shell, modify the syntax accordingly:
LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8.1.7/lib:opt/sybase/
lib:$LD_LIBRARY_PATH;export LD_LIBRARY_PATH
ORACLE_HOME=/opt/oracle/app/oracle/product/8.1.7;export ORACLE_HOME
SYBASE=/opt/sybase;export SYBASE
SYBPLATFORM=sun_svr4;export SYBPLATFORM
ODBC drivers
If you design reports off ODBC data sources (on Windows), you must set up the
corresponding data sources on the Job Server and Page Server machines. In
addition, you must ensure that each server is set up properly for ODBC. During
the installation, Crystal Enterprise installs ODBC drivers for UNIX, creates
configuration files and templates related to ODBC reporting, and sets up the
required ODBC environment variables. This section discusses the installed
environment, along with the information that you need to edit.
Note:
• Detailed documentation covering the various ODBC drivers is included in the
Merant Connect ODBC Reference (odbcref.pdf). This is installed below the
crystal/enterprise/platform/odbc directory; it is also located in the doc
directory of your product distribution.
• If you report off DB2 using ODBC, your database administrator must first bind
the UNIX version of the driver to every database that you report against (and not
just each database server). The bind packages are installed below the crystal/
enterprise/platform/odbc/lib directory; their filenames are iscsso.bnd,
iscswhso.bnd, isrrso.bnd, isrrwhso.bnd, isurso.bnd, and isurwhso.bnd. Because
Crystal Reports runs on Windows, ensure also that the Windows version of the
driver has been bound to each database.
316
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• On UNIX, Crystal Enterprise does not include the Informix client-dependent
ODBC driver (CRinf16) that is installed on Windows. The UNIX version does,
however, include the clientless ODBC driver for Informix connectivity.
ODBC environment variables
The environment variables related to ODBC reporting are: the library path that
corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris, LIBPATH on
IBM AIX, and so on), ODBC_HOME, and ODBCINI. The Crystal Enterprise installation
includes a file called env.csh that is sourced automatically every time you start the
Crystal Enterprise servers with the CCM. Thus, the environment for the Job Server
and Page Server is set up automatically:
• The INSTALL_ROOT/crystal/enterprise/platform/odbc/lib directory of your
installation is added to the library path environment variable.
• The ODBC_HOME environment variable is set to the INSTALL_ROOT/crystal/
enterprise/platform/odbc directory of your installation.
• The ODBCINI environment variable is defined as the path to the .odbc.ini file
that was created by the Crystal Enterprise installation.
Modify the environment variables in the env.csh script only if you have
customized your configuration of ODBC. The main ODBC configuration file that
you need to modify is the system information file.
Working with the ODBC system information file
The system information file (.odbc.ini) is created in the HOME directory of the user
account under which you installed Crystal Enterprise (typically the crystal user
account). In this file, you define each of the ODBC data sources (DSNs) that the Job
Server and Page Server need in order to process your reports. The Crystal
Enterprise installation completes most of the required information—such as the
location of the ODBC directory and the name and location of each installed ODBC
driver—and shows where you need to provide additional information.
Tip: A template of the system information file is installed to INSTALL_ROOT/
crystal/defaultodbc.ini
The following example shows the contents of a system information file that defines a
single ODBC DSN for servers running on UNIX. This DSN allows the Job Server and
Page Server to process reports based on a System DSN (on Windows) called CRDB2:
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
[CRDB2]
Driver=/opt/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=myDB2server
LogonID=username
Crystal Enterprise Administrator’s Guide
317
Configuring the processing tier
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/opt/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/opt/crystal/enterprise/platform/odbc
As shown in the example above, the system information file is structured in three
major sections:
• The first section, denoted by [ODBC Data Sources], lists all the DSNs that are
defined later in the file. Each entry in this section is provided as dsn=driver,
and there must be one entry for every DSN that is defined in the file. The value
of dsn must correspond exactly to the name of the System DSN (on Windows)
that the report was based off.
• The second section sequentially defines each DSN that is listed in the first
section. The beginning of each definition is denoted by [dsn]. In the example
above, [CRDB2] marks the beginning of the single DSN that is defined in the file.
Each DSN is defined through a number of option=value pairs. The options that
you must define depend upon the ODBC driver that you are using. These pairs
essentially correspond to the Name=Data pairs that Windows stores for each
System DSN in the registry:
\\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc.ini\dsn
However, the options for a particular ODBC driver on UNIX may not
correspond by name to the options available for a Windows version of the same
driver. For example, some Windows drivers store a UID value in the registry,
and on UNIX you may need to specify this value with the LogonID option.
Note: For detailed documentation on each ODBC driver, see the Merant
Connect ODBC Reference (odbcref.pdf). The PDF is installed below the crystal/
enterprise/platform/odbc directory; it is also located in the doc directory of
your product distribution.
• The final section of the file, denoted by [ODBC], includes ODBC tracing
information. You need not modify this section.
When the installation creates the system information file, it completes some fields
and sets up a number of default DSNs—one for each of the installed ODBC drivers.
The standard options that are commonly required for each driver are included in
the file (Database=, LogonID=, and so on). Edit the file and provide the
corresponding values that are specific to your reporting environment.
This example shows the entire contents of a system information file created when
Crystal Enterprise was installed to the /usr/local directory.
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
CRINF_CL=MERANT 3.70 Informix Dynamic Server ODBC Driver
CROR8=MERANT 3.70 Oracle8 ODBC Driver
CRSS=MERANT 3.70 SQL Server ODBC Driver
CRSYB=MERANT 3.70 Sybase ASE ODBC Driver
CRTXT=MERANT 3.70 Text ODBC Driver
318
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
[CRDB2]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=
LogonID=
[CRINF_CL]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crifcl16.so
Description=MERANT 3.70 Informix Dynamic Server ODBC Driver
ServerName=
HostName=
PortNumber=
Database=
LogonID=
[CROR8]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=
ProcedureRetResults=1
LogonID=
[CRSS]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crmsss16.so
Description=MERANT 3.70 SQL Server ODBC Driver
Address=
Database=
QuotedId=Yes
LogonID=
[CRSYB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crase16.so
Description=MERANT 3.70 Sybase ASE ODBC Driver
NetworkAddress=
Database=
LogonID=
[CRTXT]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crtxt16.so
Description=MERANT 3.70 Text ODBC Driver
Database=
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/usr/local/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/usr/local/crystal/enterprise/platform/odbc
Crystal Enterprise Administrator’s Guide
319
Logging server activity
Adding a DSN to the default ODBC system information file
When you need to add a new DSN to the installed system information file
(.odbc.ini) file, first add the new DSN to the bottom of the [ODBC Data Sources]
list. Then add the corresponding [dsn] definition just before the [ODBC] section.
For example, suppose that you have a Crystal report that uses ODBC drivers to
report off your Oracle8 database. The report is based off a System DSN (on
Windows) called SalesDB. To create the corresponding DSN, first append this line
to the [ODBC Data Sources] section of the system information file:
SalesDB=MERANT 3.70 Oracle8 ODBC Driver
Then define the new DSN by adding the following lines just before the system
information file’s [ODBC] section:
[SalesDB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=MyServer
ProcedureRetResults=1
LogonID=MyUserName
Once you have added this information, the new DSN is available to the Job Server
and Page Server, so they can process reports that are based off the SalesDB System
DSN (on Windows).
Logging server activity
Crystal Enterprise allows you to log specific information about Crystal Enterprise
web activity. For details on locating and customizing the web activity logs, see
“Configuring properties for the Web Component Server” on page 279.
In addition, each of the Crystal Enterprise servers is designed to log messages to
your operating system’s standard system log.
• On Windows NT/2000, Crystal Enterprise logs to the Event Log service. You
can view the results with the Event Viewer (in the Application Log).
• On UNIX, Crystal Enterprise logs to the syslog daemon as a User application.
Each server prepends its name and PID to any messages that it logs.
This example shows two messages logged to the syslog daemon on UNIX:
320
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
Each server also logs assert messages to the logging directory of your product
installation. The programmatic information logged to these files is typically useful
only to Crystal Decisions support staff for advanced debugging purposes. The
location of these log files depends upon your operating system:
• On Windows, the default logging directory is C:\Program Files\Crystal
Decisions\Logging
• On UNIX, the default logging directory INSTALL_ROOT/crystal/logging
directory of your installation.
The important point to note is that these log files are cleaned up automatically, so
there will never be more than approximately 1 MB of logged data per server.
Advanced server configuration options
This section includes additional configuration tasks that you may want to perform,
depending upon your reporting environment.
Changing the default server port numbers
During installation, the CMS and the WCS are set up to use default port numbers.
The default CMS port number is 6400, and the default WCS port number is 6401.
These ports fall within the range of ports reserved by Crystal Decisions, Inc. (6400
to 6410). Thus, Crystal Enterprise communication on these ports should not
conflict with third-party applications that you have in place. (Although unlikely, it
is possible that your custom applications use these ports. If so, you can change the
default CMS and WCS ports.)
The Web Component Adapter (which replaces the WCS on UNIX, and on
Windows installations of Crystal Enterprise that use the Java SDK) is not a server.
However, you can configure its listening port by changing the
connection.listeningPort context parameter in web.xml. (See “Configuring the
Web Component Adapter” on page 282 for details.)
When started and enabled, each of the other Crystal Enterprise servers
dynamically binds to an available port (higher than 1024), registers with this port
on the CMS, and then listens for Crystal Enterprise requests. If necessary, you can
instruct each server component to listen on a specific port (rather than dynamically
selecting any available port). Also, when the WCS receives a request from the Web
Connector (on port 6401, by default), the WCS dynamically selects a second port
for all subsequent communication. You will likely need to specify this second WCS
port explicitly (with -requestPort) if you are working with firewalls. (For more
information on working with firewalls see “Working with Firewalls” on page 367.)
On Windows, you view and modify server command lines with the CCM. The
Command field appears on each server’s Properties tab. On UNIX, you view and
modify server command lines (also referred to as launch strings) in the ccm.config
file, which is installed in the crystal directory.
Crystal Enterprise Administrator’s Guide
321
Advanced server configuration options
This table summarizes the command-line options as they relate to port usage for
specific server types. (See “Server Command Lines” on page 425 for additional
usage details.)
Option
CMS
WCS
Other Servers
-port
Specifies the primary
Crystal Enterprise port on
which the CMS listens for
requests from all other
servers. The default is
6400.
Specifies the port on which
the WCS listens for web
requests from the Web
Connector. The default is
6401.
Used only in multihomed
environments or for certain
NAT firewall environments.
In both cases, specify -port
interface only. (-port
number has no meaning for
these servers).
-requestPort
Specifies the secondary
port that the CMS uses for
identifying other servers
and for registering with
itself and/or a cluster.
Selected dynamically if
unspecified.
Specifies the port on which
the WCS listens for replies
from the CMS and the
other servers. The WCS
registers this port with the
CMS. Selected dynamically
if unspecified.
Specifies the port on which
the server listens for
Crystal Enterprise
requests. The server
registers this port with the
CMS. Selected dynamically
if unspecified.
-ns
n/a
Specifies the CMS that the
WCS will register with.
Specifies the CMS that the
server will register with.
Before modifying any port numbers, consider the following:
• If you change the default CMS port number, you must change the -ns option in
every other server’s command line, to ensure that each server connects to the
appropriate port of the CMS. (The -ns option stands for “nameserver.” The CMS
functions as the nameserver in Crystal Enterprise, because it maintains a list that
includes the host name and port number of each server that is started, enabled,
and thus available to accept Crystal Enterprise requests.) If you are using the
WCA (as you will if you have a UNIX installation of Crystal Enterprise, or a
Windows installation that uses the Java SDK), you must also set the name and
port number of the CMS with the connection.cms context parameter in web.xml.
See “Configuring the Web Component Adapter” on page 282 for details.
• If you change the default WCS port number, you must make corresponding
changes to the mapping that allows the Web Connector to communicate with
the WCS. For information about configuring your Web Connector and any of
your web server configuration files, see Crystal Enterprise Installation Guide.
• If you are working with multihomed machines or in certain NAT firewall
configurations, you may wish to specify -port interface:number for the WCS
or CMS and -port interface for the other servers. For details, see
“Configuring Crystal Enterprise on a multihomed machine” on page 324 or
“Configuring for Network Address Translation” on page 375.
• On Windows, the CCM displays default port numbers on each server’s
Configuration tab. This displayed port corresponds to the -port option. For
server’s other than the CMS and the WCS, this default port is not actually in
use (each server registers its -requestPort number with the CMS instead).
322
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To change the default CMS port for Crystal Enterprise servers
1 Use the CCM (on Windows) or ccm.sh (on UNIX) to stop all the Crystal
Enterprise servers.
2 Add (or modify) the following option in the CMS command line:
-port number
Replace number with the port that you want the CMS to listen on. (The default
port is 6400.)
3 Add (or modify) the following option in the command line of all of the
remaining non-CMS Crystal Enterprise servers:
-ns hostname:number
Replace hostname with the host name of the machine that is running the CMS.
The host name must resolve to a valid IP address within your network. Replace
number with the port that the CMS is listening on.
4 Start and enable all the Crystal Enterprise servers.
The CMS begins listening on the port specified by number, and the non-CMS
servers broadcast to that port when attempting to register with the CMS.
If you are using the WCA (as you will if you have a UNIX installation of Crystal
Enterprise, or a Windows installation that uses the Java SDK), you must also set the
name and port number of the CMS with the connection.cms context parameter in
web.xml. See “Configuring the Web Component Adapter” on page 282 for details.
To change the default WCS port
1 Use the CCM to stop all the Crystal Enterprise servers.
2 Add (or modify) the following option in the WCS command line:
-port number
Replace number with the port that you want the WCS to listen on. (The default
port is 6401.)
3 Reconfigure the Web Connector so that it forwards Crystal Enterprise requests
to the WCS host on the new port specified by number.
For details, see Crystal Enterprise Installation Guide.
To change the port a server registers with the CMS
1 Use the CCM (on Windows) or ccm.sh (on UNIX) to stop the server.
2 Add (or modify) the following option in the server’s command line:
-requestPort number
Replace number with the port that you want the server to listen on.
3 Start and enable the server.
The server binds to the new port specified by number. It then registers with the CMS
and begins listening for Crystal Enterprise requests on the new port.
Crystal Enterprise Administrator’s Guide
323
Advanced server configuration options
By default, each server registers itself with the CMS by IP address, rather than by
name. This typically provides the most reliable behavior. If you need each server
to register with the CMS by fully qualified domain name instead, use the
-requestPort option in conjunction with -port interface (where interface is the
server’s fully qualified domain name). Having the servers register by name can be
useful if a NAT firewall resides between the server and the CMS. For more
information, see “Configuring for Network Address Translation” on page 375.
You may also need to specify -port interface when Crystal Enterprise is running
on a multihomed machine.
Configuring Crystal Enterprise on a multihomed machine
A multihomed machine is one that has multiple network addresses. You may
accomplish this with multiple network interfaces, each with one or more IP addresses,
or with a single network interface that has been assigned multiple IP addresses.
If you have multiple interface cards, each with a single IP address, change the
binding order so that the card at the top of the binding order is the one you want
the Crystal Enterprise servers to bind to. If your interface card has multiple IP
addresses, use the -port command-line option to specify a IP address for the
Crystal Enterprise server.
Tip: This section shows how to restrict all servers to the same network address, but
it is possible to bind individual servers to different addresses. For instance, you might
want to bind the File Repository Servers to a private address that is not routable from
users’ machines. Advanced configurations such as this require your DNS
configuration to route communications effectively between all the Crystal Enterprise
server components. In this example, the DNS must route communications from the
other Crystal Enterprise servers to the private address of the File Repository Servers.
Configuring the CMS and WCS to bind to a network address
When you use the -port command-line option to configure the CMS and the WCS
to bind to a specific IP address, you must also include the port number these
servers use (even if the server is using the default port). Add the following option
to both of their command lines:
-port interface:port
If the machine has multiple network interfaces, interface can be the fully qualified
domain name or the IP address of the interface that you want the server to bind to.
If the machine has a single network interface, interface must be the IP address
that you want the server to bind to.
Note:
• To retain the default port numbers, replace port with 6400 for the CMS, and
with 6401 for the WCS. If you change the default port numbers, you will need
to make additional configuration changes. For details, see “Changing the
default server port numbers” on page 321.
324
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
• To configure the WCA, use interface:port when setting the
connection.listeningPort context parameter in web.xml. (See “Configuring
the Web Component Adapter” on page 282 for details.)
Configuring the remaining servers to bind to a network
address
The remaining Crystal Enterprise servers select their ports dynamically by default,
so you need only add the following option to their command lines:
-port interface
Replace interface with the same value that you specified for the CMS and the
WCS. Ensure that each server’s -ns parameter points to the CMS, and that the DNS
resolves the value to the appropriate network address.
Adding and removing Windows server dependencies
When installed on Windows, each server in Crystal Enterprise is dependent on at
least three services: the Event Log, NT LM Security Support Provider, and Remote
Procedure Call (RPC) services. If you are having problems with a server, check to
ensure that all three services appear on the server’s Dependency tab.
To add and remove server dependencies
1 Use the CCM to stop the server whose dependencies you want to modify.
2 With the server selected, click Properties on the toolbar.
3 Click the Dependency tab.
As shown here, at least three services should be listed: Event Log, NT LM
Security Support Provider, and Remote Procedure Call (RPC).
Crystal Enterprise Administrator’s Guide
325
Advanced server configuration options
4 To add a dependency to the list, click Add.
The Add Dependency dialog box provides you with a list of all available
dependencies. Select the dependency or dependencies, as required, and then
click Add.
5 To remove a dependency from the list, select it and click Remove.
6 Click OK.
7 Restart the server.
Changing the server startup type
When installed on Windows, each server is configured to start automatically. As
with other Windows services, there are three startup types:
• Automatic starts the server each time the machine is started.
• Manual requires you to start the server before it will run.
• Disabled requires you to change the startup type to automatic or manual
before it can run.
To change the server startup type on Windows
1 Start the CCM.
2 Stop the server whose startup type you want to modify.
3 With the server selected, click Properties on the toolbar.
4 Click the Startup Type list and select Automatic, Disabled, or Manual.
5 Click OK.
6 Restart the server.
To change the server startup type on UNIX
On UNIX, this requires root privileges. See “setupinit.sh” on page 444.
Changing the server user account
If the incorrect user account is running on a server on Windows, change it in the
Crystal Configuration Manager (CCM).
Tip: The Program Job Server must be configured to use the Local System account,
or a user account that has the right “Act as part of the operating system”. (To set
this right for a user in Windows 2000, go to Start>Programs>Administrative
Tools>Local Security Policy>Local Policies> User Rights Assignment).
326
Crystal Enterprise Administrator’s Guide
15: Managing and Configuring Servers
To change a server’s user account
1 Use the CCM to stop the server.
2 Click Properties.
3 Clear the System Account check box.
4 Enter the Windows NT/2000 user name and password information.
When started, the server process will log on to the local machine with this user
account. In addition, all reports processed by this server will be formatted using
the printer settings associated with the user account that you enter.
5 Click Apply, and then click OK.
6 Start the server.
Crystal Enterprise Administrator’s Guide
327
Advanced server configuration options
328
Crystal Enterprise Administrator’s Guide
Managing Auditing
16
This chapter provides an overview of the auditing
functionality in Crystal Enterprise. It also describes how to
configure the auditing database, how to select actions to
audit, and how to create a custom audit report.
Crystal Enterprise Administrator’s Guide
329
Auditing overview
Auditing overview
Auditing allows you to monitor and record key facts about your Crystal Enterprise
system. Having information about who is using your system and which objects
they are accessing allows you to answer system-level questions like “which groups
within the company use our Crystal Enterprise system the most?” or “how many
concurrent user licenses are we using at any given time?”. Auditing also allows
you to better administer individual user accounts and reports by giving you more
insight into what actions users are taking and which reports they are accessing.
This information lets you be more proactive in managing the operation and
deployment of your Crystal Enterprise system, while helping you better evaluate
the value that Crystal Enterprise provides to your organization.
How does auditing work?
The Crystal Management Server (CMS) acts as the system auditor, while each
Crystal Enterprise server that controls actions that you can monitor is an auditee.
To audit an action in Crystal Enterprise, you must first determine which server
controls that action. Then you must enable auditing of that action in the Servers
management area of the Crystal Management Console. As the auditee, the Crystal
Enterprise server will then begin to record these audit actions in a local log file.
As the auditor, the CMS controls the overall audit process. Each server writes audit
records to a log file local to the server. At regular intervals the CMS communicates
with the auditee servers to request copies of records from the auditee’s local log
files. When the CMS receives these records it writes data from the log files to the
central auditing database.
The CMS also controls the synchronization of audit actions that occur on different
machines. Each auditee provides a time stamp for the audit actions that it records in
its log file. To ensure that the time stamps of actions on different servers are consistent,
the CMS periodically broadcasts its system time to the auditees. The auditees then
compare this time to their internal clocks. If differences exist, they make a correction
to the time stamp they record in their log files for subsequent audit actions.
Once the data is in the auditing database you can run pre-configured reports
against the database or design custom reports to suit your own needs.
330
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
Note:
• You must configure the auditing database on the CMS before you can begin to
audit. See “Configuring the auditing database” on page 334.
• The CMS acts as both an auditor and as an auditee when you configure it to
audit an action that the CMS itself controls.
• In a CMS cluster, the cluster will nominate one CMS to act as system auditor. If
the machine that is running this CMS fails, another CMS from the cluster will
take over and begin acting as auditor.
Which actions can I audit?
You can use auditing to track the actions of individual users of Crystal Enterprise
as they log in and out of the system, access data, or create file-based events. You
can also monitor system actions like the success or failure of scheduled objects.
(For a complete list of auditable actions, see “Reference list of auditable actions” on
page 331).
For each action, Crystal Enterprise records the time of the action, the name and
user group of the user who initiated the action, the server where it was performed,
and a variety of other parameters more fully documented in “Auditing database
schema reference” on page 341.
Once you have collected this data, you can use a custom or pre-configured report
to view the raw data, or to answer more complex queries such as “how many
concurrent licenses are we using at a given time?”. See “Reporting on audit
results” on page 339 for more information.
Reference list of auditable actions
This list contains a complete list of the audit actions you can enable in Crystal
Enterprise. It is organized according to the types of actions that you can audit, to
help you find the server where you enable auditing of these actions. For step by
step instructions on how to enable audit actions, see “Enabling auditing of user
and system actions” on page 335.
For more information about the actions that are audited, and the data that is
recorded for each audit action, see “AuditID and AuditString reference” on
page 343, and “Auditing database schema reference” on page 341.
Crystal Enterprise Administrator’s Guide
331
Auditing overview
User Actions
Crystal
Enterprise
Server
Actions
A folder is created.
A folder is deleted.
Folders
A folder is modified.
(The name, location, or description of a folder is
modified.)
CMS
A report has been viewed successfully.
Cache
Server
A report could not be viewed.
A report is opened successfully using:
• the Web Report Design Wizard.
• the Advanced DHTML viewer.
• a custom application that uses RAS SDK.
A report fails to open.
Reports
A report has been created successfully using:
• the Web Report Design Wizard.
• a custom application that uses the RAS SDK.
Or
A report has been saved successfully using the Web
Report Design Wizard.
RAS
A report fails to be created.
Or
A report fails to save (using the Web Report Design
Wizard).
A report is saved successfully (using a custom
application based on the RAS SDK).
A report fails to save using a custom application based
on the RAS API.
A concurrent user logon succeeds.
A named user logon succeeds.
Users
A user logon fails.
CMS
A user’s password is changed.
User logs off.
332
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
Actions
Crystal
Enterprise
Server
An event is registered.
(Event is created, and registered with system)
Filebased
events
An event is updated.
(The name, description, or filename of an event is
modified.)
Event Server
An event is unregistered.
(Event is removed from system.)
System Actions
Actions
Crystal
Enterprise
Server
A job has been run successfully.
That is, a scheduled report has run successfully.
Reports
A job has failed to run.
That is, a scheduled report has failed to run.
(See Tip following this table.)
Report Job
Server
A job failed but will try to run again.
Communication with a running instance is lost.
That is, a scheduled report has failed to run because
communication with the instance was lost, and the
scheduled time for running the report expired.
File-based An event is triggered.
events
Crystal
Management
Server
Event Server
A job has been run successfully.
That is, a scheduled program has run successfully.
Programs
A job has failed to run.
That is, a scheduled program has failed to run.
(See Tip following this table.)
Program Job
Server
A job failed but will try to run again.
Communication with a running instance is lost.
That is, a scheduled program has failed to run because Crystal
Management
communication with the instance was lost, and the
Server
scheduled time for running the program expired.
Crystal Enterprise Administrator’s Guide
333
Configuring the auditing database
Tip: To audit every failure of a scheduled report or a scheduled program, enable
auditing of “A job has failed to run” on the Job Server, and “Communication with
a running instance is lost.” on the Crystal Management Server.
Configuring the auditing database
Before you audit actions within Crystal Enterprise, you must configure your
Crystal Management Server to connect to an auditing database. You can use any
database server supported for the CMS system database for your auditing
database. See the Platforms.txt file included with your product distribution for a
complete list of tested database software and version requirements.
Use a page size of 8K on database servers that support variable page sizes, such as
IBM DB2, Oracle, or Sybase. Using a smaller page size on these database servers
may cause table creation or row insertion to fail. Databases with fixed page size,
such as SQL Server or Informix, will perform row splits as necessary.
It is recommended that you develop a back up strategy for your auditing database.
If necessary, contact your database administrator for more information.
Note:
• The CMS system database and the auditing database are independent. If you
choose, you can use different database software for the CMS system database
and the auditing database, or you can install these databases on separate servers.
• If you have a CMS cluster, every CMS in the cluster must be connected to the
same auditing database, using the same connection method and the same
connection name. Note that connection names are case sensitive. (See
“Installing a new CMS and adding it to a cluster” on page 286 for more
information on CMS clusters.)
To configure the auditing database on Windows
1 Start the Crystal Configuration Manager (CCM).
2 Stop the CMS.
3 Click Specify Auditing Data Source.
4 In the Select Database Driver dialog box, specify whether you want to connect
to the new database through ODBC, or through one of the native drivers.
5 Click OK.
6 The remaining steps depend upon the connection type you selected:
• If you selected ODBC, the Windows “Select Data Source” dialog box appears.
Select the ODBC data source that you want to use as the auditing database;
then click OK. (Click New to configure a new DSN.) Use a System DSN, and
not a User DSN or File DSN. By default, server services are configured to run
under the System account, which only recognizes System DSNs.
When prompted, provide your database credentials and click OK.
334
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
• If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Provide this information and
then click OK.
The SvcMgr dialog box notifies you when the auditing database setup is complete.
7 Click OK.
8 Start the CMS. When the CMS starts, it will create the auditing database.
Note: You can also configure the auditing database using the Properties option for
the CMS. Stop the CMS, select Properties, and then go to the Configuration tab. Select
“Write server audit information to specified data source”, and then click Specify.
To configure the auditing database on UNIX
For more information on UNIX scripts, see “UNIX Tools” on page 435.
1 Use ccm.sh to stop the CMS.
2 Run cmsdbsetup.sh.
3 Choose the selectaudit option, and then supply the requested information
about your database server.
4 Run serverconfig.sh.
5 Choose the “Modify a server” option.
6 Select the CMS, and enable auditing. Enter the port number of the CMS when
prompted (the default value is 6400).
7 Use ccm.sh to start the CMS. When the CMS starts, it will create the auditing
database.
Enabling auditing of user and system actions
To audit an action in Crystal Enterprise you must first determine which Crystal
Enterprise server controls the action. Then you must enable auditing on the server
from the Servers management area of the Crystal Management Console (CMC).
If you have multiple Crystal Enterprise servers of a given type, be sure to enable
identical audit actions on every server. Doing so ensures that you collect
information on all user or system actions in your Crystal Enterprise system. For
example, if you are interested in the total number of concurrent user logons, enable
auditing of concurrent user logons on each of your Crystal Management Servers.
If you enable auditing on only one Crystal Management Server, you will only
collect audit information about actions that occur on that server.
In some special cases you may wish to enable auditing on only one server of a
given type. For example, if you are interested in the success or failure of only one
kind of scheduled report and you have configured your system so that these
reports are processed on one particular Report Job Server, it is not necessary to
Crystal Enterprise Administrator’s Guide
335
Enabling auditing of user and system actions
enable auditing on every Report Job Server in your system. You only need to
enable auditing on the Report Job Server where the reports are processed.
Note: You must configure the auditing database before you can collect data on
audit actions. See “Configuring the auditing database” on page 334 for
instructions.
To enable audit actions
1 Go to the Servers management area of the CMC.
2 Click the server that controls the action that you wish to audit.
(See the “Reference list of auditable actions” on page 331 to find the correct
server.) The server management area for the server opens.
3 Click the Auditing tab.
4 Select the Auditing is enabled check box.
5 Select the audit actions that you wish to record.
6 Ensure that your audit log file is located on a hard drive that has sufficient
space to store the log files. (See “Optimizing system performance while
auditing” on page 338 for information on adjusting the size of log files.)
7 Click Update.
336
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
Tip:
• To audit every failure of a scheduled report or a scheduled program, enable
auditing of “A job has failed to run” on the Job Server, and “Communication
with a running instance is lost” on the Crystal Management Server.
• Auditing is enabled independently on each server. If you want to audit all
actions of a given type, enable identical audit actions on every server that
supports those actions. Otherwise your audit record will be incomplete. For
example, if you want to track the total number of concurrent logons to your
Crystal Enterprise system, you must enable logging of concurrent logons on
every Crystal Management Server in your system.
Controlling synchronization of audit actions
The CMS controls the synchronization of audit actions that occur on different
machines. The CMS periodically broadcasts its system time to the auditees in UTC
(Coordinated Universal Time). The auditees compare this time to their internal
clocks, and then make the appropriate correction to the time stamp (in UTC) they
record for subsequent audit actions. This correction affects only the time stamp
that the auditee records in its audit log file. The auditee does not adjust the system
time of the machine on which it is running.
By default, the CMS broadcasts its system time every 60 minutes. You can change
the interval using the command-line option
-AuditeeTimeSyncInterval minutes
You can turn off this option by setting minutes to zero. For more information, see
“Crystal Management Server” in “Server Command Lines” on page 425.
This built-in method of time synchronization will be accurate enough for most
applications. For more accurate and robust time synchronization, configure the
auditee and auditor machines to use an NTP (Network Time Protocol) client, and
then turn off internal synchronization by setting
-AuditeeTimeSyncInterval 0
Tip: If you have a CMS cluster, apply the same command-line options to each
server. Only one CMS in the cluster acts as the auditor. However, if this CMS fails,
another CMS takes over auditing. This CMS will apply its own command-line
options. If these options are different than those of the original auditor, audit
behavior may not be what you expect.
Crystal Enterprise Administrator’s Guide
337
Optimizing system performance while auditing
Optimizing system performance while auditing
Enabling auditing should have minimal effect on the performance of Crystal
Enterprise. However, you can optimize system performance by fine-tuning these
command-line options:
• -AuditInterval minutes, where minutes is between 1 and 15. (The default
value is 5.) The CMS requests audit records from each audited server every
audit interval.
• -AuditBatchSize number, where number is between 50 and 500. (The default
value is 200.) The CMS requests this fixed number of records from each
audited server, every time interval.
• -auditMaxEventsPerFile number (number has a default value of 500 and must be
greater than 0). The maximum number of records that an audited server will
store in a single audit log file. When this maximum value is exceeded, the
server opens a new log file.
Note: Log files remain on the audited server until all records have been requested
by the CMS.
Changing each of these options has a different impact on system performance. For
example, increasing the audit interval reduces frequency with which the CMS
writes events to the auditing database. Decreasing the audit batch size decreases
the rate at which records are moved from the audit log files on the audited servers
to the auditing database, thereby increasing the length of time that it takes these
records to get transferred to the central auditing database. Increasing the
maximum number of audit events stored in each audit log file reduces the number
of file open and close operations performed by audited servers.
You can use these options to optimize audit performance to meet your needs. For
example, if you frequently need up-to-date information about audited actions, you
can choose a short audit interval and a large audit batch size. In this case, all audit
records are quickly transferred to the auditing database, and you can always
report accurately on the latest audit actions. However, choosing these options may
have an impact on the performance of Crystal Enterprise.
Alternatively, you may only need to review audit results periodically (weekly, for
example). In this case you can choose to increase the audit interval, and to decrease
the number of audit records in each batch. Choosing these options minimizes the
impact that auditing has on the performance of Crystal Enterprise. However,
depending upon activity levels in your system, these options can create a backlog
of records stored in audit log files. This backlog is cleared at times of low system
activity (such as overnight, or over a weekend), but means that at times your audit
reports may not contain records of the most recent audit actions.
For more information on changing command-line options, see “Server Command
Lines” on page 425.
338
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
Reporting on audit results
Using sample audit reports
Crystal Enterprise ships with several sample audit reports created using Crystal
Reports. They are available on your product CD.
To use these sample reports, first publish them to Crystal Enterprise. Next configure
an auditing database, and then enable auditing of the user and server actions needed
to provide data for the sample reports. Finally, ensure that the sample reports are
configured to use database connection information valid for your auditing database.
You can now use the sample reports to view auditing data collected about user and
system actions on your installation of Crystal Enterprise.
Note: If you have recently enabled auditing, the sample audit reports may contain
little or no data the first time you view them.
To use sample audit reports
1 Create a folder called “admin reports” inside the Report Samples folder to
hold the sample auditing reports.
Note: To create this folder, go to the Folders management area of the Crystal
Management Console (CMC). Click Report Samples, and then click New Folder.
2 Publish the sample audit reports to the “admin reports” folder within Crystal
Enterprise. (The sample audit reports are in Samples > Reports >
AdminReports on your product CD.)
For more information about publishing, see “Publishing Objects to Crystal
Enterprise” on page 115.
3 Configure your auditing database. See “Configuring the auditing database” on
page 334 for instructions.
The sample audit reports were created using a ODBC connection to a database
server named AuditData (that is, the DSN was AuditData), and a database
called CE10. You can create an auditing database that uses these names, or you
can use a database server name and database name of your choice.
4 Go to the Servers management area of the CMC. Enable auditing of the actions
that are included in the sample audit report. See “Enabling auditing of user
and system actions” on page 335 for instructions.
Note: The description of the sample reports indicates which audit actions to
enable for each report.
Crystal Enterprise will now begin to collect data on audit actions.
5 From the Crystal Enterprise Admin Launchpad, select the Crystal
Management Console (CMC).
6 Go to the Folders management area of the CMC.
Crystal Enterprise Administrator’s Guide
339
Reporting on audit results
7 Click Report Samples, then admin reports to display the list of sample audit
reports.
8 Click the name of a report that you want to use; then, from the Process tab,
click the Database link.
9 If the server name, database name, or database logon information for your
auditing database are different than the values originally specified for the
sample report, click “Use custom database logon information specified here.”
10 Type the Server name (DSN) and Database name that you specified for your
auditing database. Make sure you select the same database driver that you
used when configuring the auditing database.
11 Type a User name and Password for a user with administrative rights to the
auditing database.
12 Click Specify a custom table prefix, and then type DatabaseName.dbo. in the
box, where DatabaseName is the name of the database that you specified above.
13 Click Update.
340
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
The sample audit report is now configured to use your auditing database as its
data source.
14 From the Process tab, click the Parameters link.
15 Click the value of any parameter to specify a default value for that parameter,
or to indicate that the user should be prompted for a parameter value when
the report is run. Click Submit.
16 You may now view the report using Crystal Enterprise, or the Crystal
Management Console.
Creating custom audit reports
This section contains information to help you understand the auditing database
and the information it records about audit actions. With this information, you can
use Crystal Reports to create custom audit reports of user and system actions.
See your Crystal Reports User’s Guide for full instructions on creating reports.
Auditing database schema reference
For every audit action that it records, Crystal Enterprise collects the set of
information outlined here. Not every field will be recorded for each audit action;
for example, there is no object ID associated with a successful user logon.
Note: Crystal Enterprise uses the LVARCHAR data type on Informix databases,
rather than NVARCHAR.
.
Field
Type
Detail
EventID
VARCHAR(64)
String that uniquely identifies each audit
record in the database. Primary key for
table.
AuditID
DECIMAL 9(10,0)
Number that uniquely identifies the type
of action the entry represents. See the
“AuditID and AuditString reference” on
page 343 for details.
Crystal Enterprise Administrator’s Guide
341
Reporting on audit results
Field
Type
Detail
NVARCHAR(255)
Machine name of the server that
produced the action.
FriendlyName
NVARCHAR(255)
Friendly name of the server that produced
the action. The server’s friendly name is the
name displayed in the CMC. The default
friendly name is hostname.servertype.
UserID
DECIMAL 9(10,0)
Info Object ID of user who performed the
action. This number uniquely identifies a
user.
UserName
NVARCHAR(255)
Name of user who performed the action.
UserGroups
NVARCHAR(255)
Group or groups that the user belongs to.
If user belongs to more than one group,
the names are separated by the |
character.
ObjectID
DECIMAL 9(10,0)
Info Object ID of object associated with
the action. This number uniquely
identifies an object. This field may be
empty if there is no object associated with
an audit action.
ObjectName
NVARCHAR(255)
Name of the object. For example, if the
object is a report, this field will hold the
name of the report.
ObjectType
NVARCHAR(255)
Type of object. For example an object may
be a report, a folder, an object package or
a program object.
ObjectPath
NVARCHAR(255)
Path to object. The path is included
because the object name may not be
unique.
SessionID
DECIMAL 9(10,0)
Each time a user logs on, they are granted
a session ID. This field may be empty if the
action being audited is not associated with
a user session. For example, a user can
schedule a job to run overnight, when they
are not logged onto Crystal Enterprise. The
audit record showing the success or failure
of this job will not have a session ID.
Timestamp
VARCHAR(64)
Time of action in UTC (Coordinated
Universal Time) to the nearest
millisecond. The time stamp is created by
the server recording the action in its log
file, and includes any correction
necessary to synchronize with CMS time.
You may want to correct this time to your
local time zone when creating audit reports.
MachineName
342
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
Field
Type
Detail
Version
VARCHAR(16)
Version of Crystal Enterprise on server
that produced the action.
Language
NVARCHAR(32)
Language of Crystal Enterprise server
that produced the action.
SrcPrefix
NVARCHAR(32)
String representing the type of server that
produced the action.
Possible values: cms, jobserver,
eventserver, cacheserver, rptappserver.
AuditString
NTEXT (16)
Text string that describes audit action. See
“AuditID and AuditString reference” on
page 343 for a complete list of audit strings.
AuditID and AuditString reference
The auditing database collects records of all auditable actions that occur in your
Crystal Enterprise system. There are two ways of identifying which kind of action
each database record represents: the numeric AuditID and the text-based AuditString.
This section lists the AuditIDs and AuditStrings that are generated by Crystal
Enterprise, along with their meanings. Knowing the audit IDs and the exact audit
strings can help you construct queries for particular actions in your custom reports.
Some audit strings are the same every time they are generated. For example, if a
user changes their password, the audit string is always “User password has been
changed.” Other audit strings vary because they include additional information
about the action. For example, if a user logon fails, the audit string includes a
section that describes the reason for the failure. When a logon fails because the user
mistyped a user name, the complete audit string is “User logon failed. Reason:
Unknown user.” If a logon fails because the user entered the wrong password, the
complete audit string is “User logon failed. Reason: Invalid password.”
In the tables listing AuditStrings, the strings are described as having constant and
variable segments. If an AuditString has a segment that varies with the exact
nature of the audit action, the variable segment is indicated using a variable name
like VariableString.
CMS
AuditID
AuditStrings (constant)
65537
Concurrent user logon
succeeded.
The user logged on successfully,
using a concurrent user license.
65538
Named user logon
succeeded.
The user logged on successfully,
using a named user license.
65540
User logged off.
Crystal Enterprise Administrator’s Guide
AuditStrings (variable)
Notes
343
Reporting on audit results
AuditID
AuditStrings (constant)
65541
User password has been
changed.
65539
User logon failed.
Reason: VariableString
AuditStrings (variable)
Notes
No valid license key
found.
Logon failed because there was
no valid license key available.
Only guest and
In Standard mode, the only
administrator can logon valid user names are guest and
in Standard mode.
administrator. The logon failed
because the user attempted to
log on using a different user ID.
65542
New folder created.
65543
Folder VariableString1
deleted from path
VariableString2
Unknown user.
Logon failed because the user
entered a user name that is not
valid on this system.
User account disabled.
Logon failed because the user’s
account is disabled.
Concurrent user limit
reached.
Logon failed because all
concurrent user licenses are
already in use.
Invalid password.
Logon failed because the user
entered an invalid password.
A new folder is created, or an
existing folder is copied.
Note that this audit string will
not be recorded when a new
user account is created, even
though creating a user creates a
user folder.
VariableString1
contains the folder
name
VariableString2
contains the folder’s
path
65544
344
Folder modified.
A folder is deleted.
Note that this audit string will
be recorded when a user account
(and therefore the user’s folder)
is deleted.
The name, location, or
description of the folder was
changed.
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
AuditID
AuditStrings (constant)
AuditStrings (variable)
Notes
65545
Job failed. Reason:
unresponsive Job
Server Child process.
A scheduled report or scheduled
program failed to run because
communication with the
running instance was lost, and
the scheduled time for running
the job expired.
VariableString
Note: This action must be
audited by the CMS as Job
Servers are not aware of losing
communications with a job.
Cache Server
AuditID
AuditStrings (constant)
AuditStrings (variable)
Notes
196609
Report with
saved
User successfully viewed a
report that has saved data.
viewed successfully.
live
User successfully viewed a
report that has live data.
Report viewed
unsuccessfully. Reason
Many options
User attempted to view a report
object, but was not successful for
the reason listed in the variable
section of the audit string.
VariableString data
196610
VariableString
Report Job Server / Program Job Server
AuditID
AuditStrings (constant)
AuditStrings (variable) Notes
327681
Job successful. Elapsed
time: VariableString
seconds.
Elapsed time in
seconds
327682
Job failed Elapsed time:
VariableString
seconds.
327683
Job failed. Elapsed time:
VariableString
seconds. Job will be
retried by the CMS.
Crystal Enterprise Administrator’s Guide
The object ran as scheduled and the
job completed successfully within
the indicated time.
The scheduled job did not
complete successfully. The attempt
took the indicated amount of time.
The scheduled job did not
complete successfully. The attempt
took the indicated amount of time.
The job will will be retried by the
CMS at a later time. For more
information on scheduling jobs, see
“Scheduling objects” on page 220.
345
Reporting on audit results
Event Server
AuditStrings
(variable)
AuditID
AuditStrings (constant)
Notes
262145
Event registered
User creates a file-based event that can
be used to schedule objects.
262146
Event unregistered
User deletes a file-based event.
262147
Event updated
Event object was modified by a user, or
by the system. Events are updated
when a user modifies the name or
description of the file-based event.
262148
Event triggered
File-based event was initiated.
Report Application Server
AuditID
AuditStrings (constant)
458753
Report was opened for
viewing and/or
modification
346
AuditStrings
(variable)
Notes
User opened a report for viewing or
modification.
Note: In a few cases, this audit string
may be generated when the report
opens but cannot be viewed. This may
occur when:
• There are problems with the
database setup for the report. For
example, you may see this message
when the database driver for the report
is not present on the client machine
• A processing extension associated
with the report aborts viewing, or fails.
• The report used Business Views and
the user did not have permissions to
refresh the underlying data
connections.
• The machine running the RAS ran
out of space in its temporary directory.
Crystal Enterprise Administrator’s Guide
16: Managing Auditing
AuditStrings
(variable)
AuditID
AuditStrings (constant)
458754
Report was saved to the
CMS.
An existing report was saved.
Report was created and
saved to the CMS
A new report was created and saved.
458755
458756
458757
Notes
Note: This AuditID is generated when
a custom application created using the
RAS SDK saves a report (using the
Save method). Consult your RAS SDK
documentation for details.
Note:
• This AuditID is generated when a
custom application created using the
RAS SDK saves a new report (using the
Save As method). Consult your RAS
SDK documentation for details.
• This AuditID is also generated
when an existing report is saved using
the Web Design Report Wizard.
Many options
VariableString
The report could not be opened by the
RAS, for the reason listed in the
variable section of the audit string.
Many options
Report could not be
saved to the CMS.
Reason: VariableString
An existing report could not be saved
by RAS, for the reason listed in the
variable section of the audit string.
Report could not be
opened. Reason:
Note: This AuditID is generated when
a custom application created using the
RAS SDK cannot save a new report
(using the Save As method). Consult
your RAS SDK documentation for
details.
458758
Many options
Report could not be
created in the CMS.
Reason: VariableString
A newly created report could not be
saved by RAS, for the reason listed in
the variable section of the audit string.
Note: This AuditID is also generated
when an existing report fails to save
from the Web Design Report Wizard.
Crystal Enterprise Administrator’s Guide
347
Reporting on audit results
348
Crystal Enterprise Administrator’s Guide
Managing Server Groups
17
This chapter shows how to create server groups and
subgroups. It also shows how to modify the group
membership of an individual server.
Crystal Enterprise Administrator’s Guide
349
Server group overview
Server group overview
Server groups provide a way of organizing your Crystal Enterprise servers to
make them easier to manage. That is, when you manage a group of servers, you
need only view a subset of all the servers on your system. More importantly, server
groups are a powerful way of customizing Crystal Enterprise to optimize your
system for users in different locations, or for objects of different types.
If you group your servers by region, you can easily set up default processing
settings, recurrent schedules, and schedule destinations that are appropriate to
users who work in a particular regional office. You can associate an object with a
single server group, so the object is always processed by the same servers. And you
can associate scheduled objects with a particular server group to ensure that
scheduled objects are sent to the correct printers, file servers, and so on. Thus,
server groups prove especially useful when maintaining systems that span
multiple locations and multiple time zones.
If you group your servers by type, you can configure objects to be processed by
servers that have been optimized for those objects. For example, processing servers
need to communicate frequently with the database containing data for published
reports. Placing processing servers close to the database server that they need to
access improves system performance and minimizes network traffic. Therefore, if you
had a number of reports that ran against a DB2 database, you might want to create a
group of Page Servers that process reports only against the DB2 database server. If
you then configured the appropriate reports to always use this Page Server group for
viewing, you would optimize system performance for viewing these reports.
After creating server groups, configure objects to use specific server groups for
scheduling, or for viewing and modifying reports. For details, see “Specifying
servers for scheduling” on page 212 or “Specifying servers for viewing and
modification” on page 187. You can change the status, obtain metrics, and
configure your servers in the Server Groups management area—just as you would
in the Servers management area. The only difference is that you see only the
servers that you added to the server group.
Creating a server group
To create a server group, you need to specify the name and description of the
group, and then add servers to the group.
To create a server group
1 Go to the Server Groups management area of the CMC.
2 Click New Server Group.
350
Crystal Enterprise Administrator’s Guide
17: Managing Server Groups
The New Server Group Properties tab appears.
3 In the Server Group Name field, type a name for the new group of servers.
4 Use the Description field to include additional information about the group.
5 Click OK.
6 On the Servers tab, click Add/Remove Servers.
7 Select the servers that you want to add to this group; then click the > arrow.
Tip: Use CTRL+click to select multiple servers.
This example adds the servers running on BARACUS to a server group called
Northern Office Servers.
8 Click OK.
You are returned to the Servers tab, which now lists all the servers that you
added to the group. You can now change the status, view server metrics, and
change the properties of the servers in the group. For more information, see
“Server management overview” on page 270.
Crystal Enterprise Administrator’s Guide
351
Working with server subgroups
Working with server subgroups
Subgroups of servers provide you with a way of further organizing your servers.
A subgroup is just a server group that is a member of another server group.
For example, if you group servers by region and by country, then each regional
group becomes a subgroup of a country group. To organize servers in this way,
first create a group for each region, and add the appropriate servers to each
regional group. Then, create a group for each country, and add each regional
group to the corresponding country group.
There are two ways to set up subgroups: you can modify the subgroups of a server
group, or you can make one server group a member of another. The results are the
same, so use whichever method proves most convenient.
To add subgroups to a server group
1 Go to the Server Groups management area of the CMC.
2 Click the group that you want to add subgroups to.
This group is the parent group.
3 On the Subgroups tab, click Add/Remove Groups.
4 In the Available server groups list, select the server groups that you want to
add as subgroups; then click the > arrow.
5 Click OK.
You are returned to the Subgroups tab, which now lists all the server groups
that you added to the parent group.
To make one server group a member of another
1 Go to the Server Groups management area of the CMC.
2 Click the group that you want to add to another group.
3 On the Member of tab, click the Member of button.
4 In the Available server groups list, select the server groups that should
include your group as a member; then click the > arrow.
352
Crystal Enterprise Administrator’s Guide
17: Managing Server Groups
This example makes the Job Servers group a member subgroup of the Northern
Office Servers group.
5 Click OK.
You are returned to the “Member of” tab, which now lists all the server groups
that the initial group is now a member of.
Modifying the group membership of a server
You can modify a server’s group membership to quickly add the server to (or
remove it from) any group or subgroup that you have already created on the system.
For example, suppose that you created server groups for a number of regions. You
might want to use a single Web Component Server (WCS) for multiple regions.
Instead of having to add the WCS individually to each regional server group, you
can click the server’s “Member of” link to add it to all three regions at once.
To modify a server’s group membership
1 Go to the Servers management area of the CMC.
2 Locate the server whose membership information you want to change.
3 In the Server Group column, click the server’s Member of link.
The “Member of” page lists any server groups that the server currently belongs to.
4 Click the Member of button.
The “Modify Member Of” page appears.
5 Move server groups from one list to another to specify which groups the
server is a member of.
6 Click OK.
Crystal Enterprise Administrator’s Guide
353
Modifying the group membership of a server
354
Crystal Enterprise Administrator’s Guide
Scaling Your System
18
This chapter details the common ways in which you should
begin to scale, or expand, your Crystal Enterprise system. The
chapter also provides general scalability considerations, and
shows how to add server components to your installation.
Crystal Enterprise Administrator’s Guide
355
Scalability overview
Scalability overview
The Crystal Enterprise architecture is scalable in that it allows for a multitude of server
configurations, ranging from stand-alone, single-machine environments, to largescale deployments supporting global organizations. The flexibility offered by the
product’s architecture allows you to set up a system that suits your current reporting
requirements, without limiting the possibilities for future growth and expansion.
This chapter details common scalability scenarios for administrators who want to
expand beyond a stand-alone installation of Crystal Enterprise. These three
scenarios have received the most testing, and are recommended for the majority of
deployments. For details, see “Common configurations” on page 356.
It must be emphasized, however, that the optimal configuration for your
deployment will vary depending upon your hardware configuration, your
database software, and your reporting requirements. It is recommended that you
contact your Crystal Decisions sales representative and request information about
the Crystal Enterprise Sizing Guide. A Crystal Services consultant can then assess
your reporting environment and assist in determining the configuration that will
best integrate with your current environment.
Note: If you customize or expand your system beyond these common configurations
without first contacting Crystal Services, your deployment may not be officially
supported.
This chapter also provides the related procedures for adding and deleting servers
from your Crystal Enterprise installation. Follow these steps when you need to add
server components to a machine that is already running Crystal Enterprise.
Tip: If you are adding new hardware to Crystal Enterprise by installing server
components on additional machines, run the Crystal Enterprise installation and
setup program. The setup program allows you to perform an Expand installation.
During the Expand installation, you specify the existing CMS whose system you
want to expand, and you select the components that want to install on the local
machine. For details, see the Crystal Enterprise Installation Guide.
Common configurations
This section details the common ways in which you should begin to scale, or
expand, your Crystal Enterprise system. The scenarios described are those that
have been most thoroughly tested by Crystal Decisions, Inc. As a baseline, this
section assumes that you have not yet distributed the Crystal Enterprise servers
across multiple machines; however, this section does assume familiarity with the
Crystal Enterprise architecture, installation, and server configuration. For
preliminary installation information, see the Crystal Enterprise Installation Guide.
Tip: If you are deploying multi-processor machines, you may also want to run one
or more Crystal Enterprise servers in multiple instances on that machine. For
details, see “Adding a server” on page 365.
356
Crystal Enterprise Administrator’s Guide
18: Scaling Your System
One-machine setup
This basic configuration separates the Crystal Enterprise servers from the rest of
your reporting environment and from your web server, and installs all Crystal
Enterprise servers on a single machine. This grants the Crystal Enterprise servers
their own set of processing resources, which they do not have to share with
database and web server processes. These are the general steps to setting up this
configuration for the default Windows installation of Crystal Enterprise:
• Install all of the Crystal Enterprise servers on a single, dedicated machine.
• Install and configure the Web Connector on your web server machine.
• Run the CMS database on your database server.
If you are still using the MSDE CMS database on Windows, migrate the CMS
database to a supported database server. See the Platforms.txt file included
with your product distribution for a list of supported database servers.
For a UNIX installation (or for a Windows installation that uses the Crystal
Enterprise Java SDK), install your Crystal Enterprise servers on the same machine
as your Java web application server and the Web Component Adapter.
Three-machine setup
This second configuration divides the Crystal Enterprise processing load in a
logical manner, based on the types of work performed by each server. In this way,
you prevent the server components from having to compete with each other for the
same hardware and processing resources. In addition, this scenario prepares your
system for further expansion to provide redundancy.
Note: It is recommended that you use three multi-processor machines (dual-CPU
or better), with at least 2 GB RAM installed on each machine.
These are the general steps to setting up this configuration for the default
Windows installation of Crystal Enterprise:
• Install the CMS and the Event Server on one machine.
Tip: Here, the Event Server is installed on the same machine as the CMS. In
general, however, the Event Server should be installed on the machine where
your monitored, file-based events occur.
• Install the WCS and the Cache Server on the second machine.
• Install the Page Server, the Job Server, the Report Application Server (RAS),
and the Input and Output File Repository Servers on the third machine.
For a UNIX installation (or for a Windows installation that uses the Crystal
Enterprise Java SDK), install the Java web application server and the Web
Component Adapter on the same machine as your Cache Server.
Note: As with the one-machine setup, install your Crystal Enterprise servers on
machines that are separate from your web server and database servers. This
grants the Crystal Enterprise servers their own set of processing resources, which
they do not have to share with database and web server processes.
Crystal Enterprise Administrator’s Guide
357
Common configurations
Six-machine setup
This third configuration mirrors the three-machine setup. You maintain the logical
breakdown of processing based on the types of work performed by each server,
but you increase the number of available machines and servers for redundancy
and fault-tolerance. For instance, if a server stops responding, or if you need to take
one or two machines offline completely, you need not interrupt Crystal Enterprise
requests in order to service the system.
This tested configuration is designed to meet the reporting requirements of 85% of
all deployment scenarios. If you have further requirements or more advanced
configuration needs, contact your Crystal Decisions sales representative for
additional assistance.
Note: It is recommended that you use six multi-processor machines (dual-CPU or
better), with at least 2 GB RAM installed on each machine.
These are the general steps to setting up this configuration for the default
Windows installation of Crystal Enterprise:
• Install the three-machine setup first. Verify that Crystal Enterprise is functioning
correctly.
• Install a second CMS/Event Server pair on the fourth machine. This machine
must have a fast network connection (minimum 10 Mbps) to the CMS that you
have already installed.
Cluster the two CMS services, so they share the task of maintaining the CMS
database. Ensure that each CMS accesses the CMS database in exactly the same
manner (the same database client software, the same database user name and
password, and so on).
Tip: Here, the Event Server is installed on the same machine as the CMS. In
general, however, the Event Server should be installed on the machine where
your monitored, file-based events occur.
• Install a second WCS/Cache Server pair on the fifth machine.
Modify your Web Connector configuration to ensure that the Web Connector
communicates with the two distinct WCS hosts.
or
Install a second Java web application server and Web Component Adapter on
the fifth machine, along with a second Cache Server. Consult your web
application server documentation for information on load-balancing and
clustering your application servers.
Ensure that the web.xml file is configured correctly for each WCA.
• Install a second Page Server, Job Server, and RAS on the remaining machine,
along with a pair of Input and Output File Repository Servers.
Ensure that all Page Servers and Job Servers can access your reporting database
in exactly the same manner. Install and configure any required database client
software similarly on each machine, along with any ODBC DSNs that are
required for your reports.
358
Crystal Enterprise Administrator’s Guide
18: Scaling Your System
Note: As with the one-machine setup, install your Crystal Enterprise servers on
machines that are separate from your web server and database servers. This
grants the Crystal Enterprise servers their own set of processing resources, which
they do not have to share with database and web server processes.
General scalability considerations
This section provides information about system scalability and the Crystal
Enterprise servers that are responsible for particular aspects of your system. Each
subsection focuses on one aspect of your system’s capacity, discusses the relevant
components, and provides a number of ways in which you might modify your
configuration accordingly.
Before modifying these aspects of your system, it is strongly recommended that
you contact your Crystal Decisions sales representative and request information
about the Crystal Enterprise Sizing Guide. A Crystal Services consultant can then
assess your reporting environment and assist in determining the configuration
that will best integrate with your current environment.
Increasing overall system capacity
As the number of report objects and users on your system increases, you can
increase the overall system capacity by clustering two (or more) Crystal
Management Servers (CMS). You can install multiple CMS services/daemons on
the same machine. However, to provide server redundancy and fault-tolerance,
you should ideally install each cluster member on its own machine.
CMS clusters can improve overall system performance because every Crystal
Enterprise request results, at some point, in a server component querying the CMS
for information that is stored in the CMS database. When you cluster two CMS
machines, you instruct the new CMS to share in the task of maintaining and
querying the CMS database.
For more information, see “Clustering Crystal Management Servers” on page 284.
Increasing scheduled reporting capacity
All Crystal reports that are scheduled are eventually processed by a Report Job
Server. You can expand Crystal Enterprise by running individual Report Job
Servers on multiple machines, or by running multiple Report Job Servers on a
single multi-processor machine.
If the majority of your reports are scheduled to run on a regular basis, there are
several strategies you can adopt to maximize your system’s processing capacity:
• Install the Report Job Server in close proximity to (but not on the same
machine as) the database server against which the reports run. Ensure also that
the File Repository Servers are readily accessible to all Report Job Servers (so
Crystal Enterprise Administrator’s Guide
359
General scalability considerations
•
•
•
•
they can read report objects from the Input FRS and write report instances to
the Output FRS quickly). Depending upon your network configuration, these
strategies may improve the Report Job Server’s processing speeds, because
there is less distance for data to travel over your corporate network.
Verify the efficiency of your reports. When designing reports in Crystal
Reports, there are a number of ways in which you can improve the
performance of the report itself, by modifying record selection formulas, using
the database server’s resources to group data, incorporating parameter fields,
and so on. For more information, see the “Designing Optimized Web Reports”
section in the Crystal Reports User’s Guide (version 8.5 and later).
Use event-based scheduling to create dependencies between large or complex
reports. For instance, if you run several very complex reports on a regular,
nightly basis, you can use Schedule events to ensure that the reports are
processed sequentially. This is a useful way of minimizing the processing load
that your database server is subject to at any given point in time.
If some reports are much larger or more complex than others, consider
distributing the processing load through the use of server groups. For
instance, you might create two server groups, each containing one or more
Report Job Servers. Then, when you schedule recurrent reports, you can
specify that it be processed by a particular server group to ensure that
especially large reports are distributed evenly across resources.
Increase the hardware resources that are available to a Report Job Server. If the
Report Job Server is currently running on a machine along with other Crystal
Enterprise components, consider moving the Report Job Server to a dedicated
machine. If the new machine has multiple CPUs, you can install multiple
Report Job Servers on the same machine (typically no more than one service/
daemon per CPU).
Increasing on-demand viewing capacity
When you provide many users with View On Demand access to reports, you allow
each user to view live report data by refreshing reports against your database
server. For most requests, the Page Server retrieves the data and performs the
report processing, and the Cache Server stores recently viewed report pages for
possible reuse. However, if users use the Advanced DHTML viewer, the Report
Application Server (RAS) processes the request.
If your reporting requirements demand that users have continual access to the
latest data, you can increase capacity in the following ways:
• Increase the maximum allowed size of the cache. For details, see “Modifying
Cache Server performance settings” on page 301.
• Verify the efficiency of your reports. When designing reports in Crystal
Reports, there are a number of ways in which you can improve the
performance of the report itself, by modifying record selection formulas, using
the database server’s resources to group data, incorporating parameter fields,
360
Crystal Enterprise Administrator’s Guide
18: Scaling Your System
and so on. For more information, see the “Designing Optimized Web Reports”
section in the Crystal Reports User’s Guide (version 8.5 and later).
• Increase the number of Page Servers that service requests on behalf of any single
Cache Server. You can install additional Page Servers on multiple machines, or
you can run multiple Page Servers on a single multi-processor machine
(typically no more than one service/daemon per CPU).
• Increase the number of Page Servers, Cache Servers, and Report Application
Servers on the system, and then distribute the processing load through the use of
server groups. For instance, you might create two server groups, each
containing one or more Cache Server/Page Server pairs along with one or more
Report Application Servers. You can then specify individual reports that should
always be processed by a particular server group.
Enhancing custom web applications
If you are developing your own custom desktops or administrative tools with the
Crystal Enterprise Software Development Kit (SDK), be sure to review the libraries
and APIs. You can now, for instance, incorporate complete security and scheduling
options into your own web applications. You can also modify server settings from
within your own code in order to further integrate Crystal Enterprise with your
existing intranet tools and overall reporting environment.
To improve the scalability of your system, consider distributing administrative
efforts by developing web applications for delegated content administration. You
can grant select users the ability to manage particular Crystal Enterprise folders,
content, users, and groups on behalf of their team, department, or regional office.
In addition, be sure to check the developer documentation available on your Crystal
Enterprise product CD for performance tips and other scalability considerations.
The query optimization section in particular provides some preliminary steps to
ensuring that custom applications make efficient use of the query language.
Improving web response speeds
Because all user interaction with Crystal Enterprise occurs over the Web, you may
need to investigate a number of areas to determine exactly where you can improve
web response speeds. These are some common aspects of your deployment that
you should consider before deciding how to expand Crystal Enterprise:
• Assess your web server’s ability to serve the number of users who connect
regularly to Crystal Enterprise. Use the administrative tools provided with
your web server software (or with your operating system) to determine how
well your web server performs. If the web server is indeed limiting web
response speeds, consider increasing the web server’s hardware and/or setting
up a “web farm” (multiple web servers responding to web requests to a single
IP address). See “Configuring your web farm for load balancing” on page 362.
Crystal Enterprise Administrator’s Guide
361
General scalability considerations
• If web response speeds are slowed only by report viewing activities, see
“Increasing scheduled reporting capacity” on page 359 and “Increasing ondemand viewing capacity” on page 360.
• Take into account the number of users who regularly access your system. If
you are running a large deployment, ensure that you have set up a CMS
cluster. For details, see “Increasing overall system capacity” on page 359.
If you find that a single application server (that is, the WCS or the Java web
application server) inadequately services the number of scripting requests made
by users who access your system on a regular basis, consider the following options:
• Increase the hardware resources that are available to the application server. If
the application server is currently running on the web server, or on a single
machine with other Crystal Enterprise components, consider moving the
application server to a dedicated machine. If the new machine has multiple
CPUs, you can install multiple WCS services/daemons or Java application
servers on the same machine (typically no more than one per CPU).
• If you are using the default Windows installation of Crystal Enterprise, set up
two (or more) WCS machines to take advantage of the dynamic load balancing
that is built into the Web Connector components. The Web Connector
distributes the processing load evenly across WCS hosts: each new Crystal
Enterprise session is sent to the least used WCS. This also provides you with
the benefits of being able to take one WCS machine offline for service, without
bringing down the entire system.
• If you are using the UNIX installation of Crystal Enterprise (or have
configured your Windows installation to use the Crystal Enterprise Java SDK),
consider setting up two (or more) Java application servers. Consult the
documentation for your Java web application server for information on loadbalancing, clustering, and scalability.
Note: Crystal Enterprise does not support the session-replication functionality
provided by some Java web application servers.
Configuring your web farm for load balancing
A web farm is a group of two or more web servers working together to handle
browser requests. If you are using the default installation of Crystal Enterprise on
Windows, the Web Connectors that reside on each of the web servers need to be
configured so they are aware of the Web Component Servers they should
communicate with.
Note: Crystal Enterprise supports web farms with and without affinity masks.
After the connectors have been configured, they can load-balance requests between
the Web Component Servers. When a web server establishes a connection with a
Web Component Server, it uses a round robin algorithm to identify the next available
Web Component Server. The only exceptions to this occur when a web server uses a
CGI web connector, or if a session state was created on a previous request to the Web
362
Crystal Enterprise Administrator’s Guide
18: Scaling Your System
Component Server. The CGI web connector uses a random algorithm instead of a
round robin algorithm because the connector doesn’t have knowledge of the last
Web Component Server it communicated with. Requests that had a session set up
previously, must return to the same Web Component Server each time to ensure that
subsequent requests have access to the previously set session state.
Tip: Consult the documentation for your Java web application server for
information on load-balancing, clustering, and scalability of these servers.
To configure a web farm for Crystal Enterprise
1 When you install the Web Connector along with the Crystal Enterprise “web
content” on each of your web servers, select the same installation directory on
each machine.
2 When you install multiple Web Component Servers, select the same
installation directory on each machine.
3 Verify that the virtual directory mappings and the application mappings are
configured identically on each web server.
4 Configure each Web Connector to communicate with all of your Web
Component Servers.
For instance, if you are running two web servers and three Web Component
Servers, configure the virtual path mappings similarly for both Web
Connectors, so they can both communicate with all three WCS hosts.
For complete details on installing and configuring Web Connectors for your web
server, and for troubleshooting steps related to path mappings, see the Crystal
Enterprise Installation Guide.
Getting the most from existing resources
One of the most effective ways to improve the performance and scalability of your
system is to ensure that you get the most from the resources that you allocate to
Crystal Enterprise.
Optimizing network speed and database efficiency
When thinking about the overall performance and scalability of Crystal Enterprise,
don’t forget that Crystal Enterprise depends upon your existing IT infrastructure.
Crystal Enterprise uses your network for communication between servers and for
communication between Crystal Enterprise and client machines on your network.
Make sure that your network has the bandwidth and speed necessary to provide
Crystal Enterprise users with acceptable levels of performance. Consult your
network administrator for more information.
Crystal Enterprise processes reports against your database servers. If your databases
are not optimized for the reports you need to run, then the performance of Crystal
Enterprise may suffer. Consult your database administrator for more information.
Crystal Enterprise Administrator’s Guide
363
Adding and deleting servers
Using the appropriate processing server
When users view a report using the Advanced DHTML viewer, the report is
processed by the Report Application Server rather than the Page Server and Cache
Server. The Report Application Server is optimized for report modification. For
simple report viewing you can achieve better system performance if users select
the DHTML viewer, the Active X viewer, or the Java viewer. These report viewers
process reports against the Page Server.
If the ability to modify reports is not needed at your site, you can disable the
Advanced DHTML viewer for all users of Crystal Enterprise.
Disabling the Advanced DHTML Viewer
1 In the Crystal Management Console, select Crystal Applications.
2 Select Web Desktop.
3 On the Preferences tab, go to the Viewers area. Clear the option labeled Allow
users to use the Advanced DHTML Viewer.
4 Click Update.
Optimizing Crystal Enterprise for report viewing
Crystal Enterprise allows you to enable data sharing, which permits different users
accessing the same report object to use the same data when viewing a report on
demand or when refreshing a report. Enabling data sharing reduces the number of
database calls, thereby reducing the time needed to provide report pages to subsequent
users of the same report while greatly improving overall system performance under
load. However, to get full value from data sharing, you must permit data to be reused
for some period of time. This means that some users may see “old” data when they
view a report on demand, or refresh a report instance that they are viewing.
For details on data sharing options for reports, see “Setting report viewing
options” on page 186. For more information on configuring Crystal Enterprise to
optimize report viewing in your system, see the planning chapter in the Crystal
Enterprise Installation Guide.
Adding and deleting servers
This section shows how to add and delete servers from a machine that is already
running Crystal Enterprise components.
Tip: If you are adding new hardware to Crystal Enterprise by installing server
components on new, additional machines, run the Crystal Enterprise installation
and setup program from your product distribution. The setup program allows you
to perform an Expand installation. During the Expand installation, you specify the
existing CMS whose system you want to expand, and you select the components
that you want to install on the local machine. For details, see the Crystal Enterprise
Installation Guide.
364
Crystal Enterprise Administrator’s Guide
18: Scaling Your System
Adding a server
These steps add a new instance of a server to the local machine. You can run
multiple instances of the same Crystal Enterprise server on the same machine.
To add a Windows server
Note: To complete this procedure, you must log on as an Administrator of the
local machine.
1 Start the CCM on the Crystal Enterprise machine upon which you want to
install a new server.
2 On the toolbar, click Add Server.
The Add Crystal Server Wizard displays its Welcome dialog box.
3 Click Next.
The “Server Type and Display Name Configuration” dialog box appears.
4 Click the Server Type list and select the kind of server you want to add.
5 Change the default Display Name field if you want a different name to appear
in the list of servers in the CCM.
Note: The display name for each server on the local machine must be unique.
6 Change the default Server Name field if required.
Each server on the system must have a unique name. The default naming
convention is HOSTNAME.servertype (a number is appended if there is more than
one server of the same type on the same host machine). This Server Name is
displayed when you manage servers over the Web in the Crystal Management
Console (CMC).
When you add Input or Output File Repository Servers, the wizard always
precedes the server name you type with an “Input.” or “Output.” prefix. So, if you
Crystal Enterprise Administrator’s Guide
365
Adding and deleting servers
add an Input FRS with the name SERVER02, the CCM actually names the server
Input.SERVER02. This “Input.” prefix is required by the system. If you subsequently
modify the server’s name through its command line, do not remove the prefix.
7 Click Next.
The “Set Configuration for this server” dialog box appears. The contents of this
dialog vary slightly, depending upon the type of server that you are installing.
8 Type the name of the CMS that you want the server to communicate with.
If your CMS is not listening on the default port (6400), include the appropriate
port number, as in CMSname:port#
9 Click Next to accept any other default values, or modify them to suit your
environment.
Note: If port number options are displayed in this dialog box, do not modify
them. Instead, change ports through each server’s command line. For details,
see “Changing the default server port numbers” on page 321.
10 Confirm the summary information is correct; then click Finish.
The new server appears in the list, but it is neither started nor enabled automatically.
11 Use the CCM (or the CMC) to start and then to enable the new server when
you want it to begin responding to Crystal Enterprise requests. For details, see
“Viewing and changing the current status of servers” on page 274.
Tip: Auditing in Crystal Enterprise is enabled on a per server basis. If you add a
new server to your Crystal Enterprise installation you must enable auditing of
actions on each new server. If you do not, the actions performed on the new server
will not be audited. See “Enabling auditing of user and system actions” on
page 335 for more information.
To add a UNIX server
Use the serverconfig.sh script. For reference, see “serverconfig.sh” on page 439.
Deleting a server
To delete a Windows server
1 Start the CCM on the Crystal Enterprise machine that you want to delete a
server from.
2 Stop the server that you want to delete from the system.
3 With the server selected, click Delete Server on the toolbar.
4 When prompted for confirmation, click Yes.
To delete a UNIX server
Use the serverconfig.sh script. For reference, see “serverconfig.sh” on page 439.
366
Crystal Enterprise Administrator’s Guide
Working with Firewalls
19
This chapter describes how Crystal Enterprise works with
firewall systems. After providing some background
information on the supported types of firewalls, this
chapter explains how to configure firewalls and Crystal
Enterprise to work together.
Crystal Enterprise Administrator’s Guide
367
Firewalls overview
Firewalls overview
Crystal Enterprise works with firewall systems to provide reporting across
intranets and the Internet without compromising network security. This chapter
provides general information about firewalls, packet filtering, Network Address
Translation (NAT), and SOCKS proxy server firewalls. It then explains how to
configure these firewalls and Crystal Enterprise to work together.
If you are already familiar with firewalls and the configuration used in your
network, proceed directly to “Understanding Crystal Enterprise and firewall
integration” on page 371.
What is a firewall?
A firewall is a security system that protects one or more computers from
unauthorized network access. A firewall restricts people to entering and leaving
your network at a carefully controlled point. It also prevents attackers from getting
close to your other defenses. Typically, a firewall protects a company’s intranet
from being improperly accessed through the Internet. A firewall can enforce a
security policy, log Internet activity, and be a focus for security decisions. A firewall
can’t protect against malicious insiders or connections that don’t go through it. A
firewall also can’t set itself up correctly or protect against completely new threats.
To help explain how firewalls work, some basic networking terms—TCP/IP,
packets, and ports—are described here.
If you are already familiar with these topics see “Understanding Crystal Enterprise
and firewall integration” on page 371.
TCP/IP and packets
TCP/IP (Transmission Control Protocol/Internet Protocol) is the communications
protocol used on the Internet. The units of data transmitted through a TCP/IP
network are called packets. Packets are typically too small to contain all the data
that is sent at any one time, so multiple packets are required, each containing a
portion of the overall data. When data is sent by TCP/IP, the packets are
constructed such that a layer for each protocol is wrapped around each packet.
Typically, TCP/IP packets have the following layers:
• Application layer (for example, FTP, telnet, and HTTP).
• Transport layer (TCP or UDP).
• Internet layer (IP).
• Network Access layer (for example, ethernet and ATM).
At the application layer, the packet consists simply of the data to be transferred. As
the packet moves through the layers, each layer adds a header to the packet,
preserving the data from the previous level. These headers are used to determine
the packet’s destination and to ensure that it arrives intact. When the packet
368
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
reaches its destination, the process is reversed: the layers are sequentially removed
until the transferred data is available to the destination application.
Ports
Ports are logical connection points that a computer uses to send and receive
packets. With TCP/IP, ports allow a client program to specify a particular server
program on a computer in a network. High-level applications that use TCP/IP
have ports with pre-assigned numbers. For instance, when you visit a typical
HTTP site over the Web, you communicate with the web server on port 80, which
is the pre-assigned port for HTTP communication.
Other application processes are given port numbers dynamically for each
connection. When a service or daemon initially is started, it binds to its designated
port number. When any client program wants to use that server, it must also
request to bind to the designated port number. Valid port numbers range from 0
to 65536, but ports 0 to 1024 are reserved for use by certain privileged services.
Firewall types
Firewalls primarily function using at least one of three methods: packet filtering,
Network Address Translation (NAT), and proxy services. Crystal Enterprise
works with these firewall types. Packet filtering rejects TCP/IP packets from
unauthorized hosts and rejects connection attempts to unauthorized services. NAT
translates the IP addresses of internal hosts to hide them from outside monitoring.
NAT is also called IP masquerading. Proxy services make high-level application
connections on behalf of internal hosts to completely break the network layer
connection between internal and external hosts.
Packet filtering
Packet filtering deletes packets before they are delivered to the destination
computer. Packet filtering can delete packets based on the following:
• The address the data is coming from.
• The address the data is going to.
• The session and application ports being used to transfer the data.
• The data contained within the packet.
Typically there are two types of packet filtering: stateful and stateless. Stateful
packet filters remember the state of connections at the network and session layers
by recording the established session information that passes through the filter
gateway. The filter then uses that information to discriminate valid return packets
from invalid connection attempts. Stateless packet filters do not retain information
about connections in use; instead, they make determinations packet-by-packet
based only on the information contained within the packet. Firewalls that employ
packet filtering will work with Crystal Enterprise.
Crystal Enterprise Administrator’s Guide
369
Firewalls overview
Network Address Translation
Network Address Translation (NAT) converts private IP addresses in a private
network to globally unique, public IP addresses for use external to that network.
The main purpose of NAT is to hide internal hosts. As outgoing packets are routed
through the firewall, NAT hides internal hosts by converting their IP addresses to
an external address. Once the translation is complete, the firewall sends the data
payload on to its original destination; thus, NAT makes it appear that all traffic
from your site comes from one (or more) external IP addresses.
The firewall maintains a translation table to keep track of the address conversions
that it has performed. When an incoming response arrives at the firewall, the
firewall uses this translation table to determine which internal host should receive
the response. Because this type of firewall essentially sends and receives data on
behalf of internal hosts, NAT can also be described as a simple proxy.
There are two basic types of NAT:
• Static translation (port forwarding) grants a specific internal host a fixed
translation that never changes. For example, if you run an email server inside a
firewall, you can establish a static route through the firewall for that service.
• Dynamic translation (automatic, hide mode, or IP masquerade) shares a small
group of external IP addresses amongst a large group of internal clients for the
purpose of expanding the internal network address space. Because a translation
entry does not exist until an internal client establishes a connection out through
the firewall, external computers have no way to address an internal host that is
protected using a dynamically translated IP address.
Note: Some protocols do not function correctly when the port is changed.
These protocols will not work through a dynamically translated connection.
Crystal Enterprise and static translation NAT can be configured so that they work
together.
SOCKS proxy servers
SOCKS is a networking protocol that enables computers on one side of a SOCKS
server to access computers on the other side of a SOCKS server without requiring
a direct IP connection. A SOCKS server redirects connection requests from
computers on one side of it to computers on the other side of it. A SOCKS server
typically authenticates and authorizes requests, establishes a proxy connection,
and relays data between the internal and external networks. Crystal Enterprise
supports and works with SOCKS servers.
SOCKS servers work by listening for service requests from internal clients. When
an external request is made, the SOCKS server sends the requests to the internal
network as if the SOCKS server itself was the originating client. When the SOCKS
server receives a response from the internal server, it returns that response to the
original client as if it were the originating external server. This effectively hides the
identity and the number of clients on the internal network from examination by
anyone on the external network.
370
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Understanding Crystal Enterprise and firewall
integration
This section gives a conceptual overview of internal communications between
Crystal Enterprise servers and the implications for firewall configuration. It also
reviews the most common firewall scenarios.
For detailed step-by-step instructions on how to configure your system to work in
a firewalled environment, see “Configuring Crystal Enterprise to work with
firewalls” on page 374.
Communication between Crystal Enterprise servers
It is helpful to understand the basics of internal communications between Crystal
Enterprise servers before configuring your Crystal Enterprise system to work with
firewalls.
Some examples also apply to communications between a Crystal Enterprise server
and the Crystal Enterprise SDK (or other Crystal Enterprise SDKs, such as the
Report Application Server SDK or the Viewer SDK). Where applicable, these
examples are indicated in the descriptions.
Connections when servers use the CMS directory listing
service
The Crystal Management Server (CMS) manages a directory listing service for the Web
Component Server and the servers in the Intelligence Tier and the Processing Tier. (See
“Architecture overview and diagram” on page 28 for a listing of these servers.)
When a Crystal Enterprise server first connects to the Crystal Enterprise
framework, it registers its IP address and port number with the CMS. By default
this port number is dynamically chosen.
When one Crystal Enterprise server needs to communicate with another, it
contacts the directory listing service on the CMS to obtain the connection
information. The first server then uses this information to communicate directly
with the second server.
For example, before running a scheduled report, the Report Job Server must
communicate with the Input File Repository Server (FRS) to obtain the report
object. To do so:
• The Report Job Server contacts the CMS and requests connection information
for the Input FRS.
• The CMS replies to the Report Job Server with the IP address and port number
of the Input FRS.
Crystal Enterprise Administrator’s Guide
371
Understanding Crystal Enterprise and firewall integration
• The Report Job Server uses this information to connect directly to the Input
FRS. All subsequent communications between the two servers continues using
the same address and port.
Note:
• This communication model is also used when a Crystal SDK or the WCA
communicates directly with a server in the Intelligence Tier or the Processing
Tier.
• The CMS includes a directory listing for the WCS, but communications
between the CMS and WCS (or the CMS and the Crystal Enterprise SDK and
WCA) follow another model. See “Connections between the Web Connector
and WCS, or between the application tier and CMS” on page 372.
• Using the -requestport command, you can configure any Crystal Enterprise
server to register a fixed port number with the CMS, rather than using one that
is dynamically selected.
Connections between the Web Connector and WCS, or
between the application tier and CMS
Not all Crystal Enterprise components use the directory listing service on the CMS
to make their initial connections with other elements of Crystal Enterprise.
The Web Connector (WC) contacts the Web Component Server (WCS) using a predefined address and port number. The WCS replies to the WC with its address and
a second port number, which by default is selected dynamically. This address and
second port number is used for all subsequent communications between the two
components.
Communications between the WCS and CMS (or a Crystal SDK and the CMS)
follows the same pattern as WC - WCS communications. The WCS contacts the
CMS using a pre-defined address and port number. The CMS replies with its
address and a second port number, which by default is selected dynamically.
Subsequent communications continue using this address and second port number.
You can use the -requestport command to configure the WCS or CMS to reply
with a fixed port number for subsequent communications, rather than one that is
dynamically selected. Using the -port option, you can also customize the WCS or
the CMS to listen on a specific port for initial communications, rather than using
the pre-defined default values (port 6401 for the WCS, and port 6400 for the CMS).
Note:
• Before changing the default port numbers, see “Changing the default server
port numbers” on page 321 for additional configuration information.
• You may also change the default port that the CMS or WCS uses to listen for
initial communications from the Configuration tab of the Properties dialog in
the Crystal Configuration Manager.
372
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Overview of Crystal Enterprise and firewall configuration
By default Crystal Enterprise uses dynamically chosen port numbers for
communications between components. You must change this default when you
place a stateful firewall that uses packet filtering or Network Address Translation
(NAT) between Crystal Enterprise components because these firewalls provide
protection by permitting communications from outside the firewall with only
specified addresses and ports inside the firewall.
To enable Crystal Enterprise to communicate across such a firewall, you must
configure its components to use fixed addresses and ports. Then you must
configure your firewall to allow communications to the services behind the
firewall using these addresses and ports.
The process is similar when you configure your Crystal Enterprise system to
communicate across SOCKS proxy filters. But Crystal Enterprise provides direct
support for SOCKS proxy filters, so you need only configure each component to be
aware of the location and type of the proxies that they communicate with.
Note: When this section mentions firewalling different Crystal Enterprise
components, it assumes that the components reside on separate computers. If the
components reside on the same computer, their communication is uninterrupted
by firewalls, and no additional configuration is required.
Typical firewall scenarios
If all users of your Crystal Enterprise system are on your internal network, there is no
need to perform any special configuration of your firewalls or of Crystal Enterprise.
Simply place all Crystal Enterprise components on computers inside your firewall.
However, if you need to provide access to Crystal Enterprise to external users, you
must consider where to place each Crystal Enterprise component, and how to
configure both Crystal Enterprise and your firewalls in order to provide this access.
This section outlines in general terms the three most common firewall scenarios.
These scenarios are general cases: once you understand the firewalling issues
involved, you should be able to support Crystal Enterprise in wide variety of contexts.
Web Connector separated from the WCS by a firewall
In most cases, clients access protected information through a web server running
in a Demilitarized Zone (DMZ). A DMZ is a network area that is neither part of the
internal network nor directly part of the Internet. Typically, the DMZ is set up
between two firewalls: an outer firewall and an inner firewall.
The only Crystal Enterprise component that needs to provide direct service to
external clients is the Web Connector, which must be installed on the web server.
The most logical and secure way to position the web server and the Web Connector
is to place them in the DMZ. All the other Crystal Enterprise components can then
be placed on the internal network.
Crystal Enterprise Administrator’s Guide
373
Configuring Crystal Enterprise to work with firewalls
Note: The Web Connector is not used in any installation of Crystal Enterprise that
uses the Crystal Enterprise Java SDK. See “Application tier” on page 31 for more
information.
Application tier separated from the CMS by a firewall
You may chose to place your application server in the Demilitarized Zone (DMZ),
while placing the Crystal Management Server (CMS) and all other Crystal Enterprise
servers on the internal network. Crystal Enterprise requires that the CMS and the
remaining server components are not separated from one another by firewalls.
In a Windows installation of Crystal Enterprise, the Web Component Server (WCS)
acts as an application server. So this scenario also covers the case where the WCS
is in the DMZ.
Note:
• Placing your application server in the DMZ is less secure than placing it on
your internal network. For maximum security, you may prefer to place your
Crystal Enterprise application server on your internal network.
• The issues raised by separating the web server (and Web Connector) from the
WCS by a firewall are independent of the issues raised by firewalling the WCS
from the CMS. If you have a firewall in each location, you must consider the
configuration issues for each firewall independently, and perform both sets of
configuration.
Thick client separated from the CMS by a firewall
You can publish reports or analytic objects to Crystal Enterprise by saving these
objects to Crystal Enterprise from within Crystal Reports or Crystal Analysis, or by
using the Crystal Import Wizard or Crystal Publishing Wizard. However, if there
is a firewall between the computer running one of these thick clients and the
Crystal Management Server (CMS), this operation fails. You must configure your
CMS, your File Repository Servers, and your firewall if you want to support this
network configuration.
Configuring Crystal Enterprise to work with firewalls
This section gives practical step -by-step instructions for configuring your Crystal
Enterprise system to work in a firewalled environment. For a conceptual overview
of communications between Crystal Enterprise components and of supported
firewall configurations, see “Understanding Crystal Enterprise and firewall
integration” on page 371.
Note: If you have multiple Crystal Enterprise servers of a given type, the overall
procedure for configuring your system to work with firewalls will not change.
Configure each server as described in the section that describes your firewall
environment, and then specify a firewall rule for the server.
374
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Configuring for Network Address Translation
If you use Network Address Translation (NAT) only on the outer firewall of the
DMZ, then no special configuration is required for Crystal Enterprise to
communicate properly. However, if you separate Crystal Enterprise components
using NAT, you need to configure these components to communicate properly
through the firewall.
Note: You can configure Crystal Enterprise to communicate properly across NAT
firewalls that use static IP translation; however, Crystal Enterprise cannot
communicate across a firewall whose IP translation is dynamic.
Web Connector separated from the WCS by NAT
When the Web Connector (WC) is in the DMZ, you must configure the Web
Connector to make initial contact with the Web Component Server (WCS) using a
specific hostname and port number.
Next you must configure the WCS to respond appropriately to communications
from the Web Connector. This is accomplished using the following command
-port FQDN:6401 -requestport fixed
The -port command configures the WCS to listen for contact from the WC on the
specified port (6401 is the default value). If a value is specified, -port also
configures the WCS to send the WC an externally routable, fully qualified domain
name (FQDN) for the WC to use when communicating with the WCS in subsequent
interchanges. You must specify this FQDN when the Web Connector and the WCS
are separated by a firewall that uses Network Address Translation. Otherwise the
WCS sends the WC an internal address for subsequent communications, and the
WC cannot communicate with the WCS through the firewall.
The -requestport command is used to configure the WCS to use a fixed port
number for all subsequent communications with the WC. When the WC and WCS
are separated by a firewall that uses NAT, you must specify this port number. You
can use any free port number for fixed.
Finally, you must configure your firewall to allow communications that use the
addresses and ports that you’ve specified.
To configure the Web Connector on Windows
1 Start the CCM.
2 Stop the World Wide Web Publishing Service.
3 On the toolbar, click Configure web connector.
4 In the Web Component Servers area, click Add.
If your WCS Host Name is already listed, select it and click Edit.
5 In the WCS Host Name field, type the name of the machine that is running the
WCS. This machine must be routable from the web server that is running the
Web Connector.
Crystal Enterprise Administrator’s Guide
375
Configuring Crystal Enterprise to work with firewalls
6 If you have customized the WCS so that it listens on a port other than the default,
type your new port number in the Port field. Otherwise, ensure that the default
port number (6401) appears.
7 Click OK twice to return to the CCM.
8 Start the World Wide Web Publishing Service.
To configure the Web Connector on UNIX
If your web server is running on UNIX, stop the web server and then set the WCSHOST
or WCSHosts variable to the name of the machine that is running the WCS. This
machine must be routable from the web server that is running the Web Connector.
The WCSHOST or WCSHosts variable is defined in the configuration file that corresponds
to your web server. For details about each configuration file, see Crystal Enterprise
Installation Guide.
To configure the WCS
1 Start the CCM.
2 Stop the Crystal Web Component Server.
3 On the toolbar, click Properties.
4 In the Command box, add the following option:
-port FQDN:6401 -requestport portnum
For the -port command, replace FQDN with either the fully qualified domain
name of the machine that is running the WCS. This machine must be routable
from the web server that is running the Web Connector.
In the -requestport command, substitute any valid free port number for portnum.
5 If you want to customize the WCS so that it listens on a port other than the
default, substitute your new port number for the default value of 6401.
Tip: If you change the default port number of the WCS you must perform
additional system configuration. Before changing the port number, see
“Changing the default server port numbers” on page 321.
6 Click OK to return to the CCM.
7 Start the Crystal Web Component Server.
Specifying firewall rules when the WC is separated from the
WCS by NAT
For stateful firewalls (either packet filtering or NAT) that separate the Web
Connector and the WCS, you need only specify inbound firewall rules. For details
of how to specify these rules, consult your firewall documentation.
The fixed port number specified in the chart is the port number you specify for the
WCS using -requestport. See “To configure the WCS” on page 376 for details.
376
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Inbound Rules
Source
Computer
Destination
Port
Action
Computer
Port
Web Server (WC)
Any
WCS
6401
Allow
Web Server (WC)
Any
WCS
fixed
Allow
Any
Any
WCS
Any
Reject
Application tier separated from the CMS by NAT
The nature of communications between Crystal Enterprise components makes
configuring your Crystal Enterprise system relatively complex when you separate
the application server running your Crystal Enterprise Java SDK (or the WCS) from
your Crystal Management Server (CMS) using Network Address Translation (NAT).
In order to service client requests, the application server (or WCS) needs to
communicate with Crystal Enterprise servers. To initiate communications with a
Crystal Enterprise server, the application server (or WCS) first contacts the directory
listing service on the CMS. The CMS responds on a second port with the address
and port number of the requested service. The application server (or WCS) then uses
this address and port number to communicate directly with the requested service.
If the application server (or WCS) is separated from the CMS and other Crystal
Enterprise servers by NAT, we must ensure that whenever a Crystal Enterprise
server passes an address across the firewall to the application server (or WCS), it
passes a fully qualified domain name (FQDN) that is routable by the firewall.
To configure the CMS, use the following command
-port FQDN:6400 -requestport fixed
The -port command configures the CMS to listen for contact from the application
server (or WCS) on the specified port (6400 is the default value). If specified, -port
also configures the CMS to send the application server (or WCS) an externally
routable, fully qualified domain name (FQDN) for the application server to use
when communicating with the CMS in subsequent interchanges.
The -requestport command is used to configure the CMS to use a fixed port
number for all subsequent communications with the application server (or WCS).
You must specify this port number when the application server and CMS are
separated by a firewall using NAT. You can use any free port number for fixed.
Next you must ensure that the application server (or WCS) is able to communicate
with the other Crystal Enterprise servers. Because the application server (or WCS)
retrieves contact information for these servers from the CMS, you must force all
servers which may communicate with the WCS to register an externally routable
FQDN and a fixed port number with the CMS directory listing service. Enter the
command
-port FQDN -requestport fixed
Crystal Enterprise Administrator’s Guide
377
Configuring Crystal Enterprise to work with firewalls
on each server. Specify only a FQDN for the -port command. Do not specify a port
number. In the -requestport command, you can substitute any free port number for
fixed. If more than one Crystal Enterprise server is installed on a machine, you must
specify a unique port number for each Crystal Enterprise server on that machine.
Now you can configure the firewall rules to recognize and pass the traffic between the
application server (or WCS) and the Crystal Enterprise servers behind the firewall.
This does not finish the necessary configuration. Not all communications between
Crystal Enterprise components pass through the firewall. Servers behind the
firewall communicate with the CMS and with each other. However, once we
configure these servers to register an externally routable FQDN with the CMS, the
servers try to use these addresses to communicate with one another. Normally
these addresses are not routable on the internal network behind the firewall, so
these communications attempts will fail.
To work around this issue you must configure the hosts file on each machine to
recognize the hostname of every machine running a Crystal Enterprise server
behind the firewall. Alternately, you can set up a separate DNS server behind the
firewall that recognizes the FQDN and translates them to internal addresses.
Ports
In the simplest version of this scenario, all client applications are installed on a
single application server in the DMZ. These applications may include the Crystal
Enterprise web desktop, the Crystal Management Console (CMC), and your own
custom applications. In this case, the application layer must be able to
communicate with every Crystal Enterprise server behind the firewall. You must
open a port on the firewall for each server.
You may wish to limit the number of ports that you open on your firewall. One
way to do this is to place fewer client applications in the DMZ. An client
application that supports only report viewing needs to communicate with the:
• Cache Server
• Crystal Management Server (CMS)
• Input File Repository Server (FRS)
• Output FRS
• Report Application Server (if users can access the Advanced DHTML viewer)
The CMC must be able to access every Crystal Enterprise server. Therefore, if the
application server hosting the CMC is separated from the CMS by a firewall, you
must open a port on the firewall for each server.
Configuring the CMS
To configure the CMS on Windows
1 Start the CCM.
2 Stop the Crystal Management Server.
378
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
3 On the toolbar, click Properties.
4 In the Command box, add the following option:
-port FQDN:6400 -requestport portnum
For the -port command, replace FQDN with the fully qualified domain name of
the machine that is running the CMS. This machine must be routable from the
application server or WCS.
For the -requestport command, substitute any valid free port number for portnum.
5 If you want to customize the CMS so that it listens on a port other than the
default, substitute your new port number for the default value of 6400.
Tip: If you change the default port number of the CMS you must perform
additional system configuration. Before changing the port number, see
“Changing the default server port numbers” on page 321.
6 Click OK to return to the CCM.
7 Start the Crystal Management Server.
To configure the CMS on UNIX
1 Run ccm.sh.
By default the script and the ccm.config file are installed in the Crystal install
directory, for example /export/home/crystal.
2 Stop the Crystal Management Server.
3 Edit the ccm.config file to insert the following command line:
-port FQDN:6400 -requestport portnum
For the -port command, replace FQDN with the fully qualified domain name of
the machine that is running the CMS. This machine must be routable from the
application server.
For the -requestport command, substitute any valid free port number for portnum.
4 Use ccm.sh to start the Crystal Management Server.
Configuring the Crystal Enterprise servers behind the firewall
To configure Crystal Enterprise servers on Windows
1 Start the CCM.
2 Stop the server.
3 On the toolbar, click Properties.
4 In the Command box, add the following option:
-port FQDN -requestport portnum
For the -port command, replace FQDN with the fully qualified domain name of
the machine that is running the server. This machine must be routable from the
application server or WCS.
Crystal Enterprise Administrator’s Guide
379
Configuring Crystal Enterprise to work with firewalls
For the -requestport command, substitute any valid free port number for
portnum. If more than one server is installed on the same machine, each server
on that machine must use a unique port number.
5 Click OK to return to the CCM.
6 Start the server.
7 Repeat for each Crystal Enterprise server.
To configure other Crystal Enterprise servers on UNIX
1 Run ccm.sh.
By default the script and the ccm.config file are installed in the Crystal install
directory, for example /export/home/crystal.
2 Stop the server.
3 Edit the ccm.config file to insert the following command line:
-port FQDN -requestport portnum
For the -port command, replace FQDN with the fully qualified domain name of
the machine that is running the server. This machine must be routable from the
application server.
For the -requestport command, substitute any valid free port number for
portnum. If more than one server is installed on the same machine, each server
on that machine must use a unique port number.
4 Use ccm.sh to start the server.
5 Repeat for each Crystal Enterprise server.
Configuring the hosts file of Crystal Enterprise servers
To configure the hosts files on Windows
You must configure the hosts file on every machine running a Crystal Enterprise
server so that the server can map the externally routable FQDN it receives from the
Crystal Management Server (CMS) to an internally routable IP address. This is
necessary to enable communications between servers inside the firewall.
1 Open the hosts file using a text editor like Notepad. The hosts file is located at
\WINNT\system32\drivers\etc\hosts.
2 Follow the instructions in the hosts file to add an entry for each machine
behind the firewall that is running a Crystal Enterprise server or servers. Use
the internally routable IP address of the machine and its externally routable
fully qualified domain name.
3 Save the hosts file.
To configure the hosts files on UNIX
You must configure the hosts file on every machine running a Crystal Enterprise
server so that the server can map the externally routable FQDN it receives from the
380
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Crystal Management Server (CMS) to an internally routable IP address. This is
necessary to enable communications between servers inside the firewall.
Note: Your UNIX operating system must be configured to first consult the hosts
file to resolve domain names, before consulting DNS. Consult your UNIX systems
documentation for details.
1 Open the hosts file using an editor like vi. The hosts file is located at \etc\hosts.
2 Add an entry for each machine behind the firewall that is running a Crystal
Enterprise server or servers. Use the internally routable IP address of the
machine and its externally routable fully qualified domain name.
3 Save the hosts file.
Specifying firewall rules when the application tier is separated
from the CMS by NAT
Stateful firewalls (packet filtering or NAT) need inbound access rules when there
is a firewall between the Application Tier (application server running the Crystal
Enterprise Java SDK or the WCS) and the other Crystal Enterprise servers. One
outbound rule is also needed because the WCS may register listeners on the servers
behind the firewall. These listeners may initiate communication with the WCS.
For details of how to specify these rules, consult your firewall documentation.
The fixed port numbers specified in the chart are the port numbers you specify for
servers using -requestport. See “Configuring the CMS” on page 378, and
“Configuring the Crystal Enterprise servers behind the firewall” on page 379 for
details.
Inbound Rules
Source
Destination
Action
Computer
Port
Computer
Port
WCS or application
server
Any
CMS
6400
Allow
WCS or application
server
Any
CMS
fixed
Allow
WCS or application
server
Any
fixed
Other Crystal
Enterprise server
Allow
Any
Any
CMS
Any
Reject
Any
Any
Other Crystal
Any
Enterprise Server
Reject
Note: There must be one inbound firewall rule for each Crystal Enterprise server
behind the firewall. Whenever more than one server is installed on the same
machine, each server on that machine must use a unique port number.
Crystal Enterprise Administrator’s Guide
381
Configuring Crystal Enterprise to work with firewalls
Outbound Rules
Source
Computer
Destination
Port
Machines hosting
Any
Crystal Enterprise server
Computer
Action
Port
WCS or
Any
application server
Allow
This outbound rule is needed because the WCS may register listeners on servers
behind the firewall. These listeners may initiate communication with the WCS.
Thick client separated from the CMS by NAT
You can publish reports or analytic objects to Crystal Enterprise by saving these
objects to Crystal Enterprise from within Crystal Reports or Crystal Analysis, or by
using the Crystal Import or Publishing Wizards. However, if there is a firewall
between the computer running one of these thick clients and the Crystal
Management Server (CMS), this operation fails.
Configuring your Crystal Enterprise system to support this configuration when
the firewall uses Network Address Translation (NAT) is very similar to
configuring your system to support a NAT firewall between the application tier
and the Crystal Management Server (CMS).
First you must configure the CMS and the Input File Repository Serve to use
externally routable fully qualified domain names (FQDN) and fixed port numbers
for communications. Next you must configure the hosts file on every machine
behind the firewall that runs a Crystal Enterprise server so that the servers can map
these externally routable FQDN to internally routable IP addresses (including the
application server, if it is on the same side of the firewall as the CMS). Finally you
must alter your firewall rules to facilitate communication across the firewall using
the fixed addresses and ports that you have specified.
Note: Instead of configuring the hosts files, you may wish to set up a separate
DNS server behind the firewall to recognize the FQDN and translate them to
internal addresses.
For full instructions, follow the detailed steps in “Application tier separated from
the CMS by a firewall” on page 374 but:
• Configure only the Crystal Management Server and the Input File Repository
Server.
• Establish inbound firewall rules for communication between the Crystal
Reports or Crystal Analysis machine and the CMS and Input File Repository
Server. You do not need to establish an outbound firewall rule.
382
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Configuring for packet filtering
If you use packet filtering only on the outer firewall of the DMZ, then no special
configuration is required for Crystal Enterprise to communicate properly.
However, if you separate Crystal Enterprise components using packet filtering,
you need to configure them to communicate properly through the firewall.
Web Connector separated from the WCS by packet filtering
When the Web Connector is in the DMZ, you must configure the Web Connector
to make initial contact with the Web Component Server (WCS) using a specific
hostname and port number.
Next you must configure the WCS to respond appropriately to communications
from the Web Connector (WC). This is accomplished using the following command:
-requestport fixed
The -requestport command is used to configure the WCS to use a fixed port
number for all subsequent communications with the WC. When the WC and WCS
are separated by a firewall that uses packet filtering, you must specify this port
number. You can use any free port number for fixed.
Finally, you must configure your firewall to allow communications using the
addresses and ports that you’ve specified.
To configure the Web Connector on Windows
1 Start the CCM.
2 Stop the World Wide Web Publishing Service.
3 On the toolbar, click Configure web connector.
4 In the Web Component Servers area, click Add.
If your WCS Host Name is already listed, select it and click Edit.
5 In the WCS Host Name field, type the name of the machine that is running the
WCS. This machine must be routable from the web server that is running the
Web Connector.
6 If you have customized the WCS so that it listens on a port other than the default,
type your new port number in the Port field. Otherwise, ensure that the default
port number (6401) appears.
7 Click OK twice to return to the CCM.
8 Start the World Wide Web Publishing Service.
Crystal Enterprise Administrator’s Guide
383
Configuring Crystal Enterprise to work with firewalls
To configure the Web Connector on UNIX
If your web server is running on UNIX, stop the web server and then set the WCSHOST
or WCSHosts variable to the name of the machine that is running the WCS. This
machine must be routable from the web server that is running the Web Connector.
The WCSHOST or WCSHosts variable is defined in the configuration file that
corresponds to your web server. For details about each configuration file, see
Crystal Enterprise Installation Guide.
To configure the WCS
1 Start the CCM.
2 Stop the Crystal Web Component Server.
3 On the toolbar, click Properties.
4 In the Command box, add the following option:
-requestport portnum
Substitute any free port number for portnum.
5 Click OK to return to the CCM.
6 Start the Crystal Web Component Server.
Specifying firewall rules when the WC is separated from the
WCS by packet filtering
Stateful firewalls (packet filtering or NAT) need only inbound access rules to allow
the Web Connector and the WCS to communicate. For details of how to specify
these rules, consult your firewall documentation.
The fixed port number specified in the chart is the port number you specify for the
WCS using -requestport. See “To configure the WCS” on page 384 for details.
Inbound Rules
Source
Computer
384
Destination
Port
Action
Computer
Port
Web Server (WC)
Any
WCS
6401
Allow
Web Server (WC)
Any
WCS
fixed
Allow
Any
Any
Any
Any
Reject
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Application Tier separated from CMS by packet filtering
If your firewall performs packet filtering, you must configure every server inside
the inner firewall to respond to communications from the WCS or application
server on a fixed port. This means configuring the CMS, and every other Crystal
Enterprise server, with the following command line:
-requestport portnum
The argument of the -requestport command must specify a fixed port number. You
can specify any free port number for portnum. If more than one server is installed
on the same machine, each server on that machine must use a unique port number.
You must then configure your packet filtering firewall to pass traffic to the default
CMS port (6400), and each of the communications ports you specified using
-requestport.
To configure Crystal Enterprise servers on Windows
1 Start the CCM.
2 Stop the first server.
3 On the toolbar, click Properties.
4 In the Command box, add the following option:
-requestport portnum
For the -requestport command, substitute any valid free port number for
portnum. If more than one server is installed on the same machine, each server
on that machine must use a unique port number.
Tip: If you want to customize the CMS so that it listens on a port other than the
default, also add -port 6400 to the command line, substituting your new port
number for the default value of 6400.
If you change the default port number of the CMS you must perform additional
system configuration. Before changing the port number, see “Changing the
default server port numbers” on page 321.
5 Click OK to return to the CCM.
6 Start the server.
7 Repeat for each Crystal Enterprise server behind the firewall.
To configure other Crystal Enterprise servers on UNIX
1 Run ccm.sh.
By default the script and the ccm.config file are installed in the Crystal install
directory, for example /export/home/crystal.
2 Stop the server.
Crystal Enterprise Administrator’s Guide
385
Configuring Crystal Enterprise to work with firewalls
3 Edit the ccm.config file to insert the following command line:
-requestport portnum
For the -requestport command, substitute any valid free port number for
portnum. If more than one server is installed on the same machine, each server
on that machine must use a unique port number.
Tip: If you want to customize the CMS so that it listens on a port other than the
default, also add -port 6400 to the command line, substituting your new port
number for the default value of 6400.
If you change the default port number of the CMS you must perform additional
system configuration. Before changing the port number, see “Changing the
default server port numbers” on page 321.
4 Use ccm.sh to start the server.
5 Repeat for each Crystal Enterprise server.
Specifying firewall rules when the application server is separated
from the CMS by packet filtering
Stateful firewalls (packet filtering or NAT) need the following inbound access rules
when there is a firewall between the Application Tier (WCS or application server)
and the rest of the Crystal Enterprise servers. Note that the WCS may register
listeners with any of the CE servers, so one outbound access rule is also needed.
For details of how to specify these rules, consult your firewall documentation.
The fixed port numbers specified in the chart are the port numbers you specify for
the CMS and other Crystal Enterprise servers using -requestport. See “Application
Tier separated from CMS by packet filtering” on page 385 for details.
Inbound Rules
Source
Computer
Destination
Port
Action
Computer
Port
WCS or application server
Any
CMS
6400
Allow
WCS or application server
Any
CMS
fixed
Allow
WCS or application server
Any
Other Crystal
Enterprise server
fixed
Allow
Any
Any
CMS
Any
Reject
Any
Any
Other Crystal
Enterprise servers
Any
Reject
Note: There must be an inbound firewall rule for each Crystal Enterprise server
behind the firewall. Whenever more than one server is installed on the same
machine, each server on that machine must use a unique port number.
386
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
Outbound Rules
Source
Destination
Action
Computer
Port
Computer
Port
Machines hosting Crystal
Enterprise server
Any
WCS or application Any
server
Allow
This outbound rule is needed because the WCS may register listeners on servers
behind the firewall. These listeners may initiate communication with the WCS.
Thick client separated from the CMS by packet filtering
You can publish reports or analytic objects to Crystal Enterprise by saving these objects
to Crystal Enterprise from within Crystal Reports or Crystal Analysis, or by using the
Crystal Import or Publishing Wizards. However, if there is a firewall between the
computer running one of these thick clients and the CMS, this operation fails.
Configuring your Crystal Enterprise system to support this configuration when
the firewall uses packet filtering is very similar to configuring your system to
support a packet filtering firewall between the application tier and the Crystal
Management Server (CMS).
First you must configure the CMS and the Input File Repository Server to use fixed
port numbers for communications. Next you must alter your firewall rules to facilitate
communication across the firewall using the fixed ports that you have specified.
For full instructions, follow the detailed steps in “Application Tier separated from
CMS by packet filtering” on page 385 but:
• Configure only the Crystal Management Server and the Input File Repository
Server.
• Establish inbound firewall rules for communication between the Crystal
Reports or Crystal Analysis machine and the CMS and Input File Repository
Server. You do not need to establish an outbound firewall rule.
Configuring for SOCKS servers
Crystal Enterprise provides direct support for SOCKS proxy server firewalls on
Windows installations that use the Crystal Enterprise COM SDK. The required
configuration depends on the location of your SOCKS server. Your SOCKS server(s)
may separate the Web Connector from the Web Component Server (WCS) and/or
they may separate the WCS from the Crystal Management Server (CMS).
There is limited support of SOCKS for the UNIX installation of Crystal Enterprise,
or for a Windows installation that uses the Crystal Enterprise Java SDK. You can
configure the Web Component Adapter to communicate through a SOCKS server,
but the Java SDK has no support for SOCKS. Therefore you may be able to
configure your system to support a custom CSP application and SOCKS, but you
cannot use JSP pages through a SOCKS firewall.
Crystal Enterprise Administrator’s Guide
387
Configuring Crystal Enterprise to work with firewalls
This list describes when to use the procedures that are provided in the remainder
of this section:
• Configuring the WCS for SOCKS servers
If your installation includes a WCS, complete these steps regardless of the
location of your SOCKS server(s).
• Configuring the Web Connector for SOCKS servers
Complete these steps if one or more SOCKS servers separate the Web Connector
from the WCS.
• Configuring the CMS for SOCKS Servers
Complete these steps if one or more SOCKS servers separate the WCS (or WCA)
from the CMS.
• Configuring the WCA for SOCKS servers
When configuring your WCA for SOCKS, complete these steps regardless of
the location of your SOCKS server(s).
Crystal Enterprise requires that the CMS and the remaining server components are
not separated from one another by firewalls. The remaining server components
automatically obtain their SOCKS configuration from the CMS, as required, so you
don’t need to configure them separately.
Configuring the WCS for SOCKS servers
Complete these steps if one or more SOCKS servers separate the WCS from the
Web Connector, from the CMS, or from both. These steps provide the WCS with
the required information about each SOCKS server, in order, from the outermost
to the innermost.
The outermost SOCKS server is the one closest to the Web Connector. The
innermost SOCKS server depends on whether or not a SOCKS server separates the
WCS from the CMS:
• If no SOCKS servers separate the WCS from the CMS, then the innermost
SOCKS server is the first SOCKS server that the WCS connects to when
communicating with the Web Connector.
• If a SOCKS server separates the WCS and the CMS, then the innermost SOCKS
server is the last SOCKS server the WCS communicates with before the CMS.
To configure the WCS on Windows
1 Start the CCM.
2 Stop the Web Component Server.
3 Select the Web Component Server and, on the toolbar, click Properties.
4 On the Configuration tab, click Specify SOCKS; then click Add.
5 In the SOCKS Proxy dialog box, type the Server Name or IP Address of your
SOCKS server.
388
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
6 In the Server Port field, type the number of the port that the SOCKS server is
listening on.
7 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
8 Click OK.
If you have more than one SOCKS server, repeat steps 4 to 8 for each additional
server. Then click Up and Down to order the SOCKS servers from the
outermost (closest to the Web Connector) to the innermost (closest to the CMS).
9 Click OK in all three dialog boxes to return to the CCM.
10 Start the Web Component Server.
Configuring the Web Connector for SOCKS servers
Complete these steps if the Web Connector must communicate through a SOCKS
server when it sends information to the WCS. (You must also configure the WCS
to communicate through the SOCKS server. See “Configuring the WCS for SOCKS
servers” on page 388.)
To configure the Web Connector on Windows
1 Start the CCM.
2 Stop the World Wide Web Publishing Service.
3 On the toolbar, click Configure web connector.
4 In the Web Component Servers area, click Add.
If your WCS Host Name is already listed, select it and click Edit.
5 In the WCS Host Name field, type the name of the machine that is running the
WCS.
6 If you have customized the WCS so that it listens on a port other than the default,
type your new port number in the Port field. Otherwise, ensure that the
default port number (6401) appears.
7 Click Specify SOCKS, then click Add.
8 In the SOCKS Proxy dialog box, type the Server Name or IP Address of your
SOCKS server.
9 In the Server Port field, type the number of the port that the SOCKS server is
listening on.
10 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
Crystal Enterprise Administrator’s Guide
389
Configuring Crystal Enterprise to work with firewalls
11 Click OK.
If more than one SOCKS server separates the Web Connector from the WCS,
repeat steps 7 to 11 for each SOCKS server. Then click Up and Down to order
the SOCKS servers. The SOCKS server closest to the Web Connector must
appear at the top of the list, and the SOCKS server closest to the WCS must be
at the bottom of the list.
12 Click OK in all three dialog boxes to return to the CCM.
13 Start the World Wide Web Publishing Service.
To configure the Web Connector on UNIX
If your web server is running on UNIX, you must stop the web server and then
modify the definition of the Crystal Enterprise WCSHOST or WCSHosts variable. This
variable is defined in the configuration file that corresponds to your web server.
Depending on the web server and Web Connector you are using, the environment
variable is typically defined in one of these files:
Web Server
Path
Apache with ASAPI
crystal/enterprise/platform/wcs/conf/asapi.conf
iPlanet 6 with NSAPI
In the iPlanet magnus.conf file.
iPlanet 7 with NSAPI
In the iPlanet init.conf file.
Any web server with CGI
crystal/enterprise/platform/wcs/bin/wcscgi.cgi
For more information about the configuration files for your web server, see the
section on Web Connectors in the Crystal Enterprise Installation Guide.
The syntax that denotes the WCS through a SOCKS server can be considerably
complex. This section shows a complete connection string and then describes its
component parts. The complete connection string for specifying the WCS through
a SOCKS server is as follows:
socks://Version;User:Password@SOCKSServer:Port/WCSmachine:Port
This string consists of two main parts: the SOCKS connection information
(Version;User:Password@SOCKSServer:Port) followed by the WCS destination
(WCSmachine:Port). The variable components in this string are as follows:
• Version is the SOCKS version in use (4 or 5).
• User is a SOCKS user name of length < 256 characters.
• Password is the corresponding password of length < 256 characters.
• SOCKSServer:Port is the name or IP4 of the SOCKS server, along with its port.
• WCSmachine:Port is the name or IP4 of the WCS, along with its port.
For example, suppose that you are running SOCKS version 5 on a server called
socksmachine. You need to provide the user name socksuser and the password
secret to connect to a WCS named sales1. The WCS is listening on its default port
390
Crystal Enterprise Administrator’s Guide
19: Working with Firewalls
(6401). In this case, in the configuration file appropriate to your web server, you
would type the following definition for the WCSHOST or WCSHosts variable:
socks://5;socksuser:secret@socksmachine/sales1:6401
To specify a sequence of SOCKS servers, list them in the connection string by
preceding each additional SOCKS server with the ampersand symbol (&), as follows:
socks://Version;User:Password@SOCKSServer1:Port&Version;User:Password@
SOCKSServer2:Port/WCSmachine:Port
Configuring the CMS for SOCKS Servers
Complete these steps if one or more SOCKS servers separate the application server
or WCS from the CMS. The remaining Crystal Enterprise servers automatically
obtain their SOCKS configuration from the CMS, as required, so you don’t need to
configure them separately.
To configure the CMS on Windows
1 Start the CCM.
2 Stop all of the Crystal servers, including the Crystal Management Server.
3 Select the CMS and, on the toolbar, click Properties.
4 On the Connection tab, click Add.
5 In the SOCKS Proxy dialog box, type the Server Name or IP Address of your
SOCKS server.
6 In the Server Port field, type the number of the port that the SOCKS server is
listening on.
7 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
8 Click OK.
If you have more than one SOCKS server, repeat steps 4 to 8 for each additional
server. Then click Up and Down to order the SOCKS servers from the outermost
(closest to the application server or Web Component Server) to the innermost
(closest to the CMS).
9 Click OK in all three dialog boxes to return to the CCM.
10 Start the Crystal Enterprise server components.
To configure the CMS on UNIX
The UNIX version of Crystal Enterprise includes a utility that allows you to
configure Crystal Enterprise servers to work with SOCKS servers. For details, see
“sockssetup.sh” on page 440.
Crystal Enterprise Administrator’s Guide
391
Configuring Crystal Enterprise to work with firewalls
Configuring the WCA for SOCKS servers
Complete these steps if one or more SOCKS servers separates the Web Component
Adapter (WCA) from the Crystal Management Server (CMS). These steps provide
the WCA with the required information about each SOCKS server, in order, from
the outermost to the innermost.
The outermost SOCKS server is the one closest to the web server. The innermost
SOCKS server is the last SOCKS server that the WCA communicates with before
the CMS.
To configure the WCA on UNIX
The UNIX version of Crystal Enterprise includes a utility that allows you to
configure Crystal Enterprise servers and the WCA to work with SOCKS servers.
For details, see “sockssetup.sh” on page 440.
To configure the WCA on Windows
To configure the WCA, you must edit the web.xml deployment descriptor file
associated with the webcompadapter.war to insert a SOCKS URI (universal resource
identifier). This URI tells your WCA how to contact the CMS through your SOCKS
server(s).
The syntax that denotes the CMS through a SOCKS server can be considerably
complex. For an example of how to construct a SOCKS URI, see “To configure the
Web Connector on UNIX” on page 390.
Then see “Configuring the Web Component Adapter” on page 282 for details on
editing web.xml.
392
Crystal Enterprise Administrator’s Guide
General Troubleshooting
20
This chapter provides general troubleshooting steps and
solutions to some specific configuration problems. For upto-date answers to commonly asked questions, registered
customers can freely download additional technical
documents or knowledge base articles from:
http://support.crystaldecisions.com
For more information on Product Registration and Crystal
Care technical support, see “Crystal Care technical
support” on page 7.
Crystal Enterprise Administrator’s Guide
393
Troubleshooting overview
Troubleshooting overview
Crystal Enterprise is designed to integrate with a multitude of different operating
systems, web servers, network and firewall configurations, database servers, and
reporting environments. Thus, any troubleshooting that you may need to
undertake will likely reflect the particularities of your deployment environment.
This chapter includes general troubleshooting steps along with solutions to some
specific configuration issues.
In general, consider the following key points when troubleshooting:
• Ensure that client and server machines are running supported operating
systems, database servers, database clients, and appropriate server software.
For details, consult the Platforms.txt file, included with your product
distribution.
• Verify that the problem is reproducible, and take note of the exact steps that
cause the problem to recur.
On Windows NT/2000, use the sample reports and sample data included with
the product to confirm whether or not the same problem exists.
• Determine whether the problem is isolated to one machine or is occurring on
multiple machines. For instance, if a report fails to run on one processing
server, see if it runs on another.
If the problem is isolated to one machine, pay close attention to any
configuration differences in the two machines, including operating system
versions, patch levels, and general network integration.
• If the problem relates to connectivity or functionality over the Web, check that
Crystal Enterprise is integrated properly with your web environment. For
details, see Crystal Enterprise Installation Guide and “Web accessibility issues”
on page 396.
• If the problem relates to report viewing or report processing, verify your
database connectivity and functionality from each of the affected machines.
Use Crystal Reports to verify that the report can be viewed properly. If the Job
or Page Servers are running on Windows, open the report in Crystal Reports
on the server machine and check that you can refresh the report against the
database. For details, see “Report viewing and processing issues” on page 398.
• Look for solutions in the documentation included with your product. For
details, see “Documentation resources” on page 395.
• Check out the Crystal Care technical support web site for white papers, files
and updates, user forums, and Knowledge Base articles:
http://support.crystaldecisions.com
394
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
Documentation resources
The Crystal Enterprise Release Notes are provided in two formats (release.pdf
and release.htm) in the root directory of your product distribution, as is the
Platforms.txt file. These documents list supported third-party software along
with any known issues or implementation-specific configuration details.
Crystal Enterprise also includes a number of manuals:
• Crystal Enterprise Getting Started Guide
• Crystal Enterprise Administrator’s Guide
• Crystal Enterprise User’s Guide
• Crystal Enterprise Installation Guide
• Business Views Administrator's Guide
• Crystal Enterprise documentation:
• Crystal Enterprise COM SDK Guide (CE_SDK.chm)
• Report Application Server COM SDK Guide (RAS_SDK.chm)
• Viewer COM SDK Guide (Report_Viewers.chm)
• Crystal Enterprise Java SDK Guide
• Report Application Server Java SDK Guide
• Viewer Java SDK Guide
CHM and PDF files are located in the doc directory of your product distribution.
Online HTML Help versions are installed with the Web Connector and the Web
Component Server. Access the HTML versions from the Crystal Enterprise
Launchpads, or look in the appropriate directory on your Web Connector or Web
Component Server machine:
• On Windows, the files are installed by default below the C:\Program
Files\Crystal Decisions\Web Content\Enterprise10\Help\ directory of your
installation.
• On UNIX, the files are installed below the INSTALL_ROOT/crystal/webcontent/
enterprise10/help/ directory of your installation.
Additional Compiled HTML Help (CHM) files are provided with the following
client tools:
• Crystal Configuration Manager
• Crystal Publishing Wizard
• Crystal Repository Migration Wizard
• Crystal Import Wizard
• Crystal Offline Viewer
Press F1 or click Help to launch the online help from within these applications.
Crystal Enterprise Administrator’s Guide
395
Web accessibility issues
Web accessibility issues
Using an IIS web site other than the default
On Windows, the Crystal Enterprise installation creates virtual directories on the
Internet Information Server (IIS) “Default Web Site.” If you are using a web site
other than the default, you must copy the virtual directory configuration from the
default web site to the web site you are using. Crystal Enterprise also sets up several
application mappings on the default site. These can be viewed and copied from the
default web site to the web site you are using. Restart the web server once you have
made these changes. For more information, see Crystal Enterprise Installation Guide.
UNIX Web Connector cannot access WCS on Windows
If you install any of the Web Connectors on a UNIX web server, and install the Web
Component Server (WCS) on Windows NT/2000, then you must ensure that the WCS
is not configured to use Windows NT Integrated security (NT Challenge/Response).
Until you disable this security, you can access the Crystal Enterprise Launchpads, but
you cannot access the Crystal Management Console (CMC) or the Crystal Enterprise
web desktop.
Note: Ensure also that you can ping the WCS machine by name from the UNIX
web server.
To disable Windows NT Integrated security
1 Start the Crystal Configuration Manager (CCM) on the WCS machine.
2 Stop the Crystal WCS, and then double-click it to view its Properties.
3 On the Configuration tab, clear the Use Windows NT Integrated Security
(NT Challenge/Response) check box; then click OK.
4 Start the Crystal WCS.
If you still cannot access the Crystal Enterprise web desktop or the CMC, check the
mappings between the web server, the Web Connector, and the WCS. For details,
see Crystal Enterprise Installation Guide.
Communication error when accessing the CMC
One of the more common errors encountered over the Web results in the following
error message being displayed in the browser:
Communication Error
Communication failed with all configured Web Component Servers because they
are disabled or not currently running. If this problem continues, please
contact the system administrator.
396
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
This error indicates that the WCS is offline or that the Web Connector is not
configured correctly. First, use the CCM to start the WCS and then enable it. (If the
WCS was already started and enabled, use the CCM to restart it.) If restarting the
WCS does not correct the situation, check the mappings between the web server, the
Web Connector, and the WCS. For details, see Crystal Enterprise Installation Guide.
Unable to connect to CMS when logging on to the CMC
If you attempt to log on to the CMC while the Crystal Management Server (CMS)
is not running, the following error message appears:
Unable to connect to CMS (<servername>) to retrieve cluster members. Logon
can not continue.
Use the CCM to start the CMS. (If the CMS was already started, use the CCM to
restart it.)
Windows NT authentication cannot log you on
When you attempt to log on to the Crystal Management Console (CMC) or to the
Crystal Enterprise web desktop, the following error occurs:
NT Authentication could not log you on. Please make sure your logon
information is correct. If your account is in any domain other than "DOMAIN
NAME" you must enter your user name as DomainName\UserName.
This error may occur for various reasons. Investigate these common solutions:
• Ensure that the specified authentication type corresponds to the user name
and password provided on the log on page. To log on with a Windows NT
user name, verify that the authentication type is set to Windows NT
Authentication and not Enterprise.
• Netscape users must provide a valid Windows NT user name in the form of
Domain\User.
• Microsoft Internet Explorer users must provide a valid Windows NT user
name. It must be in the form of Domain\User if the user account does not reside
in the default domain of the CMS.
• If Windows NT Integrated security (NT Challenge/Response) is enabled in
Internet Information Services (IIS) and in the Web Component Server (WCS),
then users must use Microsoft Internet Explorer. In addition, users must log on
to the client machine with a valid NT domain user account before logging on
to Crystal Enterprise. Users must log on to Crystal Enterprise with a valid
Windows NT user name. It must be in the form of Domain\User if the user
account does not reside in the default domain of the CMS.
• The web server and all Crystal Enterprise components must be running on
Windows NT/2000 for Windows NT authentication to work.
Crystal Enterprise Administrator’s Guide
397
Report viewing and processing issues
Report viewing and processing issues
When troubleshooting reports, it is especially useful to determine whether the
problem is isolated to one machine or is occurring on multiple machines. For
instance, if a report fails to run on one processing server, see if it runs on another.
If the problem is isolated to one machine, pay close attention to any configuration
differences in the two machines, including operating system versions, patch levels,
and general network integration.
In particular, check the database client configurations, the drivers and versions,
and the accounts under which the processing servers are running. If the reports are
based off ODBC data sources, compare the ODBC driver versions, the DSN
configurations, and the versions of the MDAC layer. Check to see if the Page Server
or Job Server is running under an account that has the appropriate access rights to
the report database server. If the report database server is on a remote machine,
change the Page Server or Job Server to use a valid domain account with enough
rights to view or process the report.
If you follow these steps and the problem persists, contact Crystal Care technical
support. Before you call, take note of the database client and version you are
running, the database server version that you are connecting to, and the driver
name and version that you are using to connect. For details, see “Crystal Care
technical support” on page 7.
Troubleshooting reports with Crystal Reports
On Windows, you can install Crystal Reports on all Job Server, Page Server, and
RAS machines in order to speed up the troubleshooting of reports and database
connectivity. In this way, you use Crystal Reports to simulate the steps that are
performed by the Crystal Enterprise processing servers when a scheduled report
is processed, or when a report is viewed on demand over the Web. By locating the
step where Crystal Reports is unable to open, refresh, or save the report, you may
be able to locate the source of the problem.
Note: The exact steps and menu options may differ, depending on your version of
Crystal Reports.
To troubleshoot a report
1 Start Crystal Reports on the appropriate machine:
• If the report runs successfully on demand, but fails when scheduled, start
Crystal Reports on the Job Server.
• If the report fails when viewed on demand, but runs successfully when
scheduled, start Crystal Reports on the Page Server.
• If the report fails when viewed on demand with the Advanced DHTML
viewer, start Crystal Reports on the RAS.
398
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
• If the report fails in all cases, first complete these troubleshooting steps on
one processing server; then verify whether or not the problem is resolved on
all processing servers. If not, repeat the steps on a different processing server.
2 Open the report from the CMS.
On the File menu, click Open. Click Enterprise Folders and log on to your CMS.
If you cannot open the report, verify network connectivity between the server
you are working on, the CMS, and the Input File Repository Server.
3 Test your database connection and authentication.
On the Database menu, click Log On/Off Server. If you cannot log on to the
database server, check the configuration of the database client software and
ensure that the report contains a valid database user name and password.
4 If the report’s parameters or record selection need to be modified by Crystal
Enterprise users when they schedule or view the report, change the parameter
values or record selection formula accordingly. If the values are invalid,
Crystal Reports will report an error.
5 Verify that the tables used in the report match the tables in the database.
On the File menu, clear the “Save Data with Report” check box. On the
Database menu, click Verify Database. Correct any issues reported by Crystal
Reports, and then save the report.
6 Refresh the report and, if current data is not returned from the database, check
these possible causes:
• If the report fails, ensure that the database credentials provide READ rights
to all tables in the report.
• If the database credentials are valid, the report’s SQL statement is evaluated at
this time. Check the join information. Note any ODBC errors that are produced.
• If the SQL statement is valid, data begins to return to Crystal Reports. As
this happens, the temporary files increase in size. Verify resource allocation
in case the machine is running out of memory or disk space.
7 Go to the last page of the report.
Crystal Reports will report any errors that it encounters within the report (such
as formulas, subreports, and other objects).
8 Export the report to Crystal Reports format (or any other desired format).
This step ensures that Crystal Reports is able to create temporary files that are
required in order to complete the processing of a report.
9 If the report now refreshes successfully, save it back to the CMS.
10 Close the report.
11 Close Crystal Reports.
12 Repeat the activity that caused the original report to fail: view the report on
demand over the Web, or schedule the report for processing.
Crystal Enterprise Administrator’s Guide
399
Report viewing and processing issues
Troubleshooting reports and looping database logon prompts
A common issue when viewing reports over the Web is a persistent database logon
prompt that is displayed repeatedly by the user’s browser. Regardless of the
credentials provided by the user, the report will not display. This problem is
typically caused by the configuration of the Page Server or the Report Application
Server (RAS). This section provides a series of troubleshooting steps that should
resolve this problem and others that are specific to reports and database connectivity.
To troubleshoot reports and looping database logon prompts
1 Verify the report with Crystal Reports.
Use Crystal Reports to verify the report. If you have the Crystal Reports
Designer installed on the Page Server, Job Server, or RAS machine, test
database connectivity by opening the report in Crystal Reports on the server.
For details, see “Troubleshooting reports with Crystal Reports” on page 398.
2 Change the server’s logon account.
Crystal Enterprise servers require access to various local and/or remote
resources and to the database server. Experience shows that running the Page
Server, Job Server, RAS, and Web Component Server (WCS) under a Domain
Administrator account allows them to access the components necessary to
connect successfully to data sources. To change a server’s logon account, see
“Configuring Windows processing servers for your data source” on page 313.
Tip: Running a background application under an Administrator account does
not inadvertently grant administrative privileges to another user, because users
cannot impersonate services.
3 Verify the server’s access to ODBC Data Source Names (DSNs).
Base reports off System DSNs (and not File or User DSNs), and set up each
System DSN identically on every Job Server, Page Server, and RAS machine
that will process the report.
If the report is based off an ODBC data source, the processing server must have
permission to access the corresponding DSN configuration. This information is
stored in the Windows registry. The Job Server, Page Server, and RAS require
Full Control or Special Access to the ODBC registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI
Consult your Windows documentation for information about working with the
registry. Additional configuration may be required, depending upon the
database that you are reporting off of. For details, see “Configuring Windows
processing servers for your data source” on page 313.
4 Determine the configuration of the database client software.
If you are not using ODBC, the database client software must be installed on
each machine that will process reports. On Windows, many database clients
store their configuration in the registry below HKEY_LOCAL_MACHINE.
400
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
If your database client stores its configuration below HKEY_CURRENT_USER, the
Crystal Enterprise services cannot use the database client software to
communicate with the database.
5 Verify the NTFS permissions granted to the Job Server, Page Server, and RAS.
Insufficient NTFS rights on the server may cause a number of problems to arise
when you view reports over the Web. As in step 2, changing each server’s logon
account to that of a Domain Administrator account should resolve such
problems. For the minimum set of NTFS permissions required by Crystal
Enterprise, see “Configuring NTFS Permissions” on page 419.
6 Check whether or not NT authentication is performed by the database.
If you report against a database that uses NT authentication for access control
(Microsoft SQL Server, Sybase, and so on), the Job Server, Page Server, and RAS
must run under a Windows NT/2000 domain user account that has access to
the appropriate database tables. (In this scenario, each server’s logon account
determines the level of access it is granted by the database. Crystal Enterprise
does not pass end-users’ NT tokens through to the database server.)
To retain the access control levels that are set up within the database, you can
instead change each ODBC DSN so that it implements SQL Server Login
instead of NT authentication.
7 Check the available environment variables.
Environment variables are used by the operating system to govern and manage
system files for particular users. On Windows, Crystal Enterprise servers are
generally most affected by the TMP and TEMP environment variables. Because the
servers are run as services, they cannot access the User Environment variables
that are created by default. Therefore, it is recommended that you create System
Environment variables if they do not already exist. Consult your Windows
documentation for details.
8 Reference remote data sources with UNC paths.
Ensure that servers have access to remote databases through UNC paths,
instead of through mapped drives. For example, if you design a report off a PC
database that resides on a network drive, ensure that the report references its
data source with the appropriate UNC path. For details, see “Ensuring that
server resources are available on local drives” on page 404.
9 Ensure that you have enough database client licenses.
If all database client licenses are in use, the Crystal Enterprise servers are unable
to retrieve data from the database.
10 Check that database connections are closed in a timely fashion.
If a database connection is not closed quickly, the database may not service
another request until the connection has been closed. To decrease the “Minutes
Before an Idle Job is Closed” setting, see “Modifying Page Server performance
settings” on page 304.
Crystal Enterprise Administrator’s Guide
401
Report viewing and processing issues
11 Use multi-threaded database drivers.
Multi-threaded database drivers allow the processing servers to connect to the
database without having to wait for the database to fulfill initial requests.
ODBC connections are typically recommended because they provide
multithreaded connections to the database. However, Crystal Reports now
includes a number of thread-safe native and OLEDB drivers. A list of these
thread-safe drivers is available in the Crystal Reports Release Notes.
12 Check for problems with particular data sources.
If your report is based on a Lotus Notes database, you may need to perform
additional configuration. Download the latest instructions from the Crystal
Care Knowledge Base.
IBM offers several client applications for connecting to DB2. The recommended
client is IBM DB2 Direct Connect, whose ODBC drivers were written for actual
programmatic interaction with products like Crystal Enterprise. See the Crystal
Care Knowledge Base for discussions of this and other DB2 clients.
If you encounter problems with any other specific data sources, check the
Knowledge Base for the latest information.
Error detected by database driver
When a processing server receives an unknown message from the database driver,
an error message similar to the following appears:
Error Detected By Database DLL
This section provides some common troubleshooting steps for resolving this issue.
Before completing these steps, verify your database connectivity and general
reporting configuration (as described in “Troubleshooting reports and looping
database logon prompts” on page 400).
To troubleshoot database driver errors
1 Verify the database drivers for consistency.
Ensure that the database driver (ODBC or native) used when the report was
designed in Crystal Reports matches the database driver that is installed on the
Job Server, Page Server, and RAS.
If the Job Server or the Page Server is installed on UNIX, then the database
driver will not match exactly (the UNIX version will be a .so file instead of a
.dll). However, the Windows/UNIX versions of each driver should correspond
in regards to version numbers or driver release.
2 Disable the report’s “Use Indexes or Server for Speed” option.
Open the report in Crystal Reports and, on the File menu, click Options. On the
Database tab, clear the “Use Indexes or Server for Speed” option. Disabling this
option may resolve database driver errors.
402
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
3 Verify the report’s SQL statement and ensure that it has not been edited manually.
Open the report in Crystal Reports and, on the Database menu, click Show SQL
Query. Copy the query into a text editor; then use your database server’s query
tool to run the query.
If the option appears in Crystal Reports, click Reset in the Show SQL Query dialog
box. Compare the regenerated query with the version displayed in your text
editor. If the queries differ, save the report so it uses the regenerated SQL query.
Note: If you need to edit a report’s SQL statement, do so with a stored
procedure, rather than by editing it manually. If you have developed a web
application that modifies the SQL statement through code, ensure that only
the WHERE clause is changed.
4 Ensure that null values are not being passed to subreports.
If the report contains one or more subreports, open it in Crystal Reports and, on the
File menu, click Report Options. Select the “Convert Database NULL Values to
Default” check box and the “Convert Other NULL Values to Default” check box.
5 If the report is based off on ODBC driver, enable tracing to obtain more
information about the error.
On Windows, ODBC tracing can be started through the ODBC Data Source
Administrator. On UNIX, similar tracing can be enabled in the system
information file (.odbc.ini).
Once you enable tracing, run the report again from a browser to generate the
tracing log. After you run the report, disable tracing and review the log file for
additional “Error” or “Busy” messages. Tracing may provide additional details
that allow you to troubleshoot the problem.
6 If the report is based off Informix 7.3, check the database driver.
If a report that uses the Informix database driver (Windows version) causes a
database driver error, modify the report to use the Crystal Reports “CR
Informix” driver.
7 Verify the table definition of the database that the report is based off.
If your web application dynamically changes a report’s data source at runtime,
ensure that the schema of each database matches the schema of the database that
the report was originally designed for. Rather than running the same report against
diverse data sources, consider designing a separate report for each database.
8 Verify the data type of parameter values passed through code.
If your web application passes parameter values to a report, ensure that you are
casting the correct data type for the parameter value. It is always a good idea to
cast values to ensure they are of the correct type. For specific details, see the
function reference for your development language.
Crystal Enterprise Administrator’s Guide
403
Report viewing and processing issues
Ensuring that server resources are available on local drives
When the Crystal Enterprise servers are running on Windows, many can be
configured to use specific directories to store files. For example, you can specify the
root directory for each File Repository Server, the temporary directories for the
Cache and Page Servers, or the directory from which the Job Servers load
processing extensions. In all cases, the directory that you specify must be on a local
drive (such as C:\InputFRS or C:\Cache). Do not use Universal Naming Convention
(UNC) paths or mapped drives.
Although some Crystal Enterprise servers can recognize and use UNC paths, do
not configure the servers to access network resources in this manner. Use local
drives instead, because UNC paths can limit performance due to limitations in the
underlying protocol.
Tip: If your report runs against a PC database that resides on a network drive, then
the report itself must reference its data source through a UNC path. In this case, the
service must run under a domain user account with network permissions. For details,
see “Configuring Windows processing servers for your data source” on page 313.
Similarly, if you configure a server to use a mapped drive, the server may appear
to function correctly. However, servers cannot access mapped resources when the
machine is restarted. Drives are mapped according to your user profile when you
log on to Windows NT/2000, but, once a drive is mapped, it is available to the
entire operating system. So, when you log on and map a local or network drive, the
mapped drive is accessible to the LocalSystem account, and hence to the Crystal
Enterprise servers running on the local machine. When you log off the local
machine, the servers may retain access to the mapped drive for some time
(Windows will release the drive mapping if no application maintains a persistent
connection to the mapped resource). However, when you restart the local machine,
the mapped drive is not restored until you log back on.
Note: Changing a server’s log on account from the LocalSystem account to a
Windows NT/2000 user account with network privileges will not resolve the
problem, because the servers do not actually log on to the network with that
account. Instead, the servers perform “account impersonation.” This provides
access to some profile-specific resources (such as printers and email profiles), but
not others (such as ODBC User Data Source Names and mapped drives).
Page Server error when viewing a report
When you attempt to run or preview a report, the following error message appears:
There are no Page Servers connected to the Cache Server or all the connected
Page Servers are disabled. Please try to reconnect later. [On Page Server :
<servername>.Cacheserver]
This error indicates that the Page Server is not started and enabled. Use the CCM
to start the Page Server and then enable it. (If the Page Server was already started
and enabled, use the CCM to restart it.)
404
Crystal Enterprise Administrator’s Guide
20: General Troubleshooting
Crystal Enterprise web desktop considerations
Supporting users in multiple time zones
Avoid granting Schedule access to the default Guest account if you deploy the Crystal
Enterprise web desktop for users in different time zones. Instead, ensure that each
user who is allowed to schedule reports has a dedicated account on the system, and
that each user's Crystal Enterprise web desktop preferences include the appropriate
time-zone setting. To view or modify the time-zone setting for any user account, use
the Preferences Manager, which is available as a Client Sample on the Crystal
Enterprise User Launchpad. Dedicated accounts are recommended because the
default Guest account does not allow users to modify account preferences that would
affect other users. For more information about using specific time-zone properties in
your custom web applications, see the Crystal Enterprise SDK documentation.
Setting default report destinations
By default, a report's destination that is set in the CMC will be the selected
destination when a report is scheduled in the Crystal Enterprise web desktop. A user
can also select alternate destinations in the web desktop by updating the Destination
option. Note that the destination set in the Crystal Enterprise web desktop applies
only to the scheduled instance. Thus, when a user schedules another instance in the
web desktop, the destination that is set in the CMC will be selected, unless the user
changes the Destination option. If the user selects the Default destination setting in
the web desktop, reports are processed on the Job Server and sent to the File
Repository Server. The Default destination setting in the Crystal Enterprise web
desktop is equivalent to the Default destination setting in the CMC.
Setting preferences and report viewers for Crystal Enterprise
web desktop users
The Preferences Manager enables you to set the default Crystal Enterprise
preferences for each user on the system. If users have their own accounts on the
system, they can modify their preferences when they log on to Crystal Enterprise.
If users access Crystal Enterprise anonymously—with the Guest account—you can
use this tool to set preferences, including the default report viewer. Users cannot
change their preferences when they are logged on under the Guest account.
The Preferences Manager is available as a Client Sample on the Crystal Enterprise
User Launchpad.
Crystal Enterprise Administrator’s Guide
405
Crystal Enterprise web desktop considerations
Crystal Enterprise web desktop and Windows Single Sign On
The Crystal Enterprise web desktop provides its own form of “anonymous Single
Sign On,” which uses Enterprise authentication, as opposed to Windows NT or
Windows AD authentication. Design your own web applications accordingly (or
modify the Crystal Enterprise web desktop) if you want to use NT Single Sign On
or AD Single Sign On. By default, when a user launches the Crystal Enterprise web
desktop, he or she will be automatically logged on using the Guest account
(Enterprise authentication). However, even when you disable the Sign Up feature,
the Crystal Enterprise web desktop is designed to display a logon page. With
Single Sign On enabled, the user can select Windows NT or Windows AD from the
Authentication list and click Log On without entering his or her user name or
password. For details about creating web applications that use Single Sign On, see
the developer documentation available on your product CD.
For details on configuring IIS and Crystal Enterprise for Windows NT Single Sign
On, see “Setting up NT Single Sign On” on page 83. For details on configuring IIS
and Crystal Enterprise for Windows AD Single Sign On, see “Using AD Single
Sign On” on page 102.
406
Crystal Enterprise Administrator’s Guide
Licensing Information
21
This chapter describes how to view licensing information
and add license keys with the Crystal Management Console
(CMC). It also shows how to view your current account
activity.
Crystal Enterprise Administrator’s Guide
407
Licensing overview
Licensing overview
Crystal Enterprise is a scalable product that provides you with the ability to add
license keys as the demand for report information increases in your organization.
You can purchase concurrent, named, and processor licenses. RAS Report
Modification licenses are also available.
Concurrent licenses specify the number of people who can connect to Crystal
Enterprise at the same time. This type of licensing is very flexible because a small
concurrent license can support a large user base. For example, a 100 user
concurrent license could support 250, 500, or 700 users depending on the frequency
with which the system is accessed and the number and size of the reports.
Named user licenses are associated with specific users and allow people to access
the system based on their user name and password. This provides named users
with access to the system regardless of how many other people are connected. You
may want to purchase named user licenses for people in your organization who
require access to Crystal Enterprise at all times. For example, you could purchase
a named user license for each of the 25 managers and a concurrent license for 175
general users.
Processor licenses are based on the number of processors that are running Crystal
Enterprise. To determine the number of processor licenses you require, count the
number of processors on any servers running any component of Crystal Enterprise
(except the Web Connector).
Crystal Enterprise Embedded or RAS Report Modification licenses enable the
Report Application Server’s Software Development Kit (SDK) for report-creation,
thereby providing you with tools for building your own web-based reporting and
query tools. In addition, these licenses add standard report-creation and reportmodification wizards to the Crystal Enterprise web desktop, so users can create
and modify reports over the Web in an ad hoc fashion.
Note: If you are upgrading from a trial version of the product, be sure to delete
the Evaluation key prior to adding any new license keys or product activation
keycodes.
For more information about licenses, sessions, and session handling see “Crystal
Enterprise Security Concepts” on page 45.
408
Crystal Enterprise Administrator’s Guide
21: Licensing Information
Accessing license information
The License Keys tab identifies the number of concurrent, named, and processor
licenses associated with each key.
1 Go to the License Keys management area of the CMC.
2 Select a license key.
The details associated with the key appear in the Licensing Information area. To
purchase additional license keys:
• Contact your Crystal Decisions sales representative.
• Call 1-800-877-2340 (US/Canada) or 1-604-681-3435 (International).
• Email [email protected].
Crystal Enterprise Administrator’s Guide
409
Adding a license key
Adding a license key
Note: If you are upgrading from a trial version of the product, be sure to delete
the Evaluation key prior to adding any new license keys or product activation
keycodes.
1 Go to the License Keys management area of the CMC.
2 Type the key in the Add Key field.
Note: Key codes are case-sensitive.
3 Click Add.
The key is added to the list.
Viewing current account activity
1 Go to the Settings management area of the CMC.
2 Click the Metrics tab.
This tab displays current license usage, along with additional job metrics.
410
Crystal Enterprise Administrator’s Guide
21: Licensing Information
Express Edition vs. Professional Edition
This table outlines the key differences between the Express and Professional
editions of Crystal Enterprise.
Feature
Express
Professional
Crystal Repository refresh
X
X
Insert subreport
X
X
Unicode support
X
X
Setting locale of the Report Engine
X
X
New viewer architecture
X
X
Smart Tags
X
X
Exporting page ranges
X
X
New Excel export options
X
X
OLAP integration
X
X
Export drill down views
X
X
Embed URL link to report in email
X
Set database location
X
X
Custom printer settings
X
X
Java SDK
X
.NET SDK
X
RAS support for processing extensions
X
Distributed servers
X
Ability to define users/personalization
X
Concurrent users
X
Third-party authentication support
X
Events
X
X
Object distribution (Destinations)
X
Crystal Enterprise Mobile Desktop
X
X
Server group re-direction
X
X
Crystal Enterprise Administrator’s Guide
411
Express Edition vs. Professional Edition
412
Crystal Enterprise Administrator’s Guide
Rights and Access Levels
A
This appendix maps the rights that are available in the
Crystal Management Console (CMC) to the actual rights
available through the Crystal Enterprise SDK; it also lists
the rights that make up each of the predefined access levels,
and the default rights that are applied to the system’s toplevel folder. This appendix is provided primarily for
reference purposes. For complete details on setting rights,
see “Controlling User Access” on page 141.
Crystal Enterprise Administrator’s Guide
413
Rights
Rights
This table lists the rights available within the Advanced Rights page of the Crystal
Management Console (CMC). Other Crystal Enterprise plug-in components may
in future add their own, object-specific rights to this list. The table matches the
descriptions used in the CMC with the programmatic name that developers use
when assigning rights with the Crystal Enterprise SDK.
Description used in the CMC
Name used in the SDK
Respect current security by inheriting
rights from parent groups
AdvancedInheritGroups
Respect current security by inheriting
rights from parent folders
AdvancedInheritFolders
Add objects to the folder
ceRightAdd
View objects
ceRightView
Edit objects
ceRightEdit
Modify the rights users have to objects
ceRightModifyRights
Schedule the document to run
ceRightSchedule
Delete objects
ceRightDelete
Define server groups to process jobs
ceRightPickMachines
Delete instances
ceRightDeleteInstance
Copy objects to another folder
ceRightCopy
Schedule to destinations
ceRightSetDestination
View document instances
ceRightViewInstance
Pause and Resume document instances
ceRightPauseResumeSchedule
Print the report’s data
ceReportRightPrintReport
Refresh the report’s data
ceReportRightRefreshOnDemand
Report
Export the report’s data
ceReportRightPageServerExport
View objects that the user owns
ceRightOwnerView
Edit objects that the user owns
ceRightOwnerEdit
Modify the rights users have to objects that
the user owns
ceRightOwnerModifyRights
Delete objects that the user owns
ceRightOwnerDelete
Delete instances that the user owns
ceRightOwnerDeleteInstance
View document instances that the user owns ceRightOwnerViewInstance
Pause and resume document instances that
the user owns
414
ceRightOwnerPauseResume
Schedule
Crystal Enterprise Administrator’s Guide
A: Rights and Access Levels
Access levels
This section lists the rights that constitute each of the predefined access levels that
are available through the Advanced Rights page of the Crystal Management
Console (CMC).
Note: There is no predefined access level to grant users the rights required to
create or modify reports through the Report Application Server (RAS). For
details, see “Object rights for the Report Application Server” on page 417.
No Access
This access level ensures that all rights remain unspecified. That is, rights are
neither explicitly granted nor explicitly denied. When rights are unspecified, the
system denies the right by default.
View
Description used in the CMC
Name used in the SDK
View objects
ceRightView
View document instances
ceRightViewInstance
Schedule
Description used in the CMC
Name used in the SDK
View objects
ceRightView
Schedule the document to run
ceRightSchedule
Define server groups to process jobs
ceRightPickMachines
Copy objects to another folder
ceRightCopy
Schedule to destinations
ceRightSetDestination
View document instances
ceRightViewInstance
Print the report’s data
ceReportRightPrintReport
Export the report’s data
ceReportRightPageServerExport
Edit objects that the user owns
ceRightOwnerEdit
Delete instances that the user owns
ceRightOwnerDeleteInstance
Pause and resume document
instances that the user owns
ceRightOwnerPauseResumeSchedule
Crystal Enterprise Administrator’s Guide
415
Access levels
View On Demand
Description used in the CMC
Name used in the SDK
View objects
ceRightView
Schedule the document to run
ceRightSchedule
Define server groups to process jobs
ceRightPickMachines
Copy objects to another folder
ceRightCopy
Schedule to destinations
ceRightSetDestination
View document instances
ceRightViewInstance
Print the report’s data
ceReportRightPrintReport
Refresh the report’s data
ceReportRightRefreshOnDemand
Report
Export the report’s data
ceReportRightPageServerExport
Edit objects that the user owns
ceRightOwnerEdit
Delete instances that the user owns
ceRightOwnerDeleteInstance
Pause and resume document instances
that the user owns
ceRightOwnerPauseResumeSchedule
Description used in the CMC
Name used in the SDK
Full Control
416
Add objects to the folder
ceRightAdd
View objects
ceRightView
Edit objects
ceRightEdit
Modify the rights users have to objects
ceRightModifyRights
Schedule the document to run
ceRightSchedule
Delete objects
ceRightDelete
Define server groups to process jobs
ceRightPickMachines
Delete instances
ceRightDeleteInstance
Copy objects to another folder
ceRightCopy
Schedule to destinations
ceRightSetDestination
View document instances
ceRightViewInstance
Pause and Resume document
instances
ceRightPauseResumeSchedule
Print the report’s data
ceReportRightPrintReport
Crystal Enterprise Administrator’s Guide
A: Rights and Access Levels
Description used in the CMC
Name used in the SDK
Refresh the report’s data
ceReportRightRefreshOnDemand
Report
Export the report’s data
ceReportRightPageServerExport
Default rights on the top-level folder
The top-level Crystal Enterprise folder serves as the root for all other folders and
objects that you add to the system. This folder provides the following rights by
default:
• The Everyone group is granted the Schedule access level.
• The Administrators group is granted the Full Control access level.
Object rights for the Report Application Server
To allow users to create or modify reports over the Web through the Report
Application Server (RAS), you must have RAS Report Modification licenses
available on your system. You must also grant users a minimum set of object
rights. When you grant users these rights to a report object, they can select the
report as a data source for a new report or modify the report directly:
• View objects (or “View document instances”, as appropriate)
• Edit objects
• Refresh the report’s data
• Export the report’s data
User must also have permission to add objects to at least one folder before they can
save new reports back to Crystal Enterprise.
To ensure that users retain the ability to perform additional reporting tasks (such
as copying, scheduling, printing, and so on), it’s recommended that you first
assign the appropriate access level and update your changes. Then, change the
access level to Advanced, and add any of the required rights that are not already
granted. For instance, if users already have View On Demand rights to a report
object, you allow them to modify the report by changing the access level to
Advanced and explicitly granting the additional Edit objects right.
When users view reports through the Advanced DHTML viewer and the RAS, the
View access level is sufficient to display the report, but View On Demand is
required to actually use the advanced search features. The extra Edit objects right
is not required.
Tip: For more information about RAS Report Modification licenses, see “Licensing
overview” on page 408.
Crystal Enterprise Administrator’s Guide
417
Object rights for the Report Application Server
418
Crystal Enterprise Administrator’s Guide
Configuring NTFS Permissions
B
This appendix provides the recommended user account
and NTFS permissions for Crystal Enterprise components.
Crystal Enterprise Administrator’s Guide
419
Configuring NTFS permissions
Configuring NTFS permissions
When you view reports over the Web, insufficient New Technology File System
(NTFS) permissions on the server can cause a number of problems. For example, a
report may not appear in the viewer, even after you repeatedly enter the correct
database logon information.
NTFS provides security for file storage in Microsoft Windows. If a Crystal
Enterprise component is running on a user account that does not have the required
NTFS permissions, users may be unable to access reports over the Web.
To troubleshoot NTFS permissions, ensure that each Crystal Enterprise
component uses an account with the appropriate permissions. You may need to
change the user account or change the NTFS access for particular files and folders.
For details on changing server user accounts, see “Changing the server user
account” on page 326. For information on changing NTFS permissions, see the
Microsoft Windows help.
Configuring NTFS permissions for Crystal Enterprise components
Each component requires a user account with certain NTFS access rights to specific
files and folders. Ensure that each component is running on the correct user
account, and make sure the user account has the required NTFS permissions.
Web Connectors
Web Connectors use the anonymous access account specified by Microsoft Internet
Information Services (IIS). Ensure that this user account—called IUSR_<computername>
by default—has the appropriate NTFS permissions for the following files and folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
• <drive>:\Winnt\system32\ebus-3-3-2.dll
• <drive>:\Winnt\system32\etc-1-0-12.dll
• <drive>:\Winnt\system32\msvcp60.dll
Note:
• Additional problems may occur if there is a firewall between a Web Connector
and the Web Component Server. For more information, see “Configuring for
SOCKS servers” on page 387.
• If the Web Connector and the Web Component Server are on different
machines, you may also encounter problems with virtual application
mapping. For details, see Crystal Enterprise Installation Guide.
420
Crystal Enterprise Administrator’s Guide
B: Configuring NTFS Permissions
Web Component Server
By default, the Crystal Management Server uses the local System account to access
resources and Crystal Enterprise components. Ensure this user account has the
appropriate NTFS permissions for specific folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
• <drive>:\Program Files\Crystal Decisions\Web
Content\enterprise
• <drive>:\Program Files\Crystal
Decisions\WCS\CRImages
• <drive>:\Program Files\Crystal Decisions\WCS
• <drive>:\Program Files\Crystal
Decisions\Enterprise 10\win32_x86
• Write
• <drive>:\Program Files\Crystal
Decisions\WCS\Logging
Note: If your Crystal Enterprise deployment includes Crystal Analysis
Professional (CA Pro), the WCS user account also needs Read permission for the
CA Pro FileStore\Input folder.
File Repository Servers (FRS)
The Input and Output File Repository Servers (Input and Output FRS) use the local
System account by default; these accounts provide sufficient access to files and
folders on the local machine. However, if the Input or Output FRS needs access to
directories on other machines, set its user account to a domain user account with
local administrative access to all computers hosting Crystal Enterprise
components. For details on changing the user account, see “Changing the server
user account” on page 326.
Ensure that the user account for the Input FRS has the appropriate NTFS
permissions for the following folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
• <drive>:\Program Files\Crystal
Decisions\Enterprise 10\FileStore\Input
• Write
• <drive>:\Program Files\Crystal
Decisions\Enterprise 10\FileStore\Input
Crystal Enterprise Administrator’s Guide
421
Configuring NTFS permissions
For the Output FRS, make sure the user account has access to the following folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
• <drive>:\Program Files\Crystal Decisions\
Enterprise 10\FileStore\Output
• Write
• <drive>:\Program Files\Crystal Decisions\
Enterprise 10\FileStore\Output
Note:
• The Input and Output File Repository Servers cannot share the same directories.
• If the Input folder or the Output folder does not exist, the respective FRS
creates it when the service starts.
Crystal Management Server (CMS)
The CMS uses the local System account by default. This account does not need
access to other machines. Ensure that the System account has the appropriate
NTFS permissions for specific files and folders:
NTFS rights
Folders
• Read & Execute
• <drive>:\Winnt\system32\drivers\etc\hosts
• Write
• <drive>:\Program Files\Crystal Decisions\
Enterprise 10\win32_x86\CITemp
Cache Server
The Cache Server uses the local System account by default. If the Cache Server
needs to access Crystal Enterprise components on other machines, you must set its
user account to a domain user account that has local administrative access to all
computers hosting components. For details on changing the user account, see
“Changing the server user account” on page 326.
Ensure that the Cache Server’s user account has the correct NTFS permissions for
the following folders:
422
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
• <drive>:\Program Files\Crystal
Decisions\Enterprise 10\win32_x86
• Write
• <drive>:\Program Files\Crystal Decisions\WCS
Crystal Enterprise Administrator’s Guide
B: Configuring NTFS Permissions
Job Server
The Job Server uses the local System account by default. The Job Server must use a
different user account if it needs to access Crystal Enterprise components on other
machines. If the CMS, the Input FRS, or the Output FRS is not located on the same
machine as the Job Server, set the Job Server’s user account to a domain user
account that has local administrative access to all computers hosting these
components. For details on changing the user account, see “Changing the server
user account” on page 326.
Ensure that the Job Server’s user account has the correct NTFS permissions for the
following folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
•
•
•
•
• Write
• <drive>:\Program Files\Crystal Decisions\WCS
• <drive>:\Program Files\Crystal Decisions\
The system’s temporary directory
<drive>:\Winnt\Crystal
<drive>:\Winnt\Fonts
<drive>:\Program Files\Crystal Decisions\Shared
Enterprise 10\FileStore
Page Server
The Page Server connects to the database to retrieve the information needed to
build the report. For most Crystal Enterprise deployments, the reporting database
is located on a separate machine. If the Page Server is on a different machine from
the database, you must change the Page Server’s user account from the default
local System account to a domain user account with local administrative access to
the computer hosting the reporting database. For details on changing the user
account, see “Changing the server user account” on page 326.
Ensure that the Page Server’s user account has the correct NTFS permissions for
the following folders:
NTFS permissions
Files and folders
• Read
• <drive>:\Winnt\system32
• Read & Execute
•
•
•
•
•
• Write
Crystal Enterprise Administrator’s Guide
The system’s temporary directory
<drive>:\Winnt\Crystal
<drive>:\Winnt\Fonts
<drive>:\Program Files\Crystal Decisions\Shared
<drive>:\Program Files\Crystal Decisions\
Enterprise 10\FileStore\Input
• <drive>:\Program Files\Crystal Decisions\WCS
423
Configuring NTFS permissions
424
Crystal Enterprise Administrator’s Guide
Server Command Lines
C
This appendix lists the command-line options that control
the behavior of each Crystal Enterprise server.
Crystal Enterprise Administrator’s Guide
425
Command lines overview
Command lines overview
When you start or configure a server through the Crystal Management Console
(CMC) or the Crystal Configuration Manager (CCM), the server is started (or
restarted) with a default command line that includes a typical set of options and
values. In the majority of cases, you need not modify the default command lines
directly. Moreover, you can manipulate the most common settings through the
various server configuration screens in the CMC and the CCM. For reference, this
appendix provides a full listing of the command-line options supported by each
server. You can modify each server’s command line directly if you need to further
customize the behavior of Crystal Enterprise.
Throughout this appendix, values provided in square brackets [ ] are optional.
To view or modify a server’s command line
The procedure for viewing or modifying a server’s command line depends upon
your operating system:
• On Windows, use the CCM to stop the server. Then open the server’s Properties
to modify the command line. Start the server again when you have finished.
• On UNIX, run ccm.sh to stop the server. Then edit ccm.config to modify the
server’s command line. Start the server again when you have finished.
Note: On UNIX, each server’s command line is actually passed as an argument
to the crystalrestart.sh script. This script launches the server and monitors it
in case an automatic restart is required. See the ccm.config file and
“crystalrestart.sh” on page 443.
Standard options for all servers
These command-line options apply to all of the Crystal Enterprise servers, unless
otherwise indicated. See the remainder of this appendix for options specific to each
type of server.
Option
Valid Arguments
Behavior
-name
string
Specify the friendly name of the server. The server registers
this name with the Crystal Management Server (CMS), and
the name is displayed in the CMC. The default friendly
name is hostname.servertype
Note:
• Do not modify -name for a CMS.
• If you modify -name for an Input or Output File
Repository Server, you must include “Input.” or “Output.”
as the prefix to the value you type for string (for example,
-name Input.Server01 or -name Output.UK).
426
Crystal Enterprise Administrator’s Guide
C: Server Command Lines
Option
Valid Arguments
Behavior
-ns
cmsname[:port]
Specify the CMS that the server should register with. Add
port if the CMS is not listening on the default (6400). This
option does not apply to the CMS itself.
-requestPort
port
Specify the port that the server listens on. The server
registers this port with the CMS. If unspecified, the server
chooses any free port > 1024.
Note: This port is used for different purposes by different
servers. Before changing, see “Changing the default server
port numbers” on page 321.
-port
[interface:][port] Bind WCS or CMS to the specified port, or to the specified
network interface and port. Binds other servers to the
specified network interface. Useful on multihomed
machines or in certain NAT firewall environments.
Note:
• Use -port port or -port interface:port for WCS and
CMS. Use -port interface for other servers. The port
command is used for different purposes by different servers.
Before changing, see “Changing the default server port
numbers” on page 321.
• If you change the default port value for the CMS, you
must perform additional system configuration. For more
information please see “Changing the default server port
numbers” on page 321.
•
-restart
Server restarts if it exits with an unusual exit code.
-fg
UNIX only. Run the daemon in the foreground. When
passing the server’s command line to the crystalrestart.sh
script, you must use this option (see ccm.config). If you run
the server’s command line directly, do not use this option,
because the foreground process blocks the shell until the
server exits.
UNIX signal handling
On UNIX, the Crystal Enterprise daemons handle the following signals:
• SIGTERM results in a graceful server shutdown (exit code = 0).
• SIGSEGV, SIGBUS, SIGSYS, SIGFPE, and SIGILL result in a rapid shutdown (exit
code = 1).
Crystal Enterprise Administrator’s Guide
427
Crystal Management Server
Crystal Management Server
This section provides the command-line options that are specific to the CMS.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\CrystalMS.exe
The default path to the server on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystalcmsd
Option
Valid
Arguments
-threads
number
Behavior
Use a thread pool of the specified size. The default is
one thread per request.
-reinitializedb
Cause the CMS to delete the system database and
recreate it with only the default system objects.
-quit
Force the CMS to quit after processing the
-reinitializedb option.
-receiverPool
number
Specify the number of threads the CMS creates to
receive client requests. A client may be another Crystal
server, the Report Publishing Wizard, Crystal Reports,
or a custom client application that you have created.
The default value is 5. Normally you will not need to
increase this value, unless you create a custom
application with many clients.
-maxobjectsincache
number
Specify the maximum number of objects that the CMS
stores in its memory cache. Increasing the number of
objects reduces the number of database calls required
and greatly improves CMS performance. However,
placing too many objects in memory may result in the
CMS having too little memory remaining to process
queries. The upper limit is 100000.
-ndbqthreads
number
Specify the number of CMS worker threads sending
requests to the database. Each thread has a connection
to the database, so you must be careful not to exceed
your database capacity. In most cases, the maximum
value you should set is 10.
-AuditInterval
minutes
Specify interval at which the CMS requests audit
information from audited servers. The default value is 5
minutes. (Maximum value is 15 minutes, and minimum
value is 1 minute.)
-AuditBatchSize
number
Specify the maximum number of audit records that the
CMS requests from each audited server, per audit
interval. The default value is 200 records. (Maximum
value is 500, and minimum value is 50.)
428
Crystal Enterprise Administrator’s Guide
C: Server Command Lines
Option
Valid
Arguments
-auditMaxEventsPerFile
number
Specify the maximum number of records in the audit
log file. The default value is 500. If the number specified
by -auditMaxEventsPerFile is exceeded, the server
opens a new log file.
-AuditeeTimeSyncInterval
minutes
Specify the interval between time synchronization
events. The CMS broadcasts its system time to audited
servers at the interval specified by
-AuditeeTimeSyncInterval. The audited servers
compare their internal clocks to the CMS time, and then
adjust the timestamps they give to all subsequent audit
records so that the time of these records synchronizes
with the CMS time. The default interval is 60 minutes.
(Maximum value is 1 day, or 1440 minutes. Minimum
value is 15 minutes. Setting the interval to 0 turns off
time synchronization.)
Behavior
Web Component Server
This section provides the command-line options that are specific to the WCS.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\WebCompServer.exe
Option
Valid Arguments
Behavior
-defaultSessionTimeout
minutes
Specify the default session timeout, in minutes. If
unspecified, sessions time out after 20 minutes of
inactivity.
Page Server and Cache Server
The Page Server and the Cache Server are controlled in much the same way from
the command line. The command-line options determine whether the server starts
as a Page Server, a Cache Server, or both. Options that apply only to one server
type are noted below.
The default paths to the servers on Windows are:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\cacheserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\pageserver.exe
The default paths to the servers on UNIX are:
INSTALL_ROOT/crystal/enterprise/platform/crystalcachesd
INSTALL_ROOT/crystal/enterprise/platform/crystalpagesd
Crystal Enterprise Administrator’s Guide
429
Page Server and Cache Server
Option
Valid Arguments
-cache
-dir
Behavior
Enable Cache Server functionality.
absolutepath
Specify the cache directory for a Cache Server and
the temp directory for the Page Server. The
directories created are absolutepath/cache and
absolutepath/temp
-deleteCache
Delete the cache directory every time the server
starts and stops.
-psdir
absolutepath
Specify the temp directory for the Page Server.
This option overrides -dir.
-refresh
minutes
Share cached pages for the specified number of
minutes.
-maxDBResultRecords
number
Limit the number of database records that are
returned from the database. The default limit is
20000 records. If a user views an on-demand
report containing more than 20000 records, an
error message indicates that the report contains
too many database records. To increase the
enforced limit, increase number accordingly; to
disable the limit, replace number with 0 (zero).
-noautomaticdbdisconnect
Disable automatic database disconnection for the
Page Server. By default the Page Server will
automatically disconnect from the reporting
database after retrieving data, to free up database
licenses. This may affect performance if your site
uses many reports with on-demand subreports,
or group-by-on-server.
-report_ProcessExtPath
absolutepath
Specify the default directory for processing
extensions. For details, see “Applying processing
extensions to reports” on page 189.
-auditMaxEventsPerFile
number
On the Cache Server, specifies the maximum
number of audit actions recorded in the audit log
file. The default value is 500. If this maximum
number of records is exceeded, the server will
open a new log file.
430
Crystal Enterprise Administrator’s Guide
C: Server Command Lines
Report and Program Job Servers
This section provides the command-line options that are specific to the Report and
Program Job Servers.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\JobServer.exe
The default path to the server on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystaljobsd
Option
Valid Arguments
Behavior
-dir
absolutepath
Specify the data directory for the Job Server.
-lib
processinglibrary
Specify the processing library to load:
• procReport or
• procProgram
Loading procReport starts the Job Server as a
Report Job Server. Loading procProgram starts
the Job Server as a Program Job Server. This
option is used in conjunction with -objectType.
-objectType
progID
The program ID of the processing library,
which determines the class of object supported
by the Job Server:
• CrystalEnterprise.Report or
• CrystalEnterprise.Program
Used with -lib to specify whether the Job
Server becomes a Report Job Server or a
Program Job Server.
-maxJobs
number
Set the maximum number of concurrent jobs
that the server will handle. The default is five.
-requestJSChildPorts
lowerbound-upperbound
Specify the range of ports that child processes
should use in a firewall environment. For
example, 6800-6805 limits child processes to
six ports.
-report_ProcessExtPath
absolutepath
Specify the default directory for processing
extensions. For details, see “Applying
processing extensions to reports” on page 189.
-auditMaxEventsPerFile
number
Specify the maximum number of records in the
audit log file. The default value is 500. If the
number specified by -auditMaxEventsPerFile is
exceeded, the server opens a new log file.
Crystal Enterprise Administrator’s Guide
431
Report Application Server
Report Application Server
This section provides the command-line options that are specific to the Report
Application Server.
The default path to the server on Windows is:
C:\Program Files\Common Files\Crystal Decisions\2.5\bin\crystalras.exe
The default path to the server on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/ras/crystalrasd
Option
Valid Arguments
Behavior
-ipport
port
Specify the port number for receiving TCP/IP
requests when running in stand-alone mode
(outside of Crystal Enterprise).
-report_ProcessExtPath
absolutepath
Specify the default directory for processing
extensions. For details, see “Applying processing
extensions to reports” on page 189.
-ProcessAffinityMask
mask
Use a mask to specify exactly which CPUs that
RAS will use when it runs on a multi-processor
machine.
The mask is in the format 0xffffffff, where each f
represents a processor, and the list of processors
reads from right to left (that is, the last f represents
the first processor). For each f, substitute either 0
(use of CPU not permitted) or 1 (use of CPU is
permitted). Convert the resulting binary number
(0110, for example) to hexadecimal. For example, if
you run the RAS on a 4 processor machine and
want it to use the 3rd and 4th processor, use the
mask 0x0000000C. To use the 2nd and 3rd processor,
use 0x00000006.
Note:
• RAS uses the first permitted processors in the
string, up to the maximum specified by your
license. If you have a two processor license,
0x0000000E has the same effect as 0x00000006.
• The default value of the mask is -1, which has
the same meaning as 0x0000000F.
-auditMaxEventsPerFile
432
number
Specify the maximum number of records in the
audit log file. The default value is 500. If the
number specified by -auditMaxEventsPerFile is
exceeded, the server opens a new log file.
Crystal Enterprise Administrator’s Guide
C: Server Command Lines
Input and Output File Repository Servers
This section provides the command-line options that are specific to the Input and
Output File Repository Servers.
The default paths to the servers on Windows are:
C:\Program Files\Crystal Decisions\Enterprise
10\win32_x86\inputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise
10\win32_x86\outputfileserver.exe
The default path to the program that provides both servers on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystalfilesd
Note: If you modify -name for an Input or Output File Repository Server, you
must include “Input.” or “Output.” as the prefix to the value you type (for
example, -name Input.Server01 or -name Output.UK).
Option
Valid Arguments
Behavior
-rootDir
absolutepath
Set the root directory for the various subfolders and files that are
managed by the server. File paths used to refer to files in the File
Repository Server are interpreted relative to this root directory.
Note: All Input File Repository Servers must share the same root
directory, and all Output File Repository Servers must share the
same root directory (otherwise there is a risk of having
inconsistent instances). Additionally, the input root directory
must not be the same as the output root directory. It is
recommended that you replicate the root directories using a RAID
array or an alternative hardware solution.
-tempDir
absolutepath
Set the location of the temporary directory that the FRS uses to
transfer files. Use this command line option if you want to control
the location of the FRS temporary directory, or if the default
temporary directory name generated by the FRS exceeds the file
system path limit (which will prevent the FRS from starting).
-maxidle
minutes
Specify the number of minutes after which an idle session is
cleaned up.
Crystal Enterprise Administrator’s Guide
433
Event Server
Event Server
This section provides the command-line options that are specific to the Event Server.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\EventServer.exe
The default path to the server on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystaleventsd
Option
Valid Arguments
Behavior
-poll
seconds
Specify the frequency (in seconds) with which the server
checks for File events.
-cleanup
minutes
Specify the frequency (in minutes) with which the server
cleans up listener proxies.
-auditMaxEvent
sPerFile
number
Specify the maximum number of records in the audit log file.
The default value is 500. If the number specified by
-auditMaxEventsPerFile is exceeded, the server opens a new
log file.
434
Crystal Enterprise Administrator’s Guide
UNIX Tools
D
This appendix details each of the administrative tools and
scripts that are included with the UNIX distribution of
Crystal Enterprise. This appendix is provided primarily for
reference purposes. Concepts and configuration
procedures are discussed in more detail throughout this
guide.
Crystal Enterprise Administrator’s Guide
435
UNIX tools overview
UNIX tools overview
The UNIX distribution of Crystal Enterprise includes a number of scripts that,
together, provide you with all the configuration options that are available in the
Windows version of the Crystal Configuration Manager (CCM). There are a
number of other scripts that provide you with UNIX-specific options or serve as
templates for your own scripts. Also, there are several secondary scripts that are
used by Crystal Enterprise. Each script is described here and the command-line
options are provided where applicable.
Script utilities
This section describes the administrative scripts that assist you in working with
Crystal Enterprise on UNIX. The remainder of this guide discusses the concepts
behind each of the tasks that you can perform with these scripts. This reference
section provides you the main command-line options and their arguments.
ccm.sh
The ccm.sh script is installed to the crystal directory of your installation. This
script provides you with a command-line version of the CCM. This section lists the
command-line options and provides some examples.
Note:
• Arguments in square brackets [ ] are optional.
• By default, servers are named with a hostname.servertype convention. If the
option requires the server name, use servertype as the server name. If the
option requires the fully qualified server name, use hostname.servertype. If you
are unsure of a server’s fully qualified name, look in the ccm.config file, locate
the server’s launch string, and use the value that appears after the -name option.
• Arguments denoted by other authentication information are provided in
the second table.
CCM Option
Valid Arguments
Description
-help
n/a
Display command-line help.
-start
all or servername
Start each server as a process. Use the
short form of the server name.
-stop
all or servername
Stop each server by terminating its
Process ID. Use the short form of the
server name.
-restart
all or servername
Stop each server by terminating its
Process ID; then each server is started.
Use the short form of the server name.
436
Crystal Enterprise Administrator’s Guide
D: UNIX Tools
CCM Option
Valid Arguments
Description
-enable
all or hostname.servertype
Enable a started server so that it registers
with the system and starts listening on the
appropriate port. Use the fully qualified
form of the server name.
all or hostname.servertype
Disable a server so that it stops
responding to Crystal Enterprise requests
but remains started as a process. Use the
fully qualified form of the server name.
-display
server [other authentication
information]
Reports the server’s current status
(enabled or disabled). The CMS must be
running before you can use this option.
-updateobjects
[other authentication
information]
Update objects migrated from a previous
version of Crystal Enterprise into your
current CMS system database. Use this
option after running cmsdbsetup.sh. See
“Completing a CMS database migration”
on page 294 for more information.
[other authentication
information]
-disable
[other authentication
information]
This table describes the options that make up the argument denoted by other
authentication information.
Authentication
Option
Valid arguments
Description
-cms
cmsname:port#
Specify the CMS that you want to log on
to. If not specified, the CCM defaults to
the local machine and the default port
(6400).
-username
username
Specify an account that provides
administrative rights to Crystal
Enterprise. If not specified, the default
Administrator account is attempted.
-password
password
Specify the corresponding password. If
not specified, a blank password is
attempted.
Note: To specify the -password argument,
you must also specify the -username
argument.
-authentication
secEnterprise, secLDAP
Specify the appropriate authentication
type for the administrative account. If not
specified, secEnterprise is attempted.
The CCM reads the server launch strings and other configuration values from the
ccm.config file. For details, see “ccm.config” on page 438.
Crystal Enterprise Administrator’s Guide
437
Script utilities
Examples
These two commands start and enable all the servers. The Crystal Management
Server (CMS) is started on the local machine and the default port (6400):
ccm.sh -start all
ccm.sh -enable all
These two commands start and enable all the servers. The CMS is started on port
6701, rather than on the default port:
ccm.sh -start all
ccm.sh -enable all -cms MACHINE01:6701
These two commands start and enable all the servers with a specified
administrative account named SysAdmin:
ccm.sh -start all
ccm.sh -enable all -cms MACHINE01:6701 -username SysAdmin -password 35%bC5@5
-authentication LDAP
This single command logs on with a specified administrative account to disable a
Job Server that is running on a second machine:
ccm.sh -disable MACHINE02.crystaldecisions.com.reportserver -cms
MACHINE01:6701 -username SysAdmin -password 35%bC5@5 -authentication secLDAP
ccm.config
This configuration file defines the server launch strings and other values that are
used by the CCM when you run its commands. This file is maintained by the CCM
itself, and by the other Crystal Enterprise script utilities. You typically edit this file
only when you need to modify a server’s command line. For details, see
“Command lines overview” on page 426.
cmsdbsetup.sh
The cmsdbsetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the CMS
database, CMS clusters, and to set up the audit database
You can add a CMS to a cluster by selecting a new data source for its CMS
database. You can also delete and recreate (re-initialize) a CMS database, copy data
from another data source, or change the existing cluster name.
Note: Before running this script, back up your current CMS database. Also be
sure to see “Configuring the intelligence tier” on page 284 for additional
information about CMS clusters and configuring the CMS database.
The script will prompt you for the name of your CMS. By default, the CMS name
is hostname.cms. That is, the default name of a CMS installed on a machine called
MACHINE01 is MACHINE01.cms. To check the name of your CMS (or any other server),
view the contents of ccm.config and look for the server’s launch string. The server’s
current name appears after the -name option.
438
Crystal Enterprise Administrator’s Guide
D: UNIX Tools
For more information about configuring the CMS database, see “Configuring the
intelligence tier” on page 284. For more information about setting up the auditing
database, see “Configuring the auditing database” on page 334.
configpatch.sh
The configpatch.sh script is installed to the crystal/enterprise/generic directory
of your installation. Use the configpatch.sh script when installing patches that
require updates to system configuration values. After installing the patch, run
configpatch.sh with the appropriate .cf file name as an argument. The readme.txt
file that accompanies Crystal Enterprise patches tells you when to run
configpatch.sh, and the name of the .cf file to use.
serverconfig.sh
The serverconfig.sh script is installed to the crystal directory of your installation.
This script provides a text-based program that enables you to view server
information and to add and delete servers from your installation. This script adds,
deletes, modifies, and lists information from the ccm.config file.
When you modify a server using serverconfig.sh, you can change the location of
its temporary files. For the Crystal Management Server, you can change its port
number or enable auditing. For the Input File Repository Server or the Output File
Repository Server, you can enter the root directory.
To add/delete/modify/list UNIX servers
1 Go to the crystal directory of your installation.
2 Issue the following command:
./serverconfig.sh
The script prompts you with a list of options:
• 1 - Add a server
• 2 - Delete a server
• 3 - Modify a server
• 4 - List all servers in the config file
3 Type the number that corresponds to the action you want to perform.
4 If you are adding, deleting, or modifying a server, provide the script with any
additional information that it requests.
Tip: The script will prompt you for the name of your CMS. By default, the CMS
name is hostname.cms. That is, the default name of a CMS installed on a machine
called MACHINE01 is MACHINE01.cms. However, in this script you can enter
hostname to check the name of your CMS (or any other server), view the contents
of ccm.config, and look for the server’s launch string. The server’s current name
appears after the -name option.
Crystal Enterprise Administrator’s Guide
439
Script utilities
5 Once you have added or modified a server, use the CCM to ensure that the
server is both started and enabled.
For more information about each of these topics, see “Scalability overview” on
page 356.
sockssetup.sh
The sockssetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the Web
Component Adapter (WCA) and the Crystal Management Server (CMS) when
they must communicate across one or more SOCKS proxy server firewalls. For
technical information about Crystal Enterprise and firewalls, see “Firewalls
overview” on page 368.
This script does not configure the Web Connector to communicate with the WCS
through a SOCKS server. If a SOCKS server separates your web server from the
WCS, you must manually configure the Web Connector configuration file that
corresponds to your web server. For more information, see “Configuring the Web
Connector for SOCKS servers” on page 389.
To modify SOCKS configuration
1 Go to the crystal directory of your installation.
2 Issue the following command:
./sockssetup.sh
3 Type wca to configure the communication between the WCA and the CMS. Or,
type servers to configure SOCKS information between the remaining servers.
The script may prompt you for the name or “friendly name” of the server. By
default, each server’s name is hostname.servertype. To check the name of a
server, view the contents of ccm.config and look for the server’s launch string.
The server’s current name appears after the -name option.
The “friendly name” of the WCA by default is hostname.wca. To check the name
of the WCA, look for the <display-name> of the WCA as listed in the web.xml
file in the WEB-INF directory of the webcompadapter.war archive. (This archive is
found in the crystal_root/enterprise/JavaSDK/applications directory, where
crystal_root is the root directory of your Crystal Enterprise installation.)
4 Specify one of the available actions:
• Type show to display any SOCKS servers that have already been entered
with this script. A blank list is displayed if no servers have been added.
• Type create to add a new SOCKS server to the list.
• Type modify to change one of the SOCKS servers in the list.
• Type delete to remove a SOCKS server from the list.
• Type moveup or movedown to modify the sequence of SOCKS servers.
440
Crystal Enterprise Administrator’s Guide
D: UNIX Tools
5 Proceed through the script and provide any additional information that it
requests:
• If you are creating a new entry in the list, you will typically need to provide
the name or IP address of the SOCKS server, the port number it is listening
on, the version number of the SOCKS server (4 or 5), and any
authentication information that the Crystal Enterprise servers will require
in order to establish a connection with your SOCKS server.
• If you choose to delete, modify, or move an existing entry, you will be
asked to specify the server “by index.” Type the number that corresponds
to the SOCKS server you want to modify.
For details about SOCKS and the importance of the sequence of servers, see
“Configuring for SOCKS servers” on page 387.
uninstallCE.sh
The uninstallCE.sh script is installed to the crystal directory of your installation.
This script deletes all of the files installed during your original installation of
Crystal Enterprise by running the scripts in the crystal/uninstall directory. Do
not run the scripts in the uninstall directory yourself: each of these scripts
removes only the files associated with a single Crystal Enterprise component,
which may leave your Crystal Enterprise system in an indeterminate state.
Before running this script, you must disable and stop all of the Crystal Enterprise
servers. If you are uninstalling a Web Connector, you should stop your web server,
because the Web Connector modules and related files will be deleted.
Note:
• When you uninstall a Web Connector, you must manually remove any
changes that you made to your web server’s configuration files when you set
up Crystal Enterprise. Failure to remove these changes may result in web
server errors, because the uninstall.sh script deletes the Web Connector
modules and configuration files that your web server loads when it starts.
Thus, you should remove these entries manually before restarting the web
server. If someone else in your organization installed and set up Crystal
Enterprise, see the Crystal Enterprise Installation Guide for details about the Web
Connector entries for your web server.
• The uninstallCE.sh script will not remove files created during the installation
process, or files created by the system or by users after installation. To remove
these files, after running installCE.sh, perform an rm -Rf command on the
crystal directory.
• If you performed the “system” installation type, you will also need to delete
the run control scripts from the appropriate /etc/rc# directories.
Crystal Enterprise Administrator’s Guide
441
Script templates
Script templates
These scripts are provided primarily as templates upon which you can base your
own automation scripts.
startservers
The startservers script is installed to the crystal directory of your installation.
This script can be used as a template for your own scripts: it is provided as an
example to show how you could set up your own script that starts the Crystal
Enterprise servers by running a series of CCM commands. For details on writing
CCM commands for your servers, see “ccm.sh” on page 436.
stopservers
The stopservers script is installed to the crystal directory of your installation. This
script can be used as a template for your own scripts: it is provided as an example
to show how you could set up your own script that stops the Crystal Enterprise
servers by running a series of CCM commands. For details on writing CCM
commands for your servers, see “ccm.sh” on page 436.
silentinstall.sh
The silentinstall.sh script is installed to the crystal directory of your
installation. Once you have set up Crystal Enterprise on one machine, you can use
this template to create your own scripts that install Crystal Enterprise
automatically on other machines. Essentially, once you have edited the
silentinstall.sh template accordingly, it defines the required environment
variables, runs the installation and setup scripts, and sets up Crystal Enterprise
according to your specifications, without requiring any further input.
The silent installation is particularly useful when you need to perform multiple
installations and do not want to interrupt people who are currently working on
machines in your system. You can also use the silent installation script in your own
scripts. For example, if your organization uses scripts to install software on machines,
you can add the silent Crystal Enterprise installation command to your scripts.
For information about script parameters, see the comments in the silentinstall.sh
script.
Note:
• Because the silentinstall.sh file is installed with Crystal Enterprise, you
cannot install silently the first time you install Crystal Enterprise.
• The silent installation is not recommended if you need to perform custom
installations. The installation options are simplified and do not allow for the
same level of customization provided in the Crystal Enterprise install script.
442
Crystal Enterprise Administrator’s Guide
D: UNIX Tools
Scripts used by Crystal Enterprise
These secondary scripts are often run in the background when you run the main
Crystal Enterprise script utilities. You need not run these scripts yourself.
crystalrestart.sh
This script is run internally by the CCM when it starts the Crystal Enterprise server
components. If a server process ends abruptly without returning its normal exit
code, this script automatically restarts a new server process in its place. Do not run
this script yourself.
env.sh
The env.sh script is installed to the crystal directory of your installation. This script
sets up the Crystal Enterprise environment variables that are required by some of the
other scripts. Crystal Enterprise scripts run env.sh as required. When you install
Crystal Enterprise on UNIX, you must configure your Java application server to source
this script on startup. See the Crystal Enterprise Installation Guide for more details.
env-locale.sh
The env-locale.sh script is used for converting the script language strings
between different types of encoding (for example, UTF8 or EUC or Shift-JIS). This
script is run by env.sh as needed.
initlaunch.sh
The initlaunch.sh script runs env.sh to set up the Crystal Enterprise
environment variables, and then runs any command that you have added as a
command-line argument for the script. This script is intended primarily for use as
a debugging tool by Crystal Decisions, Inc..
patchlevel.sh
The patchlevel.sh is installed to the crystal/enterprise/generic directory of your
installation. This script reports on the patch level of your UNIX distribution. This
script is intended primarily for use by Crystal Decisions, Inc. support staff.
Option
Valid Arguments
Description
list
n/a
List all the installed patches.
query
patch #
Query the operating system for the presence of
a particular patch by numeric ID.
check
textfile
Check that all the patches listed in textfile
are installed on your operating system.
Crystal Enterprise Administrator’s Guide
443
Scripts used by Crystal Enterprise
postinstall.sh
The postinstall.sh script is installed to the crystal directory of your installation.
This script runs automatically at the end of the installation script and launches the
setup.sh script. You need not run this script yourself.
setup.sh
The setup.sh script is installed to the crystal directory of your installation. This
script provides a text-based program that allows you to set up your Crystal
Enterprise installation. This script is run automatically when you install Crystal
Enterprise. It prompts you for the information that is required in order to set up
Crystal Enterprise for the first time.
For complete details on responding to the setup script when you install Crystal
Enterprise, see the Crystal Enterprise Installation Guide.
setupinit.sh
The setupinit.sh script is installed to the crystal directory of your installation
when you perform a system installation. This script copies the run control scripts
to your rc# directories for automated startup. When you run a system installation
you are directed to run this script after the setup.sh script completes.
Note: You must have root privileges to run this script.
444
Crystal Enterprise Administrator’s Guide
International Deployments
E
From server configuration to report design, this appendix
recommends the best practices for improving your Crystal
Enterprise deployment’s efficiency for a multilingual,
worldwide audience.
Crystal Enterprise Administrator’s Guide
445
International deployments overview
International deployments overview
When you distribute reports to a worldwide audience, you need to accommodate
users working in various languages, time zones, and countries. Crystal Enterprise
and Crystal Reports provide powerful capabilities for presenting data in a number
of languages. This chapter provides recommendations for creating and managing
content deployed through Crystal Enterprise to a multilingual, worldwide
audience.
International deployments require thorough planning, from choosing the best
server configuration to adopting special report design techniques. To support
multiple languages in Crystal Enterprise, you need to ensure that the servers have
the appropriate resources for delivering content in different languages. In Crystal
Reports, you can use parameters and formulas to create flexible reports that allow
users to choose between different languages or formats.
Note: For large Crystal Enterprise deployments, it is good practice to work with
our global team of certified consultants and consulting partners. For more
information, see “Crystal Consulting” on page 8.
Deploying Crystal Enterprise internationally
Deploying a Crystal Enterprise system for an international audience introduces a
unique set of challenges. When you increase support to address a specific user
need such as a new language, you often need to increase the complexity of your
deployment. In many cases, you will need to make significant changes to support
a multilingual environment.
Many problems can be avoided by planning the Crystal Enterprise deployment in
advance. How much multilingual support do your users need? How much support
is realistic from a resource perspective? Do you have the people, processes, hardware,
and software in place to provide an international Crystal Enterprise system?
When you have determined the best approach, you can configure the available
resources to deliver the best possible Crystal Enterprise solution for your users.
Planning an international Crystal Enterprise deployment
To ensure that your deployment is successful, you need to thoroughly plan the
deployment with international considerations in mind.
• Assess the needs of your users. Begin with a comprehensive list of job tasks
and other user requirements.
• Ensure that you have the appropriate resources for delivering Crystal
Enterprise to all of your users, and for maintaining its future growth.
446
Crystal Enterprise Administrator’s Guide
E: International Deployments
Consider this international deployment scenario. Half of your organization speaks
Japanese and the other half speaks English. Because there is significant user need
for both languages, you may want to provide two Crystal Enterprise systems: one
on a Japanese operating system with Japanese reports, web interfaces, and server
components; the other on an equivalent English system.
After these Japanese and English systems are in place, your organization opens
satellite offices in Paris and Venice. For the three employees at the small Paris office,
you could deploy a third Crystal Enterprise system in French. However, it would
be more cost-effective to ask your French staff to publish their French reports to the
English deployment. Some of the components and messages will appear in English,
but they will be able to publish and view French reports on the English system. In
this situation, the costs of implementing and maintaining a full French deployment
are too high; your available resources help determine the best solution.
For the Venice office, deploying an Italian Crystal Enterprise installation is not an
option. Crystal Enterprise is not currently translated into Italian. However, your
Venice employees can publish and view Italian reports using the English Crystal
Enterprise system. They will also receive some English messages while using the
English software to view the Italian reports. Because Crystal Enterprise is not
available in all languages, you may need to develop creative solutions for some of
your users.
This solution responds to changing audience requirements, and provides the best
quality of data access to the most people, within the limits of the available
resources. When you plan an international Crystal Enterprise deployment,
consider these two important factors: the language needs of your users, and the
available server resources.
Languages
A quick survey of your organization should provide enough information to
determine your language requirements. Which languages are used most often
across the organization? Is there a demand for reports in all of these languages?
Which languages does your company currently support on its web site? How
many languages do your report users speak? It may be necessary to provide
reports in only two or three languages.
Make sure you check your language requirements against the list of supported
languages for Crystal Enterprise. Crystal Enterprise software is available in
English, French, German, and Japanese. For these languages, the software itself has
been translated (or localized), with all functions and features available in the
specific language. Crystal Enterprise also accepts content created in other
supported languages: Spanish, Italian, Korean, Simplified Chinese, and
Traditional Chinese. You can publish objects in these languages using one of the
Crystal Enterprise Administrator’s Guide
447
Deploying Crystal Enterprise internationally
localized versions of Crystal Enterprise. Note that the Crystal Enterprise software
is not translated into these languages.
Localized languages
Other supported content
English
Chinese (Simplified and Traditional)
French
Italian
German
Korean
Japanese
Spanish
Resources
After you determine which languages are required, look at the resources required
to implement the different server configurations that will meet the language needs
of your users.
You can provide separate Crystal Enterprise deployments for each language, or
you can ask users to create reports in one language and deliver them using servers
in another language. Do you have the resources and people you need to manage
multiple systems or can you support only one Crystal Enterprise deployment?
For any deployment that involves more than one language, you must account for
additional server requirements. For example, if you run an English version of
Crystal Enterprise on a German operating system, you must ensure that you have
the correct combination of components for both languages.
You should choose the right deployment based on the available resources. For each
server, ensure that you have the appropriate operating system, fonts, and language
files.
• Languages
Install the appropriate languages on all servers. Even if only a few users design
reports in Spanish and Japanese against an English server, Spanish and Japanese
language files must be installed on all servers used in the English deployment.
For information on installing languages, consult your operating system’s
documentation.
• Fonts
If a language requires a special font, install the font files on all machines running
Crystal Enterprise components. For information on installing fonts, consult your
operating system’s documentation.
Note:
• Depending on the languages, data may not be displayed properly. For
example, if you publish reports in a “double-byte” language like Japanese
to an English server, the double-byte characters may not display properly
in chart titles, drill-down tabs, group tree values, and strings in formulas.
These strings use the system font specified by the server to display text.
Unless the system font supports double-byte characters, Crystal Enterprise
will not display the strings properly.
448
Crystal Enterprise Administrator’s Guide
E: International Deployments
• If, after installing the necessary fonts on the various servers, Crystal Enterprise
does not render the report properly, install Crystal Reports on the problematic
servers. Then, open the problem report and refresh it. For more information,
see “Troubleshooting reports with Crystal Reports” on page 398.
• Operating systems
Depending on your language needs, you may need to install a localized operating
system on machines running Crystal Enterprise components. The operating
system may affect certain messages that appear when working with Crystal
Enterprise. To ensure that all messages appear in the language you want, make
sure you install the appropriate version of the operating system, and make sure
it is a language supported by Crystal Enterprise.
For example, if you access French reports from a French client using an English
version of Crystal Enterprise on the server, you must have a French operating
system on the server.
• People
Depending on your configuration, you may need additional people to help
deliver and maintain your Crystal Enterprise system. If you deploy multiple
systems for different languages, you may need another system administrator or
IT professional to configure and maintain the system. When you are working
with localized versions of operating systems and software, it is good practice to
have someone on staff who not only has the technical IT skills, but also the
language skills required to manage the system.
Configuring a solution for multiple languages
After you determine the required languages and available resources, you can
develop a Crystal Enterprise configuration that best suits your needs. Varying
degrees of language support can be achieved using multiple installations, a
combination of components using different languages, or by publishing content
written in different languages. In most international deployments, you will need
to develop a combination of several methods in order to deliver reports for all
languages used in your organization.
Deploying multiple Crystal Enterprise systems
You can install a separate Crystal Enterprise system for each language, with all
components, servers, and software operating in the same language. Crystal
Enterprise is available in English, French, German, and Japanese. If a large number
of your users speak more than one of these languages, consider deploying more
than one Crystal Enterprise system.
By using one language for all components, including the servers, clients, operating
systems, you ensure that users never encounter different languages while
accessing the system. You also reduce the number of potential troubleshooting
issues that can occur when using a combination of languages on the same system.
Crystal Enterprise Administrator’s Guide
449
Deploying Crystal Enterprise internationally
For each deployment, ensure that the operating system uses the same language as
the version of Crystal Enterprise, and that users access client tier components that
also use this language. All supported browsers can be used to access client tier
components such as the Crystal Enterprise web desktop.
For example, if you have an equal number of English- and Japanese-speaking
employees, you can install English and Japanese deployments of Crystal
Enterprise. English employees will access an English client tier, running against
English server components on English operating systems. Japanese employees will
use Japanese clients, server components, and operating systems.
Although multiple Crystal Enterprise deployments resolves many multilingual
configuration issues, this solution also requires more resources and maintenance.
It may be more cost-effective to deploy one Crystal Enterprise system for use with
multiple languages. Also, a multiple deployment solution is possible only for
localized languages.
Note: Separate Crystal Enterprise systems cannot share information. To distribute
an object using more than one system, you must publish the object to each system.
Deploying one Crystal Enterprise system for multiple languages
If you do not have the resources required for multiple deployments, or if the
majority of your users do not speak one of the languages that Crystal Enterprise is
available in (English, French, German, or Japanese), you can deploy one Crystal
Enterprise system for multiple languages. By delivering one system for multiple
languages, you may be able to leverage resources you already have. Depending on
the languages you need, you may be able to provide access to a single server from
clients using different languages. If you need to provide a system for a language
that Crystal Enterprise is not available in, deploying one system for multiple
languages is the best solution.
When you use multiple languages within the same Crystal Enterprise deployment,
you can expect to encounter different languages in the user interface. The
languages used for each component may vary depending on the language defaults
450
Crystal Enterprise Administrator’s Guide
E: International Deployments
and available language files. Some components get language information from the
software itself, while others depend on settings in the browser or operating system.
Most versions of Crystal Enterprise must run on an operating system that uses the
same language. However, the English version of Crystal Enterprise can run on an
operating system that uses any supported language, using client components such
as the web desktop that use the same language, or English. You can run the English
version of Crystal Enterprise on an operating system that uses one of the following
languages: French, German, Japanese, Spanish, Italian, Korean, Simplified
Chinese, or Traditional Chinese. You can access the English client tier components
using a browser with the same language as either the server’s operating system or
the Crystal Enterprise software installed on the server.
Multilingual access to client tier components such as the Crystal Enterprise web
desktop depends on the languages you need. For French, German, and Japanese
versions of Crystal Enterprise, you can install the appropriate version of the web
desktop in a separate directory. For other supported languages (Spanish, Italian,
Korean, Simplified Chinese, and Traditional Chinese), you can customize the Web
interface to display the same language as your server’s operating system. For
details, see “Providing a client tier for multiple languages” on page 453.
In the previous scenario, two Crystal Enterprise systems were deployed: one for
English and one for Japanese. If the company did not have the resources to install
and maintain Crystal Enterprise systems for both English and Japanese, they could
combine the two into one deployment.
With the English version of Crystal Enterprise installed on a Japanese operating
system, you can access the system using English and Japanese web browsers.
To provide Japanese client components, you need to install the Japanese version of
the Crystal Enterprise web desktop or customize your web client. The English
version of Crystal Enterprise will automatically install the English client components
such as the web desktop. For Japanese users, you need to install a Japanese version
of the client components under a different directory than the English version.
Note: This solution currently works only with the English version of Crystal
Enterprise. For example, you cannot run the French version of Crystal Enterprise
on a Japanese operating system.
Crystal Enterprise Administrator’s Guide
451
Deploying Crystal Enterprise internationally
Deploying one system for multiple languages is the best solution for non-localized
languages. If you run English Crystal Enterprise components on an operating
system that uses one of the supported languages, you can access the components
from a browser that uses the same language as the operating system. Because
standard Crystal Enterprise client components are available only in localized
languages, you need to customize them in order to support other languages.
For example, if half of your employees are Italian, and the other half are English,
this deployment displays the appropriate language most of the time for both
Italian and English employees.
This deployment is similar to the English and Japanese system, except that the
client components must be customized to display Italian. For Japanese users, you
were able to install the localized Japanese client components. For Italian users,
however, you must customize the web interface to create your own Italian client.
Publishing reports created in a different language
You can publish reports created in any supported language to any Crystal
Enterprise system. All Crystal Enterprise configurations allow you to publish
reports written in a supported language, even if Crystal Enterprise, the operating
system, or the browser do not use the same language. For the complete list of
supported languages, see “Languages” on page 447.
As long as the required font and language files are installed on the servers in the
system, you can create reports in any supported language and publish them to any
version of Crystal Enterprise. Keep in mind that most of the application will be
displayed in the same language as the operating system, the browser, or the
Crystal Enterprise components.
If only a few people create reports in languages other than those used across most
of your organization, it is more cost-effective if they publish their reports to the
same system. For example, if you hired three new employees in China and Spain,
you could ask those employees to publish their Chinese and Spanish content to an
existing English or Japanese system.
452
Crystal Enterprise Administrator’s Guide
E: International Deployments
Providing a client tier for multiple languages
By default, Crystal Enterprise installs and configures a client tier in the same
language as its server components. For example, the English version of Crystal
Enterprise installs the English version of the Crystal Enterprise web desktop. To
support multiple languages in the Crystal Enterprise web client tier, you must
maintain multiple sites for each language.
If you are using the English version of Crystal Enterprise, and you need to provide
a web desktop in English and another localized language, you can install the
localized version of the client components under a different directory from the
directory that contains the English components.
For example, if you need a Japanese client tier for use in a Japanese browser, install
the Crystal Enterprise web desktop from the Japanese version of Crystal Enterprise.
Make sure the Japanese version is stored in a different subdirectory than the
English version. Provide your Japanese users with the alternate directory URL.
To set up a client tier in Italian, Chinese, Korean, or Spanish that will work with an
English server, you can create your own client components that appear in the
required language.
Crystal Enterprise uses Crystal Server Pages (.csp files) or Java Server Pages (.jsp
files) to display client components such as the Crystal Enterprise web desktop.
Each .csp or .jsp file includes strings that are set as constants at the beginning of the
file. To create a client tier for a non-localized language, copy the .csp or .jsp files
into different subdirectories, with one language for each subdirectory, and edit the
string constants to display the language you want.
Designing reports for an international audience
After deploying and configuring Crystal Enterprise to meet the needs of your
international users, you can establish Crystal report design guidelines that will
help your users create reports that work globally. By following guidelines for
report design, you can make it much easier to deliver content to multilingual users.
When creating a report that must present data in multiple languages, you should
consider the fonts being used, the amount of the report that needs to be translated.
You can use conditional formatting to create a report that accounts for the formatting
requirements of multiple languages, or you can even provide translation directly in
the report.
Conditional formatting for multiple languages
Many report design techniques that account for differences between languages
require a language parameter field that prompts the user to choose a language for
the report. This language parameter field can be used for conditionally formatting
report objects to account for conventions used for different countries or languages.
Crystal Enterprise Administrator’s Guide
453
Designing reports for an international audience
For example, you may need to change fonts in order to display characters for a
different language. Or you may need to change display settings to accommodate
larger words or longer sentences.
If the report contains only a few objects that need translation, you may want to
provide language-specific formatting for individual report objects. For each
characteristic of a text object that you want to change, you must provide a
conditional formula that provides the translation for each supported language.
Alternatively, you can create sections with different formatting and conditionally
suppress them based on the language parameter field. For example, if you need a
report to appear in French and German, you can create a second Details section for
German that contains the same fields displayed in wider object frames to
accommodate longer values. Using conditional formulas, you can suppress the
French or German section based on the language parameter field.
To create a language parameter field
1 In Crystal Reports, on the View menu, click Field Explorer.
2 In the Field Explorer, right-click Parameter Fields and click New.
3 In the Create Parameter Field dialog box, type the parameter name
(reportlanguage, for example) and the prompting text (Choose the language
for the report).
4 Ensure that the Value type is set to String.
5 Click Set default values.
6 In the Set Default Values dialog box, type each language you want and move it
to the Default Values area using the arrow buttons.
7 Click OK.
8 Click OK in the Create Parameter Field dialog box.
Formatting text in multilingual reports
Different languages require different fonts and formatting conventions. You can
conditionally change the text font and formatting using a language parameter field.
Using multiple fonts
Fonts can cause a number of issues when a report is provided in several languages.
Not all fonts support all languages, and some languages require special formatting
conventions for text.
When you have multiple languages in a report, you need to consider whether any
of the languages require special fonts. You can use the same font to display both
French and English in a report. If you need the report in French and Russian,
however, you will need a different font for the Russian characters.
454
Crystal Enterprise Administrator’s Guide
E: International Deployments
Note: Ensure that the required font files are installed on all machines in your
Crystal Enterprise system. For details, see “Resources” on page 448.
If the report contains languages that require different fonts, you need to use
conditional formatting to change the font based on the language chosen by the user.
You must apply conditional formatting to every field that requires font changes.
To specify the language, use a parameter field to prompt the user to choose a
language for the report. You can then insert the parameter field into a conditional
formula that changes the font if the parameter has a particular value.
To change the font using conditional formatting
1 Right-click the field, choose Format Field, and then click the Font tab.
2 Click the conditional formula button next to the Font list.
Note: For details on conditionally formatting fields and using the Format
Formula Editor, see the Crystal Reports Online Help.
3 In the Formula Editor, create a formula to change the font based on the
language parameter (?reportlanguage, for example)
If {?reportlanguage}=”Russian” then “Bukinist”
Else “Arial”
4 Click Save and close, then click OK.
Formatting text based on language
You can also use conditional formatting to account for other formatting differences
between languages. For example, German words are often much larger than
French words. You can conditionally format your text to be a smaller font to
account for larger words, or you can enable the Can Grow setting to ensure that
words will not be clipped.
To format text conditionally
1 Right-click the field, choose Format Field.
2 On the Common tab, create a conditional formula that selects the Can Grow
option if the user chooses a specific language.
{?reportlanguage}=”German”
3 On the Font tab, create a conditional formula for the Size list that displays a
smaller font if the user chooses a specific language
If {?reportlanguage}=”German” then 10
Else 12
4 Click OK.
Crystal Enterprise Administrator’s Guide
455
Designing reports for an international audience
Formatting based on cultural conventions
When you deliver content in multiple languages, you will encounter other
differences that will need to be accounted for. Different languages and countries
have different cultural conventions for currency, dates, time, and punctuation.
For example, in English, the integer portion of a number is separated from the
fractional portion by a period. Most European countries use a comma as the
separating character. The thousands separator is a comma for English, and a
period for German. In English, digits are grouped in threes, but other languages
use other grouping conventions. In Nepal, numbers are formatted with one group
of three numbers to the left of the decimal, and subsequent groups are two digits.
Each language has its own rules and conventions. The best way to ensure that you
meet the reporting needs of users of every language in your organization is
through testing.
The following is a list of other common issues to keep in mind when reporting in
several languages. Ensure that your reports account for these cultural differences.
You can account for many differences by using conditional formatting to change
formats and preferences based on the language parameter field. You can use formulas
such as the ones used in “Formatting text in multilingual reports” on page 454.
• Alphabetical order
Different languages have different alphabets. Check the accuracy of any
alphabetical sorting in your reports.
• Calendars
Different countries have different statutory holidays. For scheduling, you can
create custom calendars to account for different sets of holidays or working
days. For details, see “Managing calendars” on page 214.
• Currency conventions
Different languages and currencies may have different conventions for
formatting currency. For each language, make sure you check the placement of
the currency symbol and the conventions for formatting negative currency.
Note: The Euro symbol does not display properly in many fonts. If you use the
Euro symbol, make sure you test the fonts displayed in your report. If the font
does not display the Euro symbol properly, you may need to change fonts. If
your report displays many different currencies, you can use conditional
formatting to change the font whenever the currency symbol is the Euro.
• Date conventions
Date formats vary between countries. Make sure you adhere to the appropriate
date convention for each language available in your report. For example,
“Thursday, May 14, 2003” is displayed as “Donnerstag, 14. Mai 2003” in
Germany. Notice the different date punctuation and structure.
• Punctuation
Different languages use different punctuation marks. For example, German
and English use different styles of quotation marks.
456
Crystal Enterprise Administrator’s Guide
E: International Deployments
• Time zones
Avoid granting Schedule access to the default Guest account if you deploy the
Crystal Enterprise web desktop for users in different time zones. Instead, ensure
that each user who is allowed to schedule reports has a dedicated account on the
system, and that each user's preferences include the appropriate time-zone setting.
To view or modify the time-zone setting for any user account, use the Preferences
Manager, which is available as a Client Sample on the Crystal Enterprise User
Launchpad. Dedicated accounts are recommended because the default Guest
account does not allow users to modify account preferences that would affect
other users. For more information about using specific time-zone properties in
your custom web applications, see the Crystal Enterprise Web Developer's Guide.
Providing multiple languages in a single report
To provide multiple languages in the same report, you can create multiple text objects
or sections and conditionally suppress them using the language parameter field.
Note: For details on creating a language parameter field, see “Conditional
formatting for multiple languages” on page 453.
Using multiple text objects
If a report contains only a few text objects to be translated, you can provide
translations for individual text objects, and conditionally suppress them using the
language parameter field. For details on creating a language parameter field, see
“Conditional formatting for multiple languages” on page 453.
To maintain the text’s position in the report, you can place text objects for each
language on top of each other. This solution can become illegible; if a report
includes many text objects, consider using suppressed sections for each language.
Using multiple sections
Instead of formatting individual report objects conditionally, you can use the
language parameter field to conditionally suppress sections. You can create sections
for each language and suppress or show them based on the parameter value the
user selects. Creating separate sections for translated versions of report content is
faster and more flexible than creating individual reports for each language.
To suppress a section
1 Create a section for each language you want to appear in your report.
2 Right-click the left boundary of one of the sections and click Section Expert.
3 In the Section Expert, click the Formula button that corresponds to the
Suppress (No Drill-Down) setting.
The Format Formula Editor opens a new formula named Suppress (No DrillDown).
Crystal Enterprise Administrator’s Guide
457
Designing reports for an international audience
4 In the Formula text window, type this formula (which uses Crystal Syntax):
if {?reportlanguage} <> "yourlanguage" then True
where yourlanguage is the language used in the section. It must be a language
that is available as an option in your ?reportlanguage parameter field.
If the user did not choose yourlanguage as the report language, this formula
enables the setting and suppresses the section for that particular language.
5 Create similar formulas for all language-specific sections in the report.
6 Click Save and close.
7 Click OK in the Section Expert.
458
Crystal Enterprise Administrator’s Guide
Creating Accessible Reports
F
This appendix provides design recommendations to help
you create Crystal reports that are accessible to people with
disabilities.
Crystal Enterprise Administrator’s Guide
459
About accessibility
About accessibility
When you create Crystal reports for a large audience across the organization—and
around the world—you need to account for the diverse needs of that audience. Report
designers often create reports for specific languages, countries, job tasks, or work
groups, but it is also important to consider the accessibility requirements of users.
Report users may have physical, sensory, or cognitive limitations that affect their
ability to access the Web. They may not be able to see, move, or hear. They may
have low vision or limited movement. Some people have dyslexia, color-blindness,
or seizure disorders; others have difficulty reading or understanding text. They
may have a combination of disabilities, with varying levels of severity.
People with disabilities often use assistive technologies: products or techniques that
help people perform tasks they cannot perform otherwise. Assistive technologies
include adaptive software programs such as screen readers (which translate text
into audible output), screen magnifiers, and speech-recognition software. People
with disabilities may also use special browsers that allow only text or voice-based
navigation. They may use assistive devices such as refreshable Braille displays, or
alternative keyboards that use “sip-and-puff” switches or “eyegaze” technology.
To meet the reporting needs of people with disabilities, your reports should be
designed to work with as many assistive technologies as possible.
Despite the wide range of potential accessibility issues, you can use the techniques
described in this chapter to create reports that are useful for everyone.
Benefits of accessible reports
As more business and government leaders adopt new standards for delivering
web content to people with disabilities, accessible design is becoming critical to
information management and delivery.
Accessible design provides many benefits:
• Accessible reports are easier for everyone to use.
Many accessibility guidelines result in improved usability. An accessible report
must provide logical and consistent navigation. Its content must be clearly
written and easy to understand.
• Accessible reports are more compatible with a variety of technologies, new
and old.
Accessible content is easier to export to simple formats that are more
compatible with mobile phone browsers, personal digital assistants (PDAs),
and other devices with low-bandwidth connections.
Some people may not have a keyboard or a mouse. They may have a text-only
screen, a small screen, or a slow Internet connection. Accessible design makes
it easier for people with limited technology to access information.
• Accessible content is easier to reuse for other formats.
In the viewers, accessible reports are more accurately copied or exported to
other formats.
460
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
• Accessible reports improve server efficiency.
You may reduce the number of HTTP requests on the server, by providing clear
navigation so people can find what they need faster. Providing text-only
alternatives can reduce the number of graphics, which take up valuable bandwidth.
• Recent initiatives indicate a worldwide trend towards providing accessible
web content.
More companies are making accessibility a requirement for their web content,
especially in the United States, where the government introduced section 508 of
the Rehabilitation Act. Accessibility is quickly becoming an essential part of
web content delivery.
• You may be legally required to provide accessible content.
Each year, more countries introduce anti-discrimination laws that ensure equal
opportunities for people with disabilities. Even if you are not legally required
to meet accessibility guidelines, you may want to do business with an
organization that is required to adhere to them.
• Creating accessible reports is easier than modifying existing reports to make
them accessible.
If you build accessible features into your reports now, it will be significantly
less expensive than to redesign existing reports later.
About the accessibility guidelines
The most comprehensive accessibility guidelines are the Web Content Accessibility
Guidelines (WCAG), developed by the international World Wide Web Consortium
(W3C). The WCAG is widely considered the definitive set of recommendations for
delivering web content to people with disabilities. The WCAG has influenced the
development of similar web content standards around the world.
Organizations and governments worldwide are adopting the accessibility
recommendations of the W3C. In Australia, the Disability Discrimination Act
includes standards for web site accessibility. Similar guidelines have been
introduced in the United Kingdom and throughout Europe. In Canada, all
government web content is now developed according to the Common Look and
Feel (CLF) initiative, which is largely based on the W3C's Web Content
Accessibility Guidelines. Taking web accessibility a step further, the United States
government introduced legislation in the form of Section 508 of the Rehabilitation
Act, which ensures the right to accessible government web content.
Common to all guidelines is a focus on providing web content that is useful for all
people, regardless of disability or impairment. For reports, accessible design is
focused on the same key concepts:
• Content must be easy to understand and navigate.
• Text equivalents or alternatives should be provided for non-text objects.
• Objects should be logically organized to clarify relationships between objects.
Crystal Enterprise Administrator’s Guide
461
Improving report accessibility
• Reports must not rely on any one specific type of hardware, such as a mouse, a
keyboard, or a color screen.
For more information on specific accessibility guidelines, see “Resources” on
page 481.
Accessibility and Crystal products
Crystal products allow you to design accessible reports and deliver them to your
users via the Web. By observing accessibility guidelines, you can use Crystal Reports
to create reports that are accessible to users with disabilities. You can then publish
these reports to Crystal Enterprise, where people with disabilities can view them on
the Web using the Crystal Enterprise web desktop and the DHTML viewers.
The reports in this chapter were created in Crystal Reports and tested using screen
readers (including JAWS 4.5).
However, Crystal Reports does not currently provide complete accessibility for
report designers with disabilities.
Crystal Enterprise's management components, including the Crystal Management
Console (CMC) and the Crystal Configuration Manager (CCM), do not currently
provide access for people with disabilities. The ActiveX and Java viewers are also
not accessible.
In the Crystal Enterprise web desktop, the main user interface for working with
reports through Crystal Enterprise, the ability to log on and view reports is
accessible for most users. However, other areas, such as new account sign up and
scheduling, may not be accessible.
Note: Although you can use many of the same design guidelines to improve the
accessibility of Crystal Analysis Professional reports, Worksheets are difficult to
format for accessibility. Crystal Reports is the recommended option for delivering
reports to people with disabilities.
Improving report accessibility
To begin improving the accessibility of your Crystal reports, start with accessibility
guidelines that are quick and easy to implement. A small change in your design
conventions or company template may have a significant impact on accessibility.
Simple navigation and clearly-written content are critical for accessibility, but they
are easy to implement and useful for all report users.
Placing objects in reports
There are a few general guidelines to keep in mind when you place objects on a report.
462
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
Organizing objects logically
When you place objects on reports, make sure their placement is clear and logical,
especially when you need to imply a relationship between two objects in a report.
For example, if you include a text description of a chart, ensure that it is close
enough to the chart to make the connection clear.
Many assistive technologies read from left to right and from top to bottom;
therefore, if you include a text description and title for a chart, you should decide
which one you want the user to read first. This will ensure that the objects in a
report are read in the correct order.
Placing objects in order
When you publish a report to Crystal Enterprise, the HTML version organizes the
objects in the report according to the consecutive order that you added them in
Crystal Reports, not according to where they were positioned on the report. The
report appears the same on the screen, but the underlying HTML code lists the
reports objects in the order they were inserted. Instead of reading the report from
right to left and top to bottom, screen readers and other assistive devices may
follow the order specified in the HTML. To make a report accessible, you must add
objects to reports in the order that you want a screen reader to read them.
For example, you place Quarter, Year, and Invoice fields in the Details section and
then add the report title “Invoices by Quarter” to the Report Header. When you
publish the report to Crystal Enterprise, it looks the same as it did in Crystal
Reports, but the underlying HTML displays the database field headings first,
followed by the title. Instead of reading the report title first, a screen reader reads
the headings first: “Quarter, Year, Invoice, Invoices by Quarter.”
To avoid this, insert the “Invoices by Quarter” title first. Before you add the data table,
you could provide an introductory text object that describes the table. Finally, add the
fields to the Details section. The report will now make more sense in a screen reader,
which will read “Invoices by Quarter”. The following table lists our invoices for each
quarter. Quarter, Year, Invoice.” followed by the data. (For details on providing
accessible data tables, see “Improving data table accessibility” on page 473.)
Therefore, to create accessible reports, you must plan the order of your report
before you begin working in Crystal Reports. Plan it on paper. Make sure you
know which objects you want to add and where you want them. Include all
calculations, images, and charts on your plan. When you create a new report based
on your plan, you can start adding objects from the upper left corner and work
your way to the bottom right corner of the report. Once the objects are placed, you
can make changes to them afterwards without affecting their order.
Note: If you create a text-only alternative of your report, add it to your report as a
subreport and, most importantly, add the subreport before you add any other
object to your report. For further details, see “Text” on page 464.
Crystal Enterprise Administrator’s Guide
463
Improving report accessibility
After you add all objects to the report, you can test their placement order by
tabbing through the objects.
To test the placement order of objects in a report
1 Make sure no objects in the report are selected.
2 Press the Tab key.
Crystal Reports selects the object that was placed on the report first.
3 Tab through the remaining objects.
The order that Crystal Reports uses to tab through the objects is the same order
adopted by a screen reader that views the published version of the report.
Text
The most common accessibility issue encountered by report designers is also one
of the easiest to resolve: providing text-only versions of non-text objects. A non-text
object is an object that conveys meaning through a picture or sound. Non-text
objects include pictures, charts, graphical buttons, graphical representations of
text, sounds, animations, and audio or video clips.
People who use assistive technologies are accustomed to text-only substitutes and,
therefore, will respond well to the text-only alternatives you provide.
There are a number of ways you can use text to substantially improve your reports’
accessibility:
• Provide text equivalents for objects in reports.
• Provide text alternatives for reports.
• Ensure that text is written and formatted clearly.
Text is a useful tool for creating accessible reports. Most assistive technologies
require text input, including screen readers, speech synthesizers, and Braille
displays. You can easily resize and format text, and text is the most flexible
medium for import and export.
Providing text equivalents
When you create reports, there are many opportunities to use text equivalents to
clarify non-text objects.
• Place a descriptive text object next to a non-text object, and be sure to add them
to the report in consecutive order (for more details see “Placing objects in
order” on page 463).
Whenever possible, a text equivalent should communicate the same information
as its corresponding object in the report. If a report displays data in a pie chart,
for example, include a text box next to the chart that summarizes its contents.
Describe the purpose of the non-text object. For example, if an image performs
an action when you click it, describe the action. For a button that opens your
web site, provide a text box labeled “Click to view our web site.”
464
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
• If a report includes audio links, provide a transcript for significant audio clips.
• If a report links to a multimedia or video presentation, provide a transcript.
You may also want to provide captioning for the audio portion and an audio
description of the visual portion. Captioning should be synchronized with the
audio.
Providing text-only alternatives
If there are too many non-text objects on a report, or if you do not have the
resources to integrate accessible design into all of your reports, then you can
provide complete text-only alternatives. For reports that represent data using only
charts and graphics, for example, you can provide a link to a text-only alternative
that provides the same data in data tables and text objects.
Whenever possible, a text-only alternative should provide the same information as
the original report. The information conveyed through images in the main report
should also be described using text objects on the alternative report.
Note: If you cannot produce a complete text-only version of the report, you can
still improve accessibility by providing a descriptive summary of key information
or conclusions illustrated by the report.
It is good practice to provide the text-only alternative on a subreport, linked from
the top left corner of the main report, so the user has the opportunity to switch to
the text-only version as soon as possible. Add the subreport to the report before any
other object to ensure that a screen reader will read it first. If you want the subreport
link to appear only for people using screen readers or similar software, you can
create a subreport link that is the same color as the background color. The link will
appear as a small blank space, but a screen reader will read the text for the link.
To add a text-only alternative to a subreport
1 Create a text-only version of the report and save it.
2 Open a new report.
3 On the Insert menu, click Subreport.
4 In the Insert Subreport dialog box, select Choose an existing report and click
Browse to locate the report you created in step 1.
5 Click the subreport, then choose Format Subreport from the Format menu.
6 In the Format Editor, on the Subreport tab, select On-demand Subreport.
7 To hide the subreport link, on the Font tab, choose the color that matches the
background color of the report.
Note: Instead of hiding the subreport link, you can conditionally suppress the
section that contains the subreport. For details, see “Accessibility and
subreports” on page 472.
Crystal Enterprise Administrator’s Guide
465
Improving report accessibility
Using punctuation
To improve the logical flow of spoken text, you may need to add extra punctuation
to create pauses. Without extra punctuation, screen readers may read several text
objects as one continuous sentence, making the content difficult to understand. For
example, information in data tables may be read without stop. To prevent this, you
can break up information in data tables by inserting periods between fields.
Certain punctuation marks are read aloud, which may be distracting if used too
frequently. For example, when a screen reader reads a colon “:”, it may read it
aloud as “colon” instead of a pause. You can change the amount of spoken
punctuation in your screen reader's settings.
To troubleshoot your report's punctuation, it is good practice to read the report
using a screen reader. Do objects run together too quickly? Or are there too many
pauses? Are any punctuation marks read aloud? Does this improve or deter from
the usability of the report?
Formatting text
After you create text equivalents or alternatives for non-text objects, ensure that the
text is clearly written and easy to read. Observe the following design guidelines:
• Use a larger font.
Although people with visual impairments can use the Zoom feature to increase
the size of the report, they will not need to magnify the report as much if the
font size is larger. For example, chart labels or legends can appear in a small
font by default. For general legibility, it is good practice to use a font larger than
8 point. For accessibility, ensure that text is larger than 11 point.
• Use a “sans serif” font.
Simple fonts such as Arial and Helvetica can be easier to read than serif fonts
like Times or Palatino.
• Choose left or justified alignment.
Left-aligned or justified text is easier to read than centered or right-aligned text.
• Ensure that text follows the guidelines for color usage. For details, see “Color”
on page 467.
Note: You can allow users to choose different font settings using a parameter and
conditional formatting. For details, see “Accessibility and conditional formatting”
on page 471.
Finding the right balance between text and non-text objects
Text equivalents are very flexible and often the best solution for accessibility, but
they are not always necessary or preferred.
Not all non-text objects require text equivalents. You need to include text
alternatives only for non-text objects that provide information or navigation
elements that the user cannot do without. Images used for decorative purposes do
466
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
not need a text description. If a report has a watermark image that acts as a
background for the data, you do not need to provide a text equivalent. Adding text
descriptions for decorative objects can produce unnecessary clutter.
Text versions of visual or auditory objects in reports should be used as a
complement to the object—not as a replacement. You do not need to remove nontext objects. Visual objects in reports can be very helpful, especially for people with
learning disabilities such as attention deficit disorder, or for people who are deaf.
People with hearing impairments may be accustomed to visual communication
such as sign language, and may find images more useful than text.
No one presentation method can meet the needs of all users. Audio clips can be
very useful for people with visual impairments, but people with hearing
impairments will be unable to use them. To help both groups, provide a
combination of audio and text. Multimedia presentations may provide audio
information for people with visual impairments, as well as video information for
people who are deaf or hard of hearing. Multimedia presentations are particularly
effective for people with attention deficit disorder. However, people with certain
mental health disabilities may be distracted by visual or audio objects.
The best approach is to communicate the same information with both text and nontext objects. Add descriptive text to support the images, and add images that
support the text.
If text objects begin to overwhelm your report, you may want to provide a
complete text-only version in a separate report or a subreport. For details, see
“Providing text-only alternatives” on page 465.
To learn more strategies on how to choose presentation methods that meet the
needs of a variety of audiences, see “Designing for flexibility” on page 470.
Color
The colors you choose for objects in reports can have a significant impact on
accessibility for people with visual impairments, low vision, or color blindness.
Ensure that your reports can be understood when viewed without color.
Contrasting colors
Users with limited vision may be unable to distinguish between colors. To test the
color contrast in your report, print or view a black and white copy. You should be
able to distinguish between values or fields displayed in different colors (in a pie
chart, for example).
If you cannot distinguish between colors on the report, try different colors or use
gray shading. If this does not resolve the issue, you can change other characteristics.
For text, use the Format Editor to change the font, size, or style. You can add borders,
underlining, or background shading to differentiate text objects from each other.
Crystal Enterprise Administrator’s Guide
467
Improving report accessibility
For charts, use a combination of shading and patterns. You can automatically
convert a color chart to a black and white one using the Chart Expert, or you can
select values individually and choose your own patterns.
To convert a chart into black and white
1 Select the chart and choose Chart Expert from the Format menu.
2 In the Chart Expert, click the Options tab.
3 In the “Chart color” area, select Black and white, then click OK.
The chart colors convert to a variety of high-contrast pattern and color fills.
To change the fill for a chart value
1 Select the chart, then click the shaded area you want to change.
2 On the Chart menu, point to Chart Options, and then click Selected Item.
3 In the Formatting dialog box, on the Fill tab, choose a color and click Pattern.
4 In the Choose A Pattern dialog box, click a pattern, then click OK.
Note: You can also select a texture, gradient, or picture as a fill for the chart value.
See the Chart Help for more information.
Using color to convey information
Do not use color as the only identifying characteristic for critical information in a
report.
For example, a text object may instruct users to “click the green button” to open a
subreport. Users with limited vision cannot tell which button is green. The button
should be recognizable by another defining characteristic besides its color. For
example, you can change the button graphic to a shape that is not used elsewhere
on the report, and instruct users to “click the green arrow button”. This solution
provides color information for people who can distinguish colors, and extra
information for people who cannot.
Other common situations where color may be used to provide important
information include:
• Highlighting
To highlight particular values in a table, do not change only the color of the
value. If you highlight outstanding invoices in red, for example, they may look
the same as the paid invoices to someone with limited vision. In the Highlighting
Expert dialog box, change a font characteristic other than color, such as font style.
• Hyperlinks
Using color as the only method for identifying hyperlinks may also cause
problems for color-blind users. When you print your report in black and white,
check the hyperlinks to ensure that they are still visible.
468
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
• Identifying important areas of the report
Do not organize a report by using color as a background or as a separator
between different sections or areas. Instead of using color to identify sections,
establish clear and consistent navigation for the entire report.
Navigation
As with other aspects of accessible design, providing several alternative
navigation methods can help you meet the reporting needs of more people. The
W3C recommends including several different navigation methods. On the other
hand, simplicity is critical for intuitive navigation. Section 508 recommends simple
navigation that uses the least number of navigation links possible. Either approach
can be effective for your reports, as long as you maintain clarity and consistency.
You may want to use report parts to navigate a report (or to connect several
reports). If you provide a series of links in a page header, keep in mind that screenreading software will reread the navigation information every time the user
refreshes the page or views a new page. In this case, simple navigation is preferable.
For a large report, you could provide a list of navigation links as a table of contents
in the report header. More extensive navigation can be useful when you have a
large volume of data. To allow users to skip the list, you could start with a “Skip
the table of contents” link that jumps ahead to the first page header.
In general, report navigation should follow these guidelines:
• Identify the target of each link.
• Provide information at the start of the report that describes the layout and
navigation.
• Use navigation consistently.
• Provide the opportunity to skip repetitive navigation links.
Parameter fields
When you include parameter fields in a report, make sure they are clear and
simple. Although parameter fields can be a useful tool for providing accessible
content, they can also introduce several accessibility concerns. It is important to
test all parameter fields for accessibility.
Parameter fields should follow these guidelines:
• Provide a list of default values for the user to choose from.
Avoid requiring the user to type a value for a parameter. When users provide
their own values, they need to make sure the format of the value will be
recognized by the parameter field. A list of default values is easier to use, and
it ensures that the user chooses from values with valid formats.
• Try to avoid complex parameter fields.
A complex parameter field may be more accessible when it is broken down into
multiple parameters. When you test the accessibility of your parameter fields,
Crystal Enterprise Administrator’s Guide
469
Designing for flexibility
pay particular attention to parameters that require a range. It may be easier to
understand if you provide two parameter fields that prompt for discrete values
for the top and bottom of the range, rather than ask the user to choose both
values in the same parameter field.
• For date fields, do not allow users to choose their own values.
The calendar used to select date values is not currently accessible. Provide a
pick-list of default date values. Using a list of default values also helps avoid
invalid date formats.
Designing for flexibility
Flexibility is the key to providing accessible reports. Because different users
require different levels of accessibility, it is good practice to provide a variety of
presentation styles and methods to meet the needs of as many people as possible.
For a detailed report, however, you may not be able to provide multiple
presentation styles without cluttering the report with extra objects.
To address this problem, plan the degree to which you want to integrate accessible
formats into your reports. You can provide accessible formatting for each object,
for each section, or as a subreport. You can then allow users to choose their own
accessibility options using a parameter field that prompts them to choose whether
or not to display accessible formats.
Using this parameter field, you can conditionally format objects, or conditionally
suppress sections that address different access needs. Or you can provide different
display options by using subreports.
To create an accessibility parameter field
1 In Crystal Reports, on the View menu, click Field Explorer.
2 In the Field Explorer, right-click Parameter Fields and click New.
3 In the Create Parameter Field dialog box, type the parameter name (Access, for
example) and the prompting text (Do you want to enable accessible
formatting for this report?).
4 Ensure that the Value type is set to String.
5 Click Set default values.
6 In the Set Default Values dialog box, create Yes and No values and move them
to the Default Values area using the arrow buttons.
7 Click OK.
8 Click OK in the Create Parameter Field dialog box.
470
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
Accessibility and conditional formatting
Using the accessibility parameter field in simple formulas, you can provide
multiple formats for any object in a report. If a user chooses “Yes” when prompted
by the parameter, the conditional formulas will ensure that the objects are modified
with accessible formatting conventions. If a user chooses “No”, then the report
appears without accessible formatting, perhaps in the standard company template.
For accessible text formatting, you can follow the guidelines suggested by this
chapter and by the W3C, or you can survey your report users to determine the
formats that work best for them. After you determine the formatting options you
want to use, you can create conditional formulas that define the options. For
example, you can display all database fields in a large Arial font, in white text on
a black background, with the Can Grow option enabled.
The following procedure creates a conditional formatting formula based on the
?Access parameter field. The formula increases the font size if the ?Access
parameter field is set to “Yes”. You can use similar formulas to change colors, add
borders, or enable the Can Grow setting. For complete instructions on
conditionally formatting fields and using the Format Formula Editor, see the
Crystal Reports Online Help.
Note: If text objects are too small to accommodate the enlarged font, you can use a
similar conditional formatting formula to enable the Can Grow setting, which
appears on the Common tab of the Format Editor.
To apply accessible settings to font size conditionally
1 Open the report in the Design tab of Crystal Reports.
2 In the Details section, right-click the field you want to conditionally format,
and select Format Field.
3 In the Format Editor, click the Font tab.
4 Click the Formula button that corresponds to the Size list.
The Format Formula Editor opens a new formula named Font Size.
5 In the Formula text window, type this formula (which uses Crystal Syntax):
if {?Access} = "Yes"
then 20
else 10
This formula ensures that the font size for the currently selected field is increased
from 10 point to 20 point when the user chooses to display accessible formatting.
6 Click Save and close.
Crystal Enterprise Administrator’s Guide
471
Designing for flexibility
Accessibility and suppressing sections
Instead of formatting individual objects conditionally, you can create separate
sections for accessible versions of the report content, then use the accessibility
parameter field to conditionally suppress sections. The accessible and non-accessible
sections can be suppressed or shown, based on the parameter value the user selects.
Creating separate sections for accessible versions of report content may be more
time-consuming, but there are a few situations where suppressing sections
conditionally can be more practical than formatting on the object level:
• If a report contains many objects, suppressing sections may require fewer
conditional formulas.
• Not all settings and features can be formatted conditionally. By suppressing
sections, however, you can make any formatting changes you want.
• You may want to provide completely different types of information for people
viewing the accessible version of the report. For example, you may want to
split visual and audio objects into two different sections and conditionally
suppress them based on the parameter value the user chooses.
To suppress an accessible section
1 Right-click the left boundary of the section you want to suppress
conditionally, and click Section Expert.
2 In the Section Expert, click the Formula button that corresponds to the
Suppress (No Drill-Down) setting.
The Format Formula Editor opens a new formula named Suppress (No DrillDown).
3 In the Formula text window, type this formula (which uses Crystal Syntax):
if {?Access} = "No" then True
This formula selects the Suppress option if the user chooses not to view
accessible report content.
4 Click Save and close.
5 Click OK in the Section Expert.
Accessibility and subreports
Accessible report design may become too cumbersome using conditionally
formatted objects and suppressed sections. Two situations in particular may be
problematic:
• To make the report accessible, you may need to change the overall organization
of the report sections, or you may need to provide different objects.
• If the report contains a large number of objects or sections, it may take too
much time to create conditional formulas for all of them.
472
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
For example, if a report contains many non-text objects displayed in a complex
series of groups and sections, you may want to provide a text-only version that uses
different objects and a simplified group structure to meet accessibility guidelines.
The easiest way to address this problem is to create a subreport that displays the
accessible version of the report and place the subreport at the beginning of the main
report. For details on creating a text-only accessible subreport, see “Providing textonly alternatives” on page 465.
If you want only screen readers to be able to see the subreport, you can hide it by
changing the subreport link to the same color as the background. Alternatively,
you can use the ?Access parameter field to allow users to choose whether or not
the subreport appears in the report. Place the subreport in its own section and
conditionally suppress the section based on the ?Access parameter field. For
details, see “Accessibility and suppressing sections” on page 472.
Improving data table accessibility
Large tables of data can be difficult to interpret if a person is using a non-visual
means of accessing the web, such as a screen reader. People using screen
magnifiers or the Zoom feature may also find data tables hard to navigate because
they cannot see the table headings at all times. It can easily become difficult to
associate the value that a screen reader is reading with the corresponding column
and row headings. Users need to be able to understand the data value's position in
the table and its relationship to other values.
To improve data table navigation, you can use text objects to provide contextual
information with each value. Using conditional formatting or suppression, you can
create a report that displays these objects only if the user chooses to view them.
Other design guidelines can help make large tables of data easier to understand,
such as providing summary paragraphs and expanded column headings.
Note: This chapter uses terminology consistent with the W3C accessibility
guidelines. In these guidelines, the term data table refers to values arranged in
columns and rows. In Crystal Reports, data tables take the form of group or page
headings combined with database fields in the Details section. Do not confuse
data tables with database tables, which are data sources used by Crystal Reports.
Text objects and data table values
You can make a large table easier to understand and navigate by adding text
objects that provide information about each value in the table.
Include whatever information is necessary to establish the meaning and context of
the value displayed. When appropriate, include information that describes column
headings or neighboring fields. For example, if a report displays employee names
and salaries, you can add a text object before the Salary database field that reads
“{Last Name}'s salary is “. The user can determine the context and meaning of the
value by reading the accompanying text object.
Crystal Enterprise Administrator’s Guide
473
Improving data table accessibility
Ensure that your text objects use punctuation that will make the content easier to
understand when read aloud by a screen reader. Without accessibility-orientated
punctuation, data tables may be read as one long sentence, making navigation and
interpretation very difficult. For example, you can add periods after values so a
screen reader will pause between columns and rows. For details, see “Using
punctuation” on page 466.
As with all objects in reports, the order in which you place text objects on the report
can affect accessibility. Screen readers read the objects in the order they were
originally added. (For details, see “Placing objects in order” on page 463.) The
correct placement order is critical when you add a text object that identifies the
contents of a particular column in a data table. If you add the text objects at the end
of the design process, they may be read after the columns that they refer to. When
you add text objects that describe values in a report, ensure that you place them on
the report in the order that you want them to be read.
Before you can create an accessible data table, you must plan your report in
advance, determining which objects and database fields you want to include.
Because objects must be placed in the order you want them to be read, planning
your content for accessibility is essential. As part of this planning, it is good
practice to choose how you will use text objects to identify data table values. You
can simply add text objects before each database field. Or you can conditionally
suppress text objects or use formulas to combine text objects and values.
Labelling data tables with text objects
Before each field, add a text object that describes the field's position in the table. In
the following example, the text box provides information about the Employee ID
number. When the report is read with a screen reader, each number is preceded by
the brief explanation in the text box.
474
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
Providing extra information for each value can make a data table appear cluttered
for people without vision impairments, so you may want to hide the extra text
objects by changing the font color to the same color as the background. The extra
text is invisible, but is still detected and read by screen readers.
Labelling data tables conditionally
Although adding text objects is relatively easy to implement, it does not address
all accessibility concerns. Invisible text is read by screen readers, but does not help
people with limited vision. You can allow the user to choose whether or not to
display text descriptions in the data table by conditionally formatting or
suppressing text objects.
Make sure your report includes an accessibility parameter field. For instructions
on how to create the ?Access accessibility parameter field, see “Designing for
flexibility” on page 470.
You can use the parameter field to suppress the text objects conditionally. While it
has the same effect as changing the font color to the background color,
conditionally-suppressed text also allows you to use the parameter field to specify
other formatting options such as font size and style.
To display the text objects only when the user chooses Yes for the ?Access
parameter field, the following report uses a simple conditional formula to enable
the Suppress option on the Common tab of the Format Editor.
{?Access}="No"
The formula must be added for each text object you want to suppress.
Crystal Enterprise Administrator’s Guide
475
Improving data table accessibility
When the user chooses Yes for the ?Access parameter field, the text objects are not
suppressed; the data table displays text descriptions.
Note: The report shown also uses the ?Access parameter field to enable the Can
Grow option (also on the Common tab of the Format Editor) and increase the font
size for people with visual impairments.
When the user chooses No for the ?Access parameter field, the conditional formula
suppresses the text objects, leaving spaces in the report in place of the text objects.
Labelling data tables with formulas
Another method for adding explanatory text to a data table is to create formulas
that combine text, database fields, and conditional formatting. By adding the text
and the database fields together in a conditional formula based on the ?Access
parameter, you can provide optional text for values in a table without leaving
blank spaces in the report. Using formulas also reduces the number of objects on
the report, making it easier to maintain the proper placement order.
Note: Do not use this method if the report has summary fields or calculated fields.
Although formulas provide the best display of data, they can interfere with
calculations because the data is converted to text.
The following report uses formulas placed in the Details section that combine the
database fields and the extra text. When the user chooses Yes for the ?Access parameter
field, each formula builds a string that includes the description and the value.
476
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
This report uses the following formulas:
@Employee ID
If {?Access}="Yes" then "Employee ID "
+ ToText({Employee.Employee ID},0) + ". "
else ToText({Employee.Employee ID},0)
@Last Name
If {?Access}="Yes" then "Employee last name is "
+ {Employee.Last Name} + "."
else {Employee.Last Name}
@Salary
If {?Access}="Yes" then {Employee.Last Name} + "'s Salary is " +
ToText({Employee.Salary}) + "."
else ToText({Employee.Salary})
Notice the added punctuation. The periods at the end of each formula improve
screen reader legibility by creating a pause between fields.
Note:
• The report also uses the ?Access parameter field to enable the Can Grow
option and increase the font size.
• In @Employee ID, ?Access parameter field has been set to “0” to enable the
Can Grow option and increase the font size.
When the user chooses No for the ?Access parameter field, the formula returns only
the data. The report does not display blank spaces in place of the conditional text
objects. Both versions of the report are easy to read.
Crystal Enterprise Administrator’s Guide
477
Accessibility and Crystal Enterprise
Other data table design considerations
In addition to labelling data values with text objects, other report design techniques
can help you create data tables that are easier to understand and navigate.
• Include an introductory paragraph that summarizes the content of the table.
The summary should be brief: one or two sentences if possible.
• Ensure that headings provide enough information to clearly identify the
values that they label.
• To test a table's accessibility, read its headings and values in a linear fashion
from left to right and from top to bottom. For example, if a report displays last
and first name fields for each customer, it may read better if it displays first
name followed by last name. Whenever possible, test the report using assistive
technologies such as screen reading software.
The final accessible report includes a summary of the data table.
To display the table summary conditionally, the report designer divided the Page
Header into two sections. The first page header is suppressed when the ?Access
parameter field is set to No. The second page header is suppressed if the user
chooses Yes. For details, see “Accessibility and suppressing sections” on page 472.
Accessibility and Crystal Enterprise
Designing accessible reports is only part of the solution. You need to make sure
that you deliver reports through an accessible interface that follows the same
design guidelines.
Although the administrative components and scheduling functionality of Crystal
Enterprise are not currently accessible to everyone, the Crystal Enterprise web
desktop and the DHTML viewer allow for accessible access to reports over the Web.
Several enhancements have been made to Crystal Enterprise to account for
accessibility issues. Text descriptions are now provided in ALT tags for the toolbar
buttons and other images. Descriptions for text boxes are clearer, and shortcut links are
provided in the DHTML viewer so you can navigate past the toolbar and group tree.
478
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
Setting accessible preferences for Crystal Enterprise
For the best accessibility support in Crystal Enterprise, you need to set certain
display preferences.
For the Crystal Enterprise web desktop, display objects in the Action view. The
Action view is more accessible because it provides a text list of the available reports
and does not use shortcut menus for report commands. Depending on your users’
needs, you may also want to reduce the number of reports displayed on each page.
For viewing reports, choose the DHTML viewer as the default viewer in your
preferences.
If you administer accounts for other users, you can set their Crystal Enterprise
preferences as well. To change another user’s preferences, use the Preferences
Manager, which is located in the Client Samples area of the Crystal Enterprise User
Launchpad.
Note: You must have your own account on the system in order to set preferences.
To set accessible preferences for Crystal Enterprise
1 Log on to Crystal Enterprise.
2 On the title bar, click Preferences.
3 On the General Preferences page, in the “On my desktop, show me” area,
select Action view.
4 To reduce the number of reports displayed on each page, type a number in the
text box next to the Action view option.
5 Click the Crystal Report Preferences link.
6 In the “View my reports using the” area, select the DHTML viewer.
7 Click Apply.
Accessibility and customization
When you customize Crystal reports or the Crystal Enterprise web desktop, or if
you incorporate Crystal Enterprise into an existing web site, ensure that your
changes follow the accessibility guidelines set forth by the U.S. Access Board in
section 508, or the W3C's Web Accessibility Initiative.
If you customize Crystal reports or the Crystal Enterprise web desktop
extensively, you may encounter other accessibility issues. For online resources that
provide comprehensive accessibility guidelines, see “Resources” on page 481.
Crystal Enterprise Administrator’s Guide
479
Accessibility and customization
The following list provides some common accessibility issues that may cause
problems when you customize Crystal Reports or Crystal Enterprise content.
• Frames
Frames should be clearly labelled, for easier identification and navigation.
Provide text at the top of the frame that describes its purpose. For example, if a
frame provides a list of links to different countries, you can clarify its purpose
by adding text to the frame, such as a title (“Countries”) or short instructions
(“Click a country for details”).
• Style sheets
If you have a visual impairment, you can create a style sheet with specific
viewing preferences to accommodate the disability. For example, you could
create a style sheet that displays all web pages in a large font with white
characters on a black background. Users cannot apply personalized style sheets
to Crystal reports, but the viewers provide a Zoom button that enables people
with visual impairments to increase the magnification to suit their needs. You
can also allow users to choose from different formatting options using
conditional formatting. For details, see “Accessibility and conditional
formatting” on page 471.
• Scripts
If you modify Crystal content to include a script that displays content or an
interactive object, ensure that the script is identified by text that conveys the
purpose of the script. Make sure that pages with scripts are still usable when the
scripts are turned off or unsupported. For more information about scripts and
accessibility, see “Resources” on page 481.
• Image maps
Server-side image maps identify active regions using coordinates, which are
not meaningful to a screen reader. Client-side image maps provide better
accessibility because you can assign a link or URL to each active region within
the image map.
• Electronic forms
Electronic forms can present difficulties for screen readers, and must be set up
carefully. When you label a component in a form, ensure the label is clearly
located next to the form component. For example, for a Search box, ensure that
the “Search” title appears alongside the appropriate text box.
• Applets and plug-ins
If a report needs an applet, plug-in, or other application on the client machine
in order to interpret page content, the plug-in or applet must follow
accessibility guidelines.
If you attach multimedia or other additional resource files to your report, such
as PDF or Real Audio files, provide a link to install the required plug-ins or
software, and ensure that the required software also meets accessibility design
standards.
480
Crystal Enterprise Administrator’s Guide
F: Creating Accessible Reports
• Flickering
Flickering images can trigger seizures for people with seizure disorders. The
W3C recommends to avoid use of images that flicker or flash between four and
59 times per second.
• Search engine placement
Do not use hidden text to enhance your web site’s placement in search engines.
Hidden text reduces readability, because it is read by the screen readers. Also,
hidden text is actively discouraged by popular search engines such as Google,
and thus offers little benefit.
Resources
This chapter focuses on how you can create and distribute accessible reports with
Crystal software. The report design techniques in the chapter were tested using
JAWS 4.5. It is good practice to test all accessible reports using JAWS and other
assistive technologies whenever possible.
To make all of your Web communications accessible, consult the detailed
guidelines available through the W3C or from your government's web site.
• World Wide Web Consortium's Web Accessibility Initiative:
http://www.w3c.org/WAI/
• the United States Access Board's web site for Section 508:
http://www.access-board.gov/sec508/guide/
• the Government of Canada Internet Guide:
http://www.cio-dpi.gc.ca/ig-gi/
Crystal Enterprise Administrator’s Guide
481
Resources
482
Crystal Enterprise Administrator’s Guide
Glossary
Active Server Pages
Active Server Pages are web pages that run under Microsoft’s Internet Information
Server (IIS) version 3.0 and later. Active Server Pages combine HTML, VBScript or
JScript, and ActiveX controls to create dynamic web pages that can be viewed from
most web browsers.
ActiveX Control
A Custom Control for Visual Basic 4.0 and above that incorporates Object Linking
and Embedding (OLE) technology. Formerly known as an OLE Control (OCX).
ActiveX viewer
The ActiveX viewer is a client-side viewer, which is downloaded and installed in
the user’s browser. It is one of the default Crystal Reports Viewers found in the
Crystal Enterprise web desktop. The Active X viewer is downloaded the first time
a user requests a report, and then remains installed on the user’s machine.
AD authentication
AD authentication is a Windows-specific authentication method that enables you to
use existing AD user accounts and groups in Crystal Enterprise. When you map AD
accounts to Crystal Enterprise, users are able to log on to the Crystal Enterprise web
desktop and other Crystal Enterprise applications with their AD user name and
password. This eliminates the need to recreate individual user and group accounts
within Crystal Enterprise.
AD Single Sign On
AD Single Sign On enables users to use various Crystal Enterprise applications
without being prompted to log on. Users need only to enter their AD user name
and password information once at the beginning of the AD session. Note that the
Crystal Enterprise web desktop provides its own form of “anonymous Single Sign
On,” which uses Enterprise authentication, as opposed to Windows NT or
Windows AD authentication.
Crystal Enterprise Administrator’s Guide
483
Advanced DHTML viewer
The Advanced DHTML viewer is a zero-client viewer, which is accessed using a
web browser that supports Dynamic HTML. It is one of the default Crystal Reports
Viewers found in Crystal Enterprise. In addition, the Advanced DHTML viewer
provides an Advanced Search Wizard, which enables you to perform a search on
your report data using Boolean operators. The Advanced DHTML viewer
processes reports against the Report Application Server.
alerts
Alerts are custom messages, created in Crystal Reports, that appear when certain
conditions are met by data in a report. Alert notification highlights critical
information by delivering alerts (when triggered) directly to users' email.
Administrators can specify individuals or distribution lists; they can also configure
notification to provide a link back to the report, along with a set number of records
from the report.
alias
An alias is an alternate name that is assigned to a user to enable him or her to log
on to Crystal Enterprise. For example, a user may have both an Enterprise alias and
an LDAP alias that he or she can access the system with.
auditing
Auditing allows you to monitor and record key facts about your Crystal Enterprise
system. You can use auditing to track the actions of individual users of Crystal
Enterprise as they log in and out of the system, access data, or create file-based
events. You can also monitor system actions like the success or failure of scheduled
objects. The Crystal Management Server acts as the system auditor, collecting
information about audit actions from each of the Crystal Enterprise servers and
recording the information in a central auditing database. Once you have collected
this data, you can use a custom or pre-configured report to view the raw data, or
to answer more complex queries such as “how many concurrent licenses are we
using at a given time?”
Business Views
The Business View Manager is a flexible and reliable multi-tier system that enables
companies to build detailed and specific Business Views that help report designers
and end users access the information they require. Using the Business View
Manager, you can integrate data from disparate sources. You can also bring
together data from multiple data collection platforms and application boundaries
so that the differences in data resolution, coverage, and structure between
collection methods are eliminated.
484
Crystal Enterprise Administrator’s Guide
:
calendars
A calendar is a customized list of run dates for scheduled jobs. When users
schedule objects, they can use a calendar to run the job on a predefined set of dates.
Calendars are particularly useful when you want to run a recurring job on an
irregular schedule, or if you want to provide users with sets of regular scheduling
dates to choose from. Calendars also allow you to create more complex processing
schedules, combining unique scheduling dates with recurring ones.
Cache Server
The Cache Server is responsible for handling all viewing requests from the Web
Component Server (WCS). The Cache Server checks whether or not it can fulfill the
request with a cached report page. If it cannot, it passes the request along to the
Page Server. The Page Server runs the report and returns the results to the Cache
Server. The Cache Server then caches the information and returns the data to the
WCS. By storing report pages in a cache, Crystal Enterprise avoids accessing the
database each and every time a report is requested.
CCM
The Crystal Configuration Manager (CCM) is a server administration tool. It is
provided in two forms. In a Windows environment, the CCM allows you to
manage local and remote servers through its Graphical User Interface (GUI) or
from a command line. In a UNIX environment, the CCM shell script (ccm.sh)
allows you to manage servers from a command line.
CMC
The Crystal Management Console (CMC) web application is the most powerful
administrative tool provided for managing a Crystal Enterprise system. It offers
you a single interface through which you can perform almost every task related to
user management, content management, and server management.
Crystal Analysis
Crystal Analysis is a design tool for creating OLAP applications that allow you to
view and analyze data from different data sources. They can be distributed as
desktop applications, or published on the Web using Crystal Enterprise.
Crystal Configuration Manager
See CCM.
Crystal Enterprise Administrator’s Guide
485
Crystal Import Wizard
The Crystal Import Wizard is a locally installed Windows application that allows
you to migrate existing user accounts, groups, folders, and reports to your new
Crystal Enterprise system. The Crystal Import Wizard runs on Windows, but you
can use it to import information to a new Crystal Enterprise system that is running
on Windows or on UNIX.
Crystal Management Console
See CMC.
Crystal Management Server
The Crystal Management Server (CMS) is responsible for maintaining a database
of information about your Crystal Enterprise system; the other components can
therefore access that data as required. The data stored by the CMS includes
information about users and groups, security levels, Crystal Enterprise content,
and servers. The CMS maintains security and manages objects and servers.
Crystal Publishing Wizard
The Crystal Publishing Wizard is a locally installed, 32-bit Windows application.
The wizard enables administrators and end users to publish Crystal report (.rpt)
files to Crystal Enterprise.
Crystal Server Pages (CSP)
Crystal Server Pages (CSP), which are similar to Active Server Pages (ASP), are
used to provide dynamic responses to users browsing Crystal Enterprise. The
Crystal Enterprise web desktop, for instance, is written in CSP. CSP files contain a
mixture of HTML code and scripting code such as VBScript or JavaScript (also
known as JScript or ECMA Script). CSP pages are text files with a .csp extension,
and they can be developed with a text editor or an application such as Microsoft
FrontPage or Microsoft Visual InterDev. For more information, see the developer
documentation available on your product CD.
Crystal Repository
The Crystal Repository is a database in which you store and manage shared report
elements such as text objects, bitmaps, custom functions, and custom SQL
commands. Crystal Enterprise supports Crystal reports that reference repository
objects. You can refresh a report's repository objects with the latest version from
your Crystal Repository when you publish reports to Crystal Enterprise.
Alternatively, you can refresh a report's repository objects on demand over the Web.
486
Crystal Enterprise Administrator’s Guide
:
custom event
A custom event is an event that is triggered manually by a user through the CMC,
or triggered directly through CSP code. A scheduled report that is dependent on a
custom event will run only when the event is triggered.
data sharing
Data sharing is an administrative option that permits different users accessing the
same report object to use the same data when viewing a report on demand or when
refreshing a report. Enabling data sharing reduces the number of database calls,
thereby reducing the time needed to provide report pages to subsequent users of
the same report while greatly improving overall system performance under load.
However, to get full value from data sharing, you must permit data to be reused
for some period of time. This means that some users may see “old” data when they
view a report on demand, or refresh a report instance that they are viewing.
data source
A data source is a database, table, query, or stored procedure result set that
provides the data for a report.
database
A database is a bank of related data. Each unit (record) of the database is typically
organized in a fixed format to make it easier to retrieve selected portions of the
data on demand. Each record is made up of one or more data fields, and each data
field can hold one piece of data (known as a value).
Demilitarized Zone (DMZ)
A Demilitarized Zone (DMZ) is a tool that many companies use to improve the
security of their internal networks while providing external users with access to
selected data or services. A DMZ is a network area that is neither part of the
internal network nor directly part of the Internet. Typically, the DMZ is set up
between two firewalls: an outer firewall and an inner firewall. Users from the
external network are allowed access only to data or services hosted on computers
inside the DMZ. Web servers are typically placed in a DMZ.
DHTML viewer
The DHTML viewer is a zero-client viewer, which is accessed using a web browser
that supports Dynamic HTML. It is one of the default Crystal Reports Viewers
found in the Crystal Enterprise web desktop.
Crystal Enterprise Administrator’s Guide
487
Dynamic Link Library (DLL)
A Dynamic Link Library (DLL) is a special kind of file that contains Windows
functions. DLLs are used by developers to extend the capabilities of Windows
applications. The library is activated whenever an application or another DLL calls
a function in the library. DLLs link on the fly, at runtime, whenever an included
function is called. DLL functions are available on an as-needed basis to any
program that can call DLLs; they do not need to be linked to the program via the
compiler. The Crystal Report Engine can be called as a DLL by developers for use
with applications they are developing.
Enterprise authentication
Enterprise authentication is the default authentication method used by Crystal
Enterprise. You can create distinct accounts and groups for use with Crystal
Enterprise. Crystal Enterprise also supports NT authentication and LDAP
authentication.
event
An event is a preset trigger for scheduling and processing objects. Event-based
scheduling provides you with additional control over scheduling reports: you can
set up events so that reports are processed only after a specified event occurs.
Working with events consists of two steps: creating an event and scheduling a
report with events. That is, once you create an event, you can select it as a
dependency when you schedule a report. The scheduled job is then processed only
when the event occurs. You can schedule a report with a file event, a custom event,
and/or a schedule event.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the CMS that
the file-based event has occurred. The CMS then starts any jobs that are dependent
upon your file-based event.
file event
A file-based event waits for a particular file (the trigger) to appear before the event
occurs. Before scheduling a report that waits for a file-based event to occur, you
must first create the file-based event in the Events management area of the CMC.
When you define a file-based event, you specify a filename that the Event Server
should monitor for a particular file. When the file appears, the Event Server
triggers the event.
488
Crystal Enterprise Administrator’s Guide
:
File Repository Server
There is typically one Input and one Output File Repository Server in every Crystal
Enterprise implementation. (In larger deployments, there may be multiple Input
and Output File Repository Servers, for redundancy.) The Input File Repository
Server manages all of the report objects that have been published to the system by
administrators or end users (using the Crystal Publishing Wizard, the Crystal
Management Console (CMC), the Crystal Import Wizard, or a Crystal designer
component such as Crystal Reports). The Output File Repository Server manages
all of the report instances generated by the LDAP authentication(s). The File
Repository Servers are responsible for listing files on the server, querying for the
size of a file, querying for the size of the entire file repository, adding files to the
repository, and removing files from the repository.
group
A group is a collection of users who share the same account privileges. For instance,
you can create groups that are based on department, role, or location. Groups
enable you to make changes in one place (a group) instead of modifying each user
account individually. Also, you can assign object rights to a group or groups.
hyperlinks
Crystal Reports lets you use hyperlinks to navigate from one report object to
another. You can move to a Report Part within the report itself, to other report
objects or their parts, or to specific instances of reports or Report Parts. To view
hyperlinked reports, you must publish both the home and destination reports to
the same Crystal Enterprise system. (A home report is one that contains a
hyperlink to another report: the destination report.) This navigation is available
only in the new script-based DHTML viewers (zero-client, server-side viewers)
included in Crystal Enterprise 10.
instance
An instance is a copy or “version” of an object that contains report data that is
retrieved from one or more databases. Each instance contains data that is current
at the time the report, query, or program is processed. In Crystal Enterprise, you
publish objects to the system, and then schedule those objects to generate instances
on a recurring basis.
Input File Repository Server
See File Repository Server.
Crystal Enterprise Administrator’s Guide
489
Java viewer
The Java viewer is a client-side viewer, which is downloaded and installed in the
user’s browser. It is one of the default Crystal Reports Viewers found in the Crystal
Enterprise web desktop. The Java viewer is downloaded and installed once every
user session.
LDAP authentication
Lightweight Directory Access Protocol (LDAP) authentication enables you to use
existing LDAP user accounts and groups (on an LDAP directory server) in Crystal
Enterprise. When you map LDAP accounts to Crystal Enterprise, users are able to
access the Crystal Enterprise web desktop and other Crystal Enterprise
applications with their LDAP user name and password. This eliminates the need
to recreate individual user and group accounts within Crystal Enterprise.
logon token
A logon token is an encoded string that defines its own usage attributes and
contains a user’s session information. The logon token’s usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users.
mapping accounts
Mapping an account enables a user with an NT or LDAP account to access Crystal
Enterprise. Typically, you map NT or LDAP user accounts to Crystal Enterprise
through the CMC. When you map an NT or LDAP account, you can choose to create
a new Crystal Enterprise account or link to an existing Crystal Enterprise account.
mobile desktop
The mobile desktop is an included sample which enables users of mobile devices
(such as a WAP-enabled phone, web-enabled PDA, and so on) to access reports, as
long as the web server is configured to support mobile devices.
.NET Server Controls
The .NET Server Controls allow you to rapidly incorporate content and
functionality from Crystal Enterprise into Microsoft Visual Studio.NET
applications. Crystal Enterprise 10 provides visual and non-visual controls that
contain the logic for common operations, such as authentication, folder listing, and
report viewing. You can manipulate these controls in the Visual Studio.NET
environment and insert them seamlessly into applications.
490
Crystal Enterprise Administrator’s Guide
:
notification
You can set scheduling options that automatically send notification when an object
instance succeeds or fails. For example, you may have a large number of reports
that run a new instance every day. You need to check each instance to make sure
it ran properly, and then send out emails to the users who need to know that the
new report is available. With thousands of reports, it would take too much time to
manually check the reports and contact the users who need the information. Using
notification settings in Crystal Enterprise, you can set each object to automatically
notify you when the report fails to run properly, and you can automatically inform
users when new report instances run successfully.
NT authentication
NT authentication is a Windows-specific authentication method that enables you to
use existing NT user accounts and groups in Crystal Enterprise. When you map NT
accounts to Crystal Enterprise, users are able to log on to the Crystal Enterprise web
desktop and other Crystal Enterprise applications with their NT user name and
password. This eliminates the need to recreate individual user and group accounts
within Crystal Enterprise.
NT Single Sign On
NT Single Sign On enables users to use various Crystal Enterprise applications
without being prompted to log on. Users need only to enter their NT user name
and password information once at the beginning of the NT session. Note that the
Crystal Enterprise web desktop provides its own form of “anonymous Single Sign
On,” which uses Enterprise authentication, as opposed to Windows NT or
Windows AD authentication.
object
From an administrative perspective, objects in Crystal Enterprise are the folders
you create on the system and the content you publish to the system. There are
several types of objects that can exist in Crystal Enterprise: reports, programs,
Microsoft Excel files, Microsoft Word files, Microsoft PowerPoint files, Adobe
Acrobat PDFs, rich text format files, text files, and hyperlinks, as well as object
packages, which consist of report and/or program objects.
object packages
Object packages simplify administration by allowing you to schedule, secure and
manage a set of related reports and programs as a single object. This ensures that
each instance of a package provides a consistent and synchronized snapshot of a
set of related data.
Crystal Enterprise Administrator’s Guide
491
ODBC
ODBC stands for Open Database Connectivity. It is an interface that gives applications
the ability to use SQL to retrieve data from data management systems. Such an
interface allows a developer to develop, compile, and ship applications without
targeting specific database management systems. Also called interoperability.
Output File Repository Server
See File Repository Server.
Page Server
The Page Server’s primary responsibility is to respond to on-demand page
requests from the Cache Server and to generate Encapsulated Page Format (EPF)
pages. The Page Server then returns the EPF pages to the Cache Server. The EPF
pages contain formatting information that defines the layout of the report. The
data for the report is saved with the report or retrieved on demand from the
database.
parameter field
A parameter field is a special kind of field that prompts the user for a value. You
can use parameter fields for report titles, record selection, sorting, and a variety of
other uses. Using parameter fields enables you to create a single report that you
can modify quickly to fit a variety of needs.
processing extension
A processing extension is a dynamically loaded library of code that applies
business logic to particular Crystal Enterprise view requests or schedule requests
before they are processed by the system.
Program Job Server
A Program Job Server processes scheduled program objects, as requested by the
CMS. To run a program, the Program Job Server first retrieves the files from storage
on the Input File Repository Server, and then runs the program. By definition,
program objects are custom applications. Therefore the outcome of running a
program will be dependent upon the particular program object that is run.
program objects
Program objects are executables, scripts, or Java programs that you can schedule
to run regularly or based on an event. Program object features allow you to
automate a wide range of administrative tasks, making Crystal Enterprise a selfmanaging environment. Additionally, you can use program objects to trigger
external processes, thus integrating Crystal Enterprise into a broader work flow.
492
Crystal Enterprise Administrator’s Guide
:
publishing
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. The
objects that you publish may be individual reports created with Crystal Reports,
analytical applications designed with Crystal Analysis, or other objects that you’ve
created using Crystal Enterprise plug-in components.
record
In a database, a record is a complete unit of related information, an electronic file
folder that holds all of the data on a given entity. Each record contains one or more
fields that contain the specific pieces of data of interest. In a customer database, for
example, a record would store all of the data on a single customer. In an inventory
database, a record would store all of the data on a single inventory item. Data from
an individual record is displayed or printed as a row of data on a columnar report.
report
A report is an organized presentation of data. As a management tool, a report is
used to provide management with the insight it needs to run an organization
effectively. In Crystal Enterprise, you publish objects to the system, and then
schedule those objects to generate instances on a recurring basis.
Report Application Server
The Report Application Server (RAS) is a Crystal Enterprise server component that
provides users with report design capability over the Web. It processes reports that
Crystal Enterprise users view with the Advanced DHTML viewer, and it provides
the ad hoc reporting capabilities that allow Crystal Enterprise users to create and
modify reports over the Web.
Report Job Server
The Report Job Server processes scheduled reports, as requested by the Crystal
Management Server, and generates report instances (instances are versions of a
report object that contain saved data). To generate a report instance, the Job Server
communicates with the database to retrieve the current data.
report object
A report object is an object that is created using a Crystal designer component
(such as Crystal Reports or Crystal Analysis). Report objects contain report
information (such as database fields). When you schedule a report, Crystal
Enterprise generates an instance or instances of the object. When you publish a
report object to Crystal Enterprise, only the structure of the report (the template
information) is saved; that is, the published report object contains no saved data.
Crystal Enterprise Administrator’s Guide
493
Report Parts
Report objects displayed by themselves in a viewer—without the rest of the report
page—are referred to as Report Parts. More precisely, however, Report Parts are
hyperlink definitions that point from a home report object to a destination object.
schedule event
Schedule-based events are dependent upon scheduled reports. That is, a schedulebased event is triggered when a particular report has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
report, or it can be based simply on the completion of the job. A report that is
dependent on a schedule-based event will run only when the schedule-based
event is triggered.
selection formula
A selection formula is a formula that specifies the records, or groups of records,
you want included in your report.
server-side processing
Server-side processing is a feature that allows you to set up reports that perform
the majority of their processing on the database server. These reports push only
relevant details to your computer, thus saving you time and memory.
Sign Up feature
The Sign Up feature in Crystal Enterprise enables users to sign up and create a new
account on Crystal Enterprise. You have the option to disable this feature to
prevent guest users from creating their own accounts.
Single Sign On
Single Sign On enables users to automatically log on to an application without
entering a user name or password. In Crystal Enterprise, there are two forms of
Single Sign On: NT Single Sign On, and Crystal Enterprise’s Single Sign On
feature. With Crystal Enterprise’s Single Sign On feature, users are logged on
automatically under the Guest account (Enterprise authentication).
Software Development Kit
The Crystal Enterprise Software Development Kit (SDK) enables you to develop
your own custom desktops or administrative tools. There are COM, .NET, and
Java SDKs for Crystal Enterprise. For more information, see the developer
documentation available on your product CD.
494
Crystal Enterprise Administrator’s Guide
:
subreport
A subreport is a report within a report. It has all of the characteristics of a report
with one exception: it cannot itself include a subreport. Subreports can be freestanding or they can be linked to the data in the primary report. Using Crystal
Reports, you can insert as many subreports as you wish.
Web Component Adapter
The Web Component Adapter (WCA) has two primary roles: it processes Crystal
Server Pages (.csp files), and it also supports Crystal applications that formerly
relied upon the WCS. These applications include the Crystal Management Console
(CMC) and Crystal report viewers (that are implemented through viewrpt.cwr
requests). The WCA is only used in UNIX installations of Crystal Enterprise, or in
Windows installations that use the Java SDK. In these systems there is no Web
Component Server and no Web Connector. Instead the WCA runs within a Java
web application server and provides all WCS services that are not directly
supported by the Java SDK.
Web Component Server
The Web Component Server (WCS) is the gateway between the Web Connector on
the web server and the rest of the components in Crystal Enterprise. The WCS is
responsible for processing requests from your browser, including Crystal Server
Pages (.csp files), which are used to customize your access to Crystal Enterprise.
As a result, this server also acts as an application server.
Web Connector
To communicate with the different types of web servers, the WCS uses a Web
Connector. Crystal Enterprise includes different Web Connectors for different
operating systems and web servers.
web desktop
The Crystal Enterprise web desktop is a web-based interface that end users access
to view, schedule, and keep track of published reports. Each Crystal Enterprise
request that a user makes in the web desktop is directed by the web server to the
Web Connector, which then forwards the request to the Web Component Server.
Crystal Enterprise Administrator’s Guide
495
496
Crystal Enterprise Administrator’s Guide
Index
A
Access Level column .............................................. 143
access levels ........................................................... 142
administration .................................................. 174
Advanced................................................. 145, 146
available in the CMC ....................................... 415
calendars ......................................................... 220
CMC ................................................................ 173
Crystal Enterprise web desktop......................... 173
enabling and disabling inheritance................... 150
events .............................................................. 267
folders.............................................................. 111
for RAS............................................................. 417
Full Control...................................................... 145
groups.............................................................. 175
inheritance....................................................... 149
No Access........................................................ 144
NTFS................................................................ 420
reference.......................................................... 413
restricting from the top-level folder .................. 171
Schedule .......................................................... 145
server groups.................................................... 176
servers.............................................................. 176
setting .............................................................. 144
specifying on folders ........................................ 111
tutorials............................................................ 154
types of ............................................................ 144
users ................................................................ 175
View ................................................................ 145
View On Demand............................................ 145
when copying/moving folders .......................... 108
accessibility ............................................................ 460
and Crystal Enterprise....................................... 478
and Crystal Reports .......................................... 460
benefits of ........................................................ 460
design considerations....................................... 462
guidelines ........................................................ 461
resources.......................................................... 481
account management ............................................... 64
Active Directory ....................................................... 95
active sessions, viewing .......................................... 273
active trust relationship............................................. 57
ActiveX viewer
modifying options ............................................ 280
activity, viewing current metrics ............................. 271
AD accounts
adding groups .................................................. 101
Crystal Enterprise Administrator’s Guide
aliases
reassigning .................................................. 100
using ............................................................. 99
viewing ....................................................... 101
configuring ........................................................ 95
mapping ............................................................ 95
Single Sign On ................................................. 102
troubleshooting................................................ 101
unmapping ........................................................ 98
users
creating....................................................... 101
disabling ..................................................... 101
AD authentication plug-in ........................................ 55
AD groups
mapping ............................................................ 95
unmapping ........................................................ 98
AD Single Sign On ................................................. 102
AD users
mapping ............................................................ 95
unmapping ........................................................ 98
adding
CMS cluster members ...................................... 284
servers ............................................................. 365
administration .......................................................... 18
configuration tools ........................................... 270
delegating ................................................ 167, 174
events .............................................................. 267
folders.............................................................. 111
over the Web ..................................................... 18
remote UNIX machines...................................... 23
remote Windows machines................................ 22
rights................................................................ 174
servers and server groups ................................. 176
tools................................................................... 18
users and groups .............................................. 175
Administrator, setting password................................ 24
Administrators group, default rights ........................ 417
Advanced access level ........................................... 145
advanced rights ...................................................... 146
and inheritance................................................ 149
priorities affecting ....................................... 154
denied by default ............................................. 154
enabling and disabling inheritance .................. 151
precedence ...................................................... 154
reference.......................................................... 414
setting .............................................................. 146
viewing............................................................ 146
497
Advanced Rights page.............................................146
reference ..........................................................414
affinity, and SSL ........................................................58
alerts, setting notification ........................................192
aliases
AD accounts.......................................................99
LDAP accounts...................................................92
NT accounts .......................................................80
application servers ....................................................32
application tier..........................................................31
applications ..............................................................29
CCM...................................................................30
CMC...................................................................30
Crystal Enterprise web desktop ...........................29
Crystal Import Wizard ........................................31
Crystal Publishing Wizard ..................................30
APS. See CMS
apsdbsetup.sh .........................................................438
architecture...............................................................28
application tier ...................................................31
client tier ............................................................29
data tier ..............................................................39
diagram ..............................................................28
intelligence tier...................................................34
processing tier ....................................................37
areas, management ...................................................19
assistive technology ................................................460
attributes, logon tokens .............................................57
audience, intended .....................................................2
audit actions
enabling auditing of..........................................335
reference list.....................................................331
synchronizing records ......................................337
auditee....................................................................330
AuditID ...................................................................343
auditing ..................................................................330
configuring database ........................................334
database schema ..............................................341
enabling ...........................................................335
information flow...............................................330
notification .......................................................250
optimizing performance ...................................338
reporting results................................................339
synchronizing records ......................................337
user and system actions ....................................331
web activity................................................61, 279
auditing database
AuditID reference .............................................343
configuring .......................................................334
database schema ..............................................341
auditor ....................................................................330
AuditString ..............................................................343
authentication .....................................................46, 66
Crystal Enterprise security plug-in.......................51
Enterprise ...........................................................66
LDAP..................................................................66
498
LDAP security plug-in ........................................ 53
object packages ............................................... 210
primary .............................................................. 47
process described............................................... 47
program objects ............................................... 206
secondary .......................................................... 48
security plug-ins ................................................. 50
troubleshooting log on ..................................... 397
Windows AD security plug-in ............................ 55
Windows NT...................................................... 66
Windows NT Challenge/Response ............... 53, 55
Windows NT security plug-in............................. 52
authentication providers ........................................... 50
authorization ............................................................ 46
effective rights .................................................. 152
process described............................................... 48
authorization. See also object rights
Automated Process Scheduler. See CMS
available rights ....................................................... 149
B
base rights .............................................................. 149
batch programs....................................................... 121
binary programs...................................................... 121
Btrieve .................................................................... 315
business calendars. See calendars
button conventions ..................................................... 8
C
cache files settings .................................................. 301
Cache Server ............................................................ 36
auditable actions .............................................. 332
AuditString reference........................................ 345
command-line options ..................................... 429
configuring....................................................... 301
NTFS ........................................................... 422
metrics ............................................................. 272
performance settings ........................................ 301
viewing with ...................................................... 41
calendars ................................................................ 214
access to .......................................................... 220
add run dates to ............................................... 215
creating ............................................................ 215
deleting ............................................................ 219
scheduling objects with.................................... 231
CCM......................................................................... 30
accessing ........................................................... 22
adding a server................................................. 365
changing
server startup type ....................................... 326
server user account ..................................... 326
Windows server dependencies .................... 325
copying server status ........................................ 278
deleting a server ............................................... 366
enabling and disabling servers ......................... 276
Crystal Enterprise Administrator’s Guide
for UNIX .................................................... 23, 436
for Windows ...................................................... 22
printing server status ........................................ 278
refreshing the list of servers .............................. 279
starting, stopping, and restarting servers ........... 274
working with ..................................................... 22
ccm.sh ................................................................... 436
Help option ....................................................... 23
running .............................................................. 23
characters, setting CMC preferences......................... 20
client side viewers.................................................... 39
client tier.................................................................. 29
clustering, requirements ......................................... 284
clusters........................................................... 284, 286
changing names............................................... 288
viewing details................................................. 273
CMC ........................................................................ 30
access to .......................................................... 173
communication error ....................................... 396
enabling and disabling servers ......................... 276
Glossary definition........................................... 485
logging off ......................................................... 22
logging on ......................................................... 19
logging options ................................................ 279
management areas ............................................. 19
navigating .......................................................... 19
publishing objects with .................................... 125
setting preferences ............................................. 20
setting Query size threshold............................... 21
starting, stopping, and restarting servers ........... 274
unable to connect ............................................ 397
working with ..................................................... 18
CMS ................................................................... 34, 50
adding to a cluster ........................................... 286
and authentication ....................................... 47, 48
and authorization .............................................. 48
and distributed security...................................... 58
and security ....................................................... 50
and security plug-ins.......................................... 50
as nameserver .................................................. 321
auditable actions ............................................. 332
AuditString reference ....................................... 343
base rights and available rights ........................ 149
calculating effective rights ............................... 152
changing cluster name ..................................... 288
clustering ......................................................... 284
command-line options ..................................... 428
configuring .............................................. 298, 321
NAT............................................................ 377
NTFS........................................................... 422
packet filtering ............................................ 385
SOCKS........................................................ 391
copying system database ................................. 289
default port ...................................................... 321
directory listing service .................................... 371
installing a new cluster member ...................... 286
Crystal Enterprise Administrator’s Guide
metrics .............................................................273
requirements for clustering ...............................284
unable to connect.............................................397
when enabling and disabling other servers .......276
CMS database ...........................................................34
changing password...........................................298
configuring .......................................................289
deleting ............................................................298
migrating ..........................................................289
recreating .........................................................298
selecting ...........................................................298
CMS session variables...............................................59
and authentication........................................47, 48
tracking ..............................................................60
color
and accessibility ...............................................467
contrast ............................................................467
COM SDK.................................................................31
command conventions................................................8
command line arguments, program objects.....124, 202
command lines .......................................................426
command-line options
all servers .........................................................426
Cache Server ....................................................429
CMS .................................................................428
Event Server......................................................434
Input and Output File Repository Servers..........433
Page Server.......................................................429
Program Job Server ...........................................431
Report Application Server.................................432
Report Job Server..............................................431
WCS.................................................................429
commands, UNIX reference ....................................435
communication between browser and WCS .............47
communication error ..............................................396
components ..............................................................28
Cache Server ......................................................36
CCM...................................................................30
client tier ............................................................29
CMC...................................................................30
CMS ...................................................................34
communication ..................................................40
configuring servers ...........................................270
Crystal Enterprise web desktop ...........................29
Crystal Import Wizard ........................................31
Crystal Publishing Wizard ..................................30
Event Server........................................................36
File Repository Servers........................................35
information flow.................................................40
intelligence tier...................................................34
Page Server.........................................................38
processing tier ....................................................37
Program Job Server .............................................37
Report Application Server...................................38
Report Job Server................................................37
security management..........................................49
499
servers ....................................................28, 34, 37
WCS...................................................................31
Web Component Adapter...................................33
conditional formatting
for accessibility.................................................471
for multiple languages ......................................454
configuration, common scenarios ...........................356
configuring
auditing database .............................................334
Cache Server ....................................................301
CMS clusters.............................................284, 288
CMS database...........................................289, 298
Event Server......................................................303
executable programs ........................................203
File Repository Servers......................................300
firewalls............................................................374
intelligence tier.................................................284
Job Server .........................................308, 309, 313
NTFS permissions .............................................420
object packages................................................210
Page Server...............................................304, 313
processing tier ..................................................304
server settings ...................................................270
servers ..............................................................270
WCS.........................................................279, 280
connecting to remote Windows machines ................22
content, folders .......................................................106
contrast, color .........................................................467
cookies
and session tracking ...........................................59
logon tokens.......................................................57
copying system data................................................289
copying/moving folders...........................................108
creating
custom audit reports .........................................341
folder administrators.........................................167
folders ..............................................................106
server groups ....................................................350
server subgroups...............................................352
subfolders.........................................................107
credentials, program ...............................................122
Crystal Analysis, saving objects to CMS ..................127
Crystal Configuration Manager. See CCM
Crystal Enterprise
disabling Guest account .....................................25
disabling Sign Up ...............................................24
international deployments ................................446
primary authentication process...........................47
Sign Up ..............................................................52
Single Sign On....................................................52
Crystal Enterprise Embedded ...................................408
Crystal Enterprise Embedded. See also RAS
Crystal Enterprise Java SDK .......................................33
Crystal Enterprise SDK ..................................46, 48, 56
Crystal Enterprise security plug-in .............................51
Crystal Enterprise Sizing Guide ...............................356
500
Crystal Enterprise web desktop ................................. 29
access to .......................................................... 173
authentication .............................................. 46, 66
authentication model ......................................... 46
considerations .................................................. 405
folders .............................................................. 113
in multiple languages ....................................... 453
Java version.......................................... 26, 32, 282
managing ........................................................... 26
scheduling ....................................................... 220
setting users preferences................................... 405
Single Sign On ................................................... 53
troubleshooting ................................................ 405
users and groups ................................................ 64
Crystal Import Wizard....................................... 31, 130
selecting information........................................ 137
specifying source and destination..................... 136
Crystal Launchpad, accessing ................................... 19
Crystal Management Console. See CMC
Crystal Management Server. See CMS
Crystal Publishing Wizard....................................... 117
adding
folders ......................................................... 118
objects ........................................................ 118
changing
default values .............................................. 122
object properties ......................................... 122
creating folder on CMS .................................... 119
database log on ................................................ 123
duplicating folder structure .............................. 118
moving reports between folders ....................... 120
repository refresh ............................................. 121
scheduling objects ........................................... 120
selecting
folder on CMS ............................................. 119
setting parameters ............................................ 124
Crystal Reports
and accessibility............................................... 460
saving objects to CMS ...................................... 127
troubleshooting reports .................................... 398
Crystal Repository................................................... 254
refreshing objects in reports ............................. 258
Crystal Repository Migration Wizard .............. 255, 257
cultural conventions ............................................... 456
custom events................................................. 262, 266
custom web applications, enhancing ...................... 361
customizing
inheritance model ............................................ 154
object rights ..................................................... 146
your configuration............................................ 356
D
daemons, signal handling ....................................... 427
data
allowing users to refresh................................... 117
cache files ........................................................ 301
Crystal Enterprise Administrator’s Guide
choosing live/saved ........................................... 43
formatting for accessibility ............................... 473
live .................................................................... 43
refreshing on a schedule .................................. 117
saved ................................................................. 44
data access, security and management ..................... 12
data sharing............................................................ 270
on Cache Server .............................................. 301
on Page Server ................................................. 304
on RAS ............................................................ 306
data sources
on UNIX .......................................................... 315
on Windows .................................................... 313
data tier.................................................................... 39
databases
changing settings ............................................. 194
configuring servers for ..................................... 313
copying CMS data ........................................... 289
initializing the CMS ......................................... 298
modifying RAS interactions .............................. 306
selecting for the CMS ....................................... 298
troubleshooting
driver errors ................................................ 402
logon .......................................................... 400
DB2 ....................................................................... 314
default settings
authentication.................................................... 51
Enterprise accounts ............................................ 51
groups ............................................................... 64
Administrators............................................... 65
Crystal NT Users ........................................... 66
Everyone....................................................... 65
New Sign-Up Accounts................................. 66
modifying security ............................................. 25
NT account........................................................ 52
object rights..................................................... 413
ports ................................................................ 321
security plug-in .................................................. 51
users .................................................................. 64
Administrator ................................................ 65
Guest ............................................................ 65
delegated administration. See administration
deleting
CMS database .................................................. 298
folders ............................................................. 108
report objects................................................... 180
servers ............................................................. 366
denied rights .......................................................... 154
dependencies of servers on Windows..................... 325
designer, saving objects to CMS ............................. 127
designing reports
and accessibility .............................................. 462
and cultural conventions ................................. 456
in multiple languages............................... 446, 453
destination environment, and importing ................. 136
Crystal Enterprise Administrator’s Guide
destinations.............................................................237
default settings..................................................237
disk, setting default...........................................309
email ................................................................241
FTP...................................................................239
Job Servers, setting default ................................309
printer ..............................................................245
troubleshooting ................................................405
unmanaged disk ...............................................238
DHTML viewer
modifying options.............................................280
directories, publishing.............................................117
directory servers
about LDAP........................................................54
security plug-in...................................................53
disabilities. See accessibility
disabling
Guest account ....................................................25
inheritance .......................................................150
servers ..............................................................276
Sign Up ..............................................................24
DLL. See dynamic-link libraries
documentation, additional ......................................395
drivers, troubleshooting errors.................................402
DSNs on UNIX .......................................................317
dynamic-link libraries
as processing extensions.....................................56
E
effective rights, calculating......................................152
email destination ....................................................241
setting defaults..................................................312
email notification....................................................250
enabling
auditing ............................................................335
inheritance .......................................................150
servers ..............................................................276
encoding logon tokens..............................................57
environment variables
ODBC ..............................................................317
specifying for program objects..........................204
env.sh .....................................................................443
ePortfolio. See Crystal Enterprise web desktop
errors
Page Server.......................................................404
troubleshooting ................................................394
Event Log ........................................................320, 325
Event Server ..............................................................36
auditable actions ..............................................333
AuditString reference ........................................346
command-line options......................................434
configuring .......................................................303
metrics .............................................................272
polling time ......................................................303
501
events .....................................................................262
access to...........................................................267
custom .............................................................266
file-based..........................................................263
importing from Crystal Enterprise......................133
notification .......................................................250
polling time ......................................................303
schedule-based.................................................264
scheduling........................................................234
Everyone group, default rights .................................417
executable programs ...............................................201
configuring .......................................................203
expanding the system..............................................356
Explicitly Denied column........................................146
Explicitly Granted column ......................................146
extensions, processing ..............................................56
F
fail over, Web Connector and WCS ..........................58
failure, notification..................................................249
Favorites folders ......................................................113
fax numbers, registration .............................................6
features, new ..............................................................9
file events .......................................................262, 263
File Repository Servers ..............................................35
command-line options......................................433
configuring NTFS permissions ..........................421
metrics .............................................................272
setting maximum idle times ..............................300
setting root directories ......................................300
firewall rules
NAT .........................................376, 377, 381, 382
packet filtering..................................384, 386, 387
firewalls ............................................................61, 368
configuring ...............................................374, 420
for Crystal Enterprise....................................373
NAT.............................................................375
packet filtering.............................................383
SOCKS.........................................................387
forcing servers to register by name....................324
scenarios ..........................................................373
with application tier.....................374, 377, 385
with thick client...........................374, 382, 387
with WCA....................................................392
with WCS ............................373, 375, 383, 388
with Web Connector ...........373, 375, 383, 389
server communications, and.............................371
types of.............................................................369
NAT.............................................................370
packet filtering.............................................369
SOCKS.........................................................370
folder administrators, creating .................................167
folders.....................................................................106
access to...........................................................111
adding a report .................................................109
502
changing top-level rights .................................. 159
copying/moving ............................................... 108
creating ............................................................ 106
default rights at top level .................................. 417
default user folders ........................................... 113
delegated administration .................................. 167
deleting ............................................................ 108
Favorites folder ................................................ 113
importing
from Crystal Enterprise ................................ 132
from Info ..................................................... 134
inheritance ....................................................... 150
moving............................................................. 108
object rights ..................................................... 142
access levels................................................ 144
advanced settings ........................................ 146
inheritance .................................................. 150
setting access levels..................................... 144
viewing ....................................................... 143
when copying/moving................................. 108
rights ................................................................ 111
setting instance limits ....................................... 112
specifying rights ............................................... 111
fonts, conditional.................................................... 454
format, choosing..................................................... 243
formatting, and accessibility ................................... 466
FTP destination ....................................................... 239
setting defaults ................................................. 310
Full Control access level ......................................... 145
reference .......................................................... 416
G
global deployments, Crystal Enterprise.................... 446
granted rights.......................................................... 154
group inheritance ................................................... 150
group rights ............................................................ 142
grouping servers ..................................................... 350
groups
access to .......................................................... 175
creating .............................................................. 71
for tutorials.................................................. 155
deleting .............................................................. 73
importing
from Crystal Enterprise ................................ 131
from Info ..................................................... 134
modifying........................................................... 72
object rights
access levels................................................ 144
advanced rights ........................................... 146
inheritance .................................................. 150
of servers.......................................................... 350
setting
instance limits on folders............................. 112
object rights ................................................ 182
viewing members ............................................... 73
Crystal Enterprise Administrator’s Guide
Guest account
default rights .................................................... 417
disabling ...................................................... 25, 74
disabling Sign Up .............................................. 24
H
help
documentation resources ................................. 395
online .................................................................. 6
product registration.............................................. 6
technical support ................................................. 7
highlighting exceptions and accessibility................ 468
Holos applications, from Info ................................. 135
HTTP.................................................................. 47, 59
hyperlinks between reports..................................... 199
I
idle times
Cache Server ................................................... 301
File Repository Servers ..................................... 300
Page Server ...................................................... 304
importing
Crystal Import Wizard...................................... 130
from Crystal Enterprise ..................................... 130
from Info.......................................................... 133
selecting information ....................................... 137
specifying source and destination .................... 136
index, setting CMC preferences ................................ 20
Info cubes .............................................................. 135
Info Views .............................................................. 135
Info, importing information .................................... 133
information flow, between servers............................ 40
Informix ................................................................. 314
inheritance ............................................................. 149
and advanced rights................................. 146, 151
base rights and available rights ........................ 149
enabling and disabling..................................... 150
priorities affecting ............................................ 154
tutorials ........................................................... 154
Inherited column.................................................... 146
initializing CMS database ....................................... 298
initlaunch.sh .......................................................... 444
Input File Repository Server...................................... 35
command-line options ..................................... 433
configuring NTFS permissions.......................... 421
metrics............................................................. 272
setting maximum idle time............................... 300
setting root directory ........................................ 300
instances
from Info.......................................................... 134
importing from Crystal Enterprise ..................... 132
managing......................................................... 236
notification ...................................................... 250
object packages ............................................... 208
program objects ............................................... 201
Crystal Enterprise Administrator’s Guide
report objects ...................................................184
setting limits at the folder level .........................112
intelligence tier .........................................................34
configuring .......................................................284
international deployments, planning .......................446
Internet Information Services (IIS)
and NT Single Sign On .................................53, 55
default web site ................................................396
J
Java platform.............................................................32
Java programs .........................................121, 201, 206
authentication ..................................................207
configuring .......................................................205
setting parameters.............................................205
Java SDK...................................................................32
Java viewer, modifying options ...............................280
Job Server
configuring ...............................................309, 313
NTFS permissions ........................................423
on UNIX ......................................................315
maximum number of jobs.................................308
metrics .............................................................273
report objects ...........................................187, 212
Job Servers ................................................................37
JScript .....................................................................121
K
key combinations........................................................8
keyboard shortcuts......................................................8
L
languages, multiple.................................................449
launchpad, accessing................................................19
LDAP ........................................................................54
about..................................................................54
and SSL ..............................................................54
authentication ....................................................66
managing accounts.............................................84
LDA