Deploying Monitoring Server securely
Updated: 2009-04-09
We recommend that you use Secure Sockets Layer (SSL) security to help to secure your PerformancePoint Monitoring Server deployment.
Monitoring Server uses the following security methods:
Internet Information Services (IIS) security
File and folder security
SSL security
Each of the security methods in the list can be configured to allow only the required level of access for both client computers and server computers.
Warning
Dashboard Designer uses a preview folder located here: C:\Program Files\Microsoft Office PerformancePoint Server\3.0\Monitoring\PPSMonitoring_1\Preview.
All users who need to publish to the preview site in Dashboard Designer require both write and create folder level permissions on the Preview folder.
When installing Dashboard Designer with SSL enabled, you will see the name of the computer that Dashboard Designer is being installed to in the installation address box. This might need to be changed if the SSL certificate address is that of a different computer. This should be configured by using the following syntax in the installation address text box: https://<name_on_certificate>:<port>/Central.
On the Web server computer the following access rights are required:
Administrators group: The person installing PerformancePoint Monitoring Server must be a member of the Administrators group on the Web server where Monitoring Server is being installed. The administrator user who installs Monitoring Server automatically becomes a Global Administrator of PerformancePoint Server.
Note
The PerformancePoint Server installer must be a member of the Administrators group or have the requisite permissions granted explicitly by an Administrator of the server computer. Without these permissions you cannot install PerformancePoint Server on a Windows server computer. PerformancePoint Server setup and configuration interacts with the registry, files within the system drive, the Program Files area, as well as with supported versions and editions of SQL Server. A regular user cannot make changes to any of these areas. The Administrator permission can be decreased or revoked from the PerformancePoint Server installer when the installation is complete.
Administrator rights for SQL Server: The person installing the Monitoring Server must have local or domain Administrator rights for the computer where SQL Server and the PerformancePoint monitoring database are installed..
Download this book
This topic is included in the following downloadable book for easier reading and printing:
See the full list of available books at Downloadable content for PerformancePoint Monitoring Server.