To make your Visual KPI websites, data and the Visual KPI Designer secure, you first need to enable security. Visual KPI supports any security model that uses IIS, such as VPN, RSA, other two-factor authentication methods, and more.
Using the Visual KPI Server Manager, you can save hours of time setting up authentication to websites. Visual KPI Server Manager integrates with IIS.
Use IIS and the Visual KPI Server Manager to enable security.
You’ll need to enable security for each Visual KPI website and each Visual KPI Designer. You can enable security for Interfaces, but it’s not usually necessary.
Every Visual KPI instance has two type of users:
- Read-only users of the Visual KPI website
- Read/write users of the Visual KPI Designer
We are concerned about security at three different levels:
- The interfaces-the parent directory of the interfaces (data sources)
- WebService (Designer)
- Visual KPI Server instance (website)
Enable Security for Interfaces
Generally, the public will not have access to the Interface. You can set permissions to Anonymous using Windows authentication.
Click Interfaces to set authentication.
Enable Security for Visual KPI Designer
There are two ways to manage security for the Visual KPI Designer:
- Leave access open (Anonymous) and only give the Visual KPI Designer software to those who need access.
- Lock security only enabling access to approved users.
Click WebService to set authentication.
Enable Security for Visual KPI Sites
You’ll likely want to lock down security on the website, allowing access only to authenticated users.
Click the top-level in the parent directory to set authentication.
- Decouple parent inheritance in IIS
Because you may need to enable security differently at all three levels, you must first decouple the parent directory of a Visual KPI website from the children, so that the child elements do not inherit from the parent element. Learn moreNote: After enabling security in the Visual KPI website, make sure the Interface and WebService are not propagated with the same security as the website unless you’ve chosen to set up security the same at all three levels.
- Enable security in IIS
For every Visual KPI website, use IIS Manager to turn OFF anonymous access on the Visual KPI website and WebServices (hosts Visual KPI Designer). Learn more
- Determine who gets access to websites
Once you set security in IIS, you must determine who gets access. You’ll need to set authentication for the entire website, for example. This doesn’t refer to rights assignment-who gets to see what-but rather who gets access at all. Create users and local groups with Visual KPI Server Manager, and then add them in IIS. Learn more
- Set up rights assignment
Once users get access to the website, what can they see? This is where you’ll set up rights assignment or object-level inheritance for users or user groups in the Visual KPI Designer. Learn more
Access Denial Messages
Any user without granted access to Visual KPI sites or virtual directories will see the following messages.
- Visual KPI sites: a simple 403 error page
- Visual KPI Designer: a modal dialog box telling the user they are forbidden to access the necessary Web services