SlideShare uma empresa Scribd logo

QlikView Mobile Security Technical Brief

Data IQ Argentina
Data IQ Argentina

La seguridad de QlikView en dispositivos móviles. Más información sobre QlikView on Mobile http://bit.ly/139kbLv Visite QlikView Argentina en http://www.dataiq.com.ar y conozca más sobre QlikView: Inteligencia de negocios simplemente revolucionaria. Visite QlikView Argentina en http://www.dataiq.com.ar y conozca más sobre QlikView: Inteligencia de negocios simplemente revolucionaria.

Tecnologia
1 de 4
Baixar para ler offline
QLIKVIEW MOBILE SECURITY QlikView Technical Brief qlikview.com Published: March, 2011
QlikView Mobile Security | Page 2 QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable. High adoption rates and reliance on mobile devices makes safe mobile data analysis a critical concern. However, mobile devices can easily be lost and that’s why QlikView mobile clients have robust security means to secure sensitive business data. QlikView’s mobile clients leverage the entire security infrastructure of a typical QlikView enterprise deployment. This Technical Brief takes a look at the security features of the QlikView iPad touch-enabled Ajax client and uses an example implementation to explain some of the technical details. This Technical Brief is a companion document to the QlikView Security Overview Technology White Paper, which deals in detail how a typical QlikView deployment addresses the question of security. This brief will discuss the QlikView iPad client’s security at these levels: • Device • Transmission • Authentication and Authorization It also includes an example implementation using Double Authentication Device Security One of the main security considerations for mobile BI solutions is not to store any business data on the device. QlikView mobile clients do not store data on the device. As such, there is no local copy to lose if the mobile device is stolen and the data only resides on QlikView servers within a secure enterprise environment, with access permitted only over the network for the correctly authenticated and authorized users. Transmission Security Transmission security refers to protection of data from unauthorized interception. The QlikView iPad client supports VPN connections where the communication between the client and the QlikView server, including the username and password, are encrypted. The QlikView iPad client also supports HTTPS/SSL communication protocols. In the implementation example described below, HTTPS and Secure Sockets Layer (SSL) is used with server certificates installed on the IIS web server. In this specific case, tunneling is also enabled to encrypt the communication between IIS web server and QlikView server.
QlikView Mobile Security | Page 3 Authentication and Authorization Authentication refers to the act of establishing or confirming the user as true or authentic. Authorization refers to the act of specifying access rights to control access of information to users. The QlikView iPad client leverages the existing authentication and authorization methods provided by QlikView Server (as described in the QlikView Security Overview Technology White Paper). There is nothing different from the iPad experience from a security perspective than a desktop browser. For Authentication, the QlikView Server requires that users be authenticated by some external process, and that credentials granted by that process be communicated to the QlikView Server. QlikView supports authentication via Active Directory, third-party single sign-on (SSO) solutions (such as CA Site Minder or IBM WebSeal), as well as via digital certificates. Once the user is authenticated, there are two authorization modes available: NTFS & DMS. NTFS mode relies on security features built in with Windows on the server side to secure access to QlikView documents through the iPad client. In NTFS mode, administrators control access to QlikView documents from the operating system itself rather than from QlikView. By contrast, DMS mode allows administrators to control access to QlikView documents centrally, within QlikView. (A detailed description of the differences between NTFS and DMS modes is contained within the QlikView Security Overview Technology White Paper). Example Implementation — Double Authentication The implementation example below demonstrates a real use case where security was applied to a QlikView deployment covering iPad devices. The security requirement is to achieve double authentication (i.e. using both user certificates and basic authentication against Microsoft Active Directory) with HTTPS/SSL connection. This is just one way to achieve a secure iPad implementation. There are other methods that could be used based on other security requirements. Figure 1 illustrates the Double Authentication example described below. First Authentication iPad supports digital certificates, giving business users secure access to corporate services. A digital certificate is composed of a public and private key pair, along with other information about the user and the certificate authority that issued the certificate. Digital certificates are a form of identification that enables authentication, data integrity, and encryption. In this implementation example, digital certificates are used to securely authenticate users to corporate services. A Microsoft IIS web server in the ‘De-Militarized Zone’ (DMZ) domain is setup to provide one-to-one certificate mapping. When a user connects to the IIS site, IIS will request a user certificate which is already created on the iPad. The user will be prompted for a certificate and its public key is then submitted to the IIS server. The IIS server will compare this public key with the available public keys of which the administrator has granted access. Based on the result, IIS will either allow or disallow the user access to the QlikView Server.
QlikView Mobile Security | Page 4 If the user is allowed, IIS will encrypt the contents using a user public key and sends it back to the user. Now that the user has both keys, they will decrypt the contents sent by IIS using their own private key and will be able to start communication with the IIS server. Second Authentication The next step in this example is the second authentication. QlikView can be configured to provide a second layer of authentication to make sure that the user requesting access to the QlikView Server can be authenticated against the corporate security system (such as Active Directory or another LDAP, for example). As is normal, the user gets challenged for their credentials to be authenticated against the security system. Authorization The final step in the process is to give the authenticated user access to the authorized documents. This process is handled by the QlikView Server and is described in detail in the QlikView Security Overview Technology White Paper. Figure 1: Double Authentication in a Mobile Environment QvSWEB SERVER 4. User is prompted for User Name and password 3. IIS server compares the public key with available public keys granted by admin, authenticates the user and grants access 1. User is prompted for certificate 5. User gets authenticated against AD 7. Authorized QV docs are available to the user 2. User selects the certificate and Public Key is submitted 6. Authenticated user name is passed to QvS Encrypted communication via tunneling Source: QlikTech FIRST AUTHENTICATION SECOND AUTHENTICATION © 2010 QlikTech International AB. All rights reserved. QlikTech, QlikView, Qlik, Q, Simplifying Analysis for Everyone, Power of Simplicity, New Rules, The Uncontrollable Smile and other QlikTech products and services as well as their respective logos are trademarks or registered trademarks of QlikTech International AB. All other company names, products and services used herein are trademarks or registered trademarks of their respective owners. The information published herein is subject to change without notice. This publication is for informational purposes only, without representation or warranty of any kind, and QlikTech shall not be liable for errors or omissions with respect to this publication. The only warranties for QlikTech products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting any additional warranty.

Recomendados

5 formas de comunicar sus conocimientos de BI
5 formas de comunicar sus conocimientos de BI5 formas de comunicar sus conocimientos de BI
5 formas de comunicar sus conocimientos de BIData IQ Argentina
 
8 Consejos para crear visualizaciones de datos modernas
8 Consejos para crear visualizaciones de datos modernas8 Consejos para crear visualizaciones de datos modernas
8 Consejos para crear visualizaciones de datos modernasData IQ Argentina
 
3 razones para contar historias...
3 razones para contar historias...3 razones para contar historias...
3 razones para contar historias...Data IQ Argentina
 
QlikView para Bancos
QlikView para BancosQlikView para Bancos
QlikView para BancosData IQ Argentina
 
AutoCAD Básico
AutoCAD BásicoAutoCAD Básico
AutoCAD BásicoEduardo Guzmán
 
Nota en INFORMATION TECHNOLOGY - Datos
Nota en INFORMATION TECHNOLOGY - DatosNota en INFORMATION TECHNOLOGY - Datos
Nota en INFORMATION TECHNOLOGY - DatosData IQ Argentina
 
IT Guía Outsourcing
IT Guía OutsourcingIT Guía Outsourcing
IT Guía OutsourcingData IQ Argentina
 
Apertura tecno Data IQ 2020
Apertura tecno Data IQ 2020Apertura tecno Data IQ 2020
Apertura tecno Data IQ 2020Data IQ Argentina
 

Recomendados

5 formas de comunicar sus conocimientos de BI
5 formas de comunicar sus conocimientos de BI5 formas de comunicar sus conocimientos de BI
5 formas de comunicar sus conocimientos de BIData IQ Argentina
 
8 Consejos para crear visualizaciones de datos modernas
8 Consejos para crear visualizaciones de datos modernas8 Consejos para crear visualizaciones de datos modernas
8 Consejos para crear visualizaciones de datos modernasData IQ Argentina
 
3 razones para contar historias...
3 razones para contar historias...3 razones para contar historias...
3 razones para contar historias...Data IQ Argentina
 
QlikView para Bancos
QlikView para BancosQlikView para Bancos
QlikView para BancosData IQ Argentina
 
AutoCAD Básico
AutoCAD BásicoAutoCAD Básico
AutoCAD BásicoEduardo Guzmán
 
Nota en INFORMATION TECHNOLOGY - Datos
Nota en INFORMATION TECHNOLOGY - DatosNota en INFORMATION TECHNOLOGY - Datos
Nota en INFORMATION TECHNOLOGY - DatosData IQ Argentina
 
IT Guía Outsourcing
IT Guía OutsourcingIT Guía Outsourcing
IT Guía OutsourcingData IQ Argentina
 
Apertura tecno Data IQ 2020
Apertura tecno Data IQ 2020Apertura tecno Data IQ 2020
Apertura tecno Data IQ 2020Data IQ Argentina
 
Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020Data IQ Argentina
 
Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020 Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020 Data IQ Argentina
 
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de AperturaData IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de AperturaData IQ Argentina
 
Neurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la ProvinciaNeurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la ProvinciaData IQ Argentina
 
Revista apertura enero 2020
Revista apertura enero 2020Revista apertura enero 2020
Revista apertura enero 2020Data IQ Argentina
 
Prensario TI Latin América
Prensario TI Latin AméricaPrensario TI Latin América
Prensario TI Latin AméricaData IQ Argentina
 
La Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El CronistaLa Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El CronistaData IQ Argentina
 
APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017Data IQ Argentina
 
InfoTechnology - Negocios de Familia
InfoTechnology - Negocios de FamiliaInfoTechnology - Negocios de Familia
InfoTechnology - Negocios de FamiliaData IQ Argentina
 
What’s New @ Qlik®
What’s New @ Qlik®What’s New @ Qlik®
What’s New @ Qlik®Data IQ Argentina
 
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...Data IQ Argentina
 
La gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolasLa gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolasData IQ Argentina
 
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...Data IQ Argentina
 
APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017Data IQ Argentina
 
Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...Data IQ Argentina
 
La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...Data IQ Argentina
 
Conocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: QantasConocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: QantasData IQ Argentina
 
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?Data IQ Argentina
 
Descubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoTDescubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoTData IQ Argentina
 
Conocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns HopkinsConocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns HopkinsData IQ Argentina
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Mais conteúdo relacionado

Mais de Data IQ Argentina

Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020Data IQ Argentina
 
Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020 Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020 Data IQ Argentina
 
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de AperturaData IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de AperturaData IQ Argentina
 
Neurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la ProvinciaNeurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la ProvinciaData IQ Argentina
 
La Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El CronistaLa Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El CronistaData IQ Argentina
 
APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017Data IQ Argentina
 
InfoTechnology - Negocios de Familia
InfoTechnology - Negocios de FamiliaInfoTechnology - Negocios de Familia
InfoTechnology - Negocios de FamiliaData IQ Argentina
 
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...Data IQ Argentina
 
La gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolasLa gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolasData IQ Argentina
 
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...Data IQ Argentina
 
APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017Data IQ Argentina
 
Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...Data IQ Argentina
 
La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...Data IQ Argentina
 
Conocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: QantasConocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: QantasData IQ Argentina
 
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?Data IQ Argentina
 
Descubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoTDescubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoTData IQ Argentina
 
Conocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns HopkinsConocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns HopkinsData IQ Argentina
 

Mais de Data IQ Argentina (20)

Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020Revista Information Technology Julio Agosto 2020
Revista Information Technology Julio Agosto 2020
 
Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020 Prensario TI Latin America Septiembre 2020
Prensario TI Latin America Septiembre 2020
 
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de AperturaData IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
Data IQ ocupa el puesto 26 en el ranking Mejores Empleadores de Apertura
 
Neurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la ProvinciaNeurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
Neurona Buenos Aires - Modelos BI en la Tesorería General de la Provincia
 
Revista apertura enero 2020
Revista apertura enero 2020Revista apertura enero 2020
Revista apertura enero 2020
 
Prensario TI Latin América
Prensario TI Latin AméricaPrensario TI Latin América
Prensario TI Latin América
 
La Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El CronistaLa Visión de los Líderes 2019 - El Cronista
La Visión de los Líderes 2019 - El Cronista
 
APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017APERTURA - Mejores Empleadores 2017
APERTURA - Mejores Empleadores 2017
 
InfoTechnology - Negocios de Familia
InfoTechnology - Negocios de FamiliaInfoTechnology - Negocios de Familia
InfoTechnology - Negocios de Familia
 
What’s New @ Qlik®
What’s New @ Qlik®What’s New @ Qlik®
What’s New @ Qlik®
 
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
Toma de decisiones impulsada por datos en radiología: Rochester Regional Heal...
 
La gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolasLa gestión y análisis del DATO en las empresas españolas
La gestión y análisis del DATO en las empresas españolas
 
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
CÓMO ADMINISTRAR UNA TELCO MULTINACIONAL USANDO QLIK®: Virgin Mobile en Qonne...
 
APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017APERTURA Tecno - Edición Especial 2017
APERTURA Tecno - Edición Especial 2017
 
Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...Construyendo confianza y abandonando las zonas de confort en las organizacion...
Construyendo confianza y abandonando las zonas de confort en las organizacion...
 
La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...La transformación digital impulsada por los datos en la industria de servicio...
La transformación digital impulsada por los datos en la industria de servicio...
 
Conocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: QantasConocé los casos de éxito de Qonnections 2017: Qantas
Conocé los casos de éxito de Qonnections 2017: Qantas
 
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
¿Cómo puede ayudarlo Qlik a descubrir más valor en sus datos de IoT?
 
Descubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoTDescubra más valor en sus datos de IoT
Descubra más valor en sus datos de IoT
 
Conocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns HopkinsConocé los casos de éxito de Qonnections 2017: Johns Hopkins
Conocé los casos de éxito de Qonnections 2017: Johns Hopkins
 

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Último (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

QlikView Mobile Security Technical Brief

  • 1. QLIKVIEW MOBILE SECURITY QlikView Technical Brief qlikview.com Published: March, 2011
  • 2. QlikView Mobile Security | Page 2 QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable. High adoption rates and reliance on mobile devices makes safe mobile data analysis a critical concern. However, mobile devices can easily be lost and that’s why QlikView mobile clients have robust security means to secure sensitive business data. QlikView’s mobile clients leverage the entire security infrastructure of a typical QlikView enterprise deployment. This Technical Brief takes a look at the security features of the QlikView iPad touch-enabled Ajax client and uses an example implementation to explain some of the technical details. This Technical Brief is a companion document to the QlikView Security Overview Technology White Paper, which deals in detail how a typical QlikView deployment addresses the question of security. This brief will discuss the QlikView iPad client’s security at these levels: • Device • Transmission • Authentication and Authorization It also includes an example implementation using Double Authentication Device Security One of the main security considerations for mobile BI solutions is not to store any business data on the device. QlikView mobile clients do not store data on the device. As such, there is no local copy to lose if the mobile device is stolen and the data only resides on QlikView servers within a secure enterprise environment, with access permitted only over the network for the correctly authenticated and authorized users. Transmission Security Transmission security refers to protection of data from unauthorized interception. The QlikView iPad client supports VPN connections where the communication between the client and the QlikView server, including the username and password, are encrypted. The QlikView iPad client also supports HTTPS/SSL communication protocols. In the implementation example described below, HTTPS and Secure Sockets Layer (SSL) is used with server certificates installed on the IIS web server. In this specific case, tunneling is also enabled to encrypt the communication between IIS web server and QlikView server.
  • 3. QlikView Mobile Security | Page 3 Authentication and Authorization Authentication refers to the act of establishing or confirming the user as true or authentic. Authorization refers to the act of specifying access rights to control access of information to users. The QlikView iPad client leverages the existing authentication and authorization methods provided by QlikView Server (as described in the QlikView Security Overview Technology White Paper). There is nothing different from the iPad experience from a security perspective than a desktop browser. For Authentication, the QlikView Server requires that users be authenticated by some external process, and that credentials granted by that process be communicated to the QlikView Server. QlikView supports authentication via Active Directory, third-party single sign-on (SSO) solutions (such as CA Site Minder or IBM WebSeal), as well as via digital certificates. Once the user is authenticated, there are two authorization modes available: NTFS & DMS. NTFS mode relies on security features built in with Windows on the server side to secure access to QlikView documents through the iPad client. In NTFS mode, administrators control access to QlikView documents from the operating system itself rather than from QlikView. By contrast, DMS mode allows administrators to control access to QlikView documents centrally, within QlikView. (A detailed description of the differences between NTFS and DMS modes is contained within the QlikView Security Overview Technology White Paper). Example Implementation — Double Authentication The implementation example below demonstrates a real use case where security was applied to a QlikView deployment covering iPad devices. The security requirement is to achieve double authentication (i.e. using both user certificates and basic authentication against Microsoft Active Directory) with HTTPS/SSL connection. This is just one way to achieve a secure iPad implementation. There are other methods that could be used based on other security requirements. Figure 1 illustrates the Double Authentication example described below. First Authentication iPad supports digital certificates, giving business users secure access to corporate services. A digital certificate is composed of a public and private key pair, along with other information about the user and the certificate authority that issued the certificate. Digital certificates are a form of identification that enables authentication, data integrity, and encryption. In this implementation example, digital certificates are used to securely authenticate users to corporate services. A Microsoft IIS web server in the ‘De-Militarized Zone’ (DMZ) domain is setup to provide one-to-one certificate mapping. When a user connects to the IIS site, IIS will request a user certificate which is already created on the iPad. The user will be prompted for a certificate and its public key is then submitted to the IIS server. The IIS server will compare this public key with the available public keys of which the administrator has granted access. Based on the result, IIS will either allow or disallow the user access to the QlikView Server.
  • 4. QlikView Mobile Security | Page 4 If the user is allowed, IIS will encrypt the contents using a user public key and sends it back to the user. Now that the user has both keys, they will decrypt the contents sent by IIS using their own private key and will be able to start communication with the IIS server. Second Authentication The next step in this example is the second authentication. QlikView can be configured to provide a second layer of authentication to make sure that the user requesting access to the QlikView Server can be authenticated against the corporate security system (such as Active Directory or another LDAP, for example). As is normal, the user gets challenged for their credentials to be authenticated against the security system. Authorization The final step in the process is to give the authenticated user access to the authorized documents. This process is handled by the QlikView Server and is described in detail in the QlikView Security Overview Technology White Paper. Figure 1: Double Authentication in a Mobile Environment QvSWEB SERVER 4. User is prompted for User Name and password 3. IIS server compares the public key with available public keys granted by admin, authenticates the user and grants access 1. User is prompted for certificate 5. User gets authenticated against AD 7. Authorized QV docs are available to the user 2. User selects the certificate and Public Key is submitted 6. Authenticated user name is passed to QvS Encrypted communication via tunneling Source: QlikTech FIRST AUTHENTICATION SECOND AUTHENTICATION © 2010 QlikTech International AB. All rights reserved. QlikTech, QlikView, Qlik, Q, Simplifying Analysis for Everyone, Power of Simplicity, New Rules, The Uncontrollable Smile and other QlikTech products and services as well as their respective logos are trademarks or registered trademarks of QlikTech International AB. All other company names, products and services used herein are trademarks or registered trademarks of their respective owners. The information published herein is subject to change without notice. This publication is for informational purposes only, without representation or warranty of any kind, and QlikTech shall not be liable for errors or omissions with respect to this publication. The only warranties for QlikTech products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting any additional warranty.