Skip to Content

What’s New in BI Platform 4.2 SP5

DISCLAIMER

This document summarizes the planned enhancements in the next SAP BI 4.2 Support Package 5 in BIPlatform. As the SAP BI 4.2 SP5 content is still subject to change, please consider the below legal disclaimer statement:

The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. This presentation is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation and SAP’s strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP´s willful misconduct or gross negligence.

All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions

BW Events-based Scheduling

A new BW Events is introduced in the BI 4.2 SP5 that allows a user to schedule a document based on BW Events in the BI platform. It allows a user in the BI Platform to schedule a document when the data is updated in the BW system.

Example:

Consider a report “Daily sales” that is based on BW data source named “Sales”. When the data is updated in the “Sales” data source, the “Daily sales” report should be delivered to sales executive with the refreshed data.

With the new BW event, whenever the data is updated, the event is triggered in the backend and the report gets scheduled.

This would require below steps:

  • Establish trusted channel between SAP BW and BI Platform
  • Create an HTTP connection in SAP BW
  • Create BW Event in CMC
  • Assign BW Event to report which has to be scheduled
  • Create a process chain with BOE process type in BW
  • This process chain would trigger the BW event created in CMC which in turn will schedule the report

For more details refer to the blog:

https://blogs.sap.com/2017/11/08/sap-bi-4.2-sp05-triggering-schedule-in-bi-platform-from-bw-part-1/

 

Fiori BI Launchpad Enhancement

Below are the lists of enhancement done in Fiori BI Launchpad in BI 4.2 SP5

  • Uploading an image to category
  • My Recently Run Variant filter
  • Sorting, Filtering, and Resizing options
  • Context Refresh in all pages
  • Options for marking favorite documents for end users
  • Fiori BI Launchpad session handling
  • History page enhancements in Fiori BI LAUNCHPAD
  • Change SAP Password on First Logon or when password is expired
  • Schedule page Enhancements
  • Back button in the Unified viewer page

For more details, refer to the blog:

https://blogs.sap.com/2017/11/06/sap-bi-4.2-sp05-whats-new-in-fiori-bi-launchpad/

 

RESTful SDK stack support on Tomcat

Prior to BI 4.2 SP5, RESTful SDK was supported only in WACS, however, WACS has scalability and performance constraints. With more and more applications (such as Fiori BI Launchpad, Lumira and others clients) consuming primarily RESTful SDK, it was mandatory to have a scalable framework.

BI 4.2 SP5 ensures that RESTful SDK can run on WACS as well as Tomcat Webserver. Supporting RESTful SDK on tomcat will ensure better performance and scalability as it supports load balancing and clustering.

A new war file called biprws.war has been created and it will be deployed by default with BOE installation on to Tomcat under \tomcat\webapps.

Customers will have an option to point the REST URL either to WACS or Tomcat. Post patch update to BI 4.2 SP5, the RESTful SDK will continue to work on WACS as configured earlier, however, customer will have an option to configure it on Tomcat for better performance.

 

Configuration details:

  • Log on to CMC.
  • In the CMC, click Applications.
  • Select RESTful Web Service.
  • The URL in RESTful Web Service for Tomcat will be
    • http://<IP Address>:<Tomcat port>/biprws
  • The default URL in RESTful Web Service for WACS will be as earlier
    • http://<IP Address>:<WACS Port>/biprws

 

If you are using Tomcat, you can set the RESTful Web service parameter values as part of server configuration within tomcat.

As part of 4.2 SP5, we are supporting only on Tomcat (version 8.5.7 and 9) of all supported applications servers.

For more details please refer to below blog

https://blogs.sap.com/2017/11/07/sap-bi-4.2-sp05-decoupling-of-bi-platform-restful-web-services-from-wacs/

 

SHA-1 to SHA-2 Upgrade

As part of BI 4.2 SP5, the hashing algorithm SHA1 is replaced with SHA2 to enhance security in the BI Platform. Modification to the digest algorithm has led to the modification of the Encryption/Decryption algorithm. The encryption/decryption that underwent the changes are mostly used for the CMS DB connection and while communicating data over CORBA communication.

 

What is need for replacing the usage of SHA-1 with SHA-2?

SHA-1 produces a 160-bit (20 bytes) hash value, whereas SHA-2 produces 256-bit (32 bytes) hash value. SHA-2 works the same way like SHA-1 but is stronger and generates a longer hash.

 

What is SHA-2 algorithm?

In cryptography, SHA-2 (Secure Hash Algorithm 2) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST.SHA-2 produces a 256-bit (32-byte) hash value known as a message digest.

What is Message Digest?

A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message.

 

Secure Individual Scheduling Destination

 

In BI 4.2 SP5, we have introduced rights on individual destinations, this enables the administrator to control destination to which user can schedule given documents.

Basically, using these granular rights, administrator can ensure confidential document can be scheduled only to secured place such as BI Inbox and sales document can be scheduled to non-confidential location as well such as FTP, Email, etc.

Example: We have some financial report, which is confidential and no one should schedule over the mail, however, there are some sales report which needs to be scheduled over the mail for sales people. With the introduction of new rights, this can be achieved.

Prior to BI 4.2 SP5, we had only destination rights which enables all or none destinations.From BI 4.2 SP5, we have destination rights on individual destinations.

 

Secure HANA JDBC connection for HANA Authentication

Support for SSL over JDBC connection for HANA SAML authentication has been included in BI 4.2 SP5. Prior to BI 4.2 SP5, the connections like HTTP, HTTPS and JDBC were supported, however, if on HANA server, SSL was enforced, JDBC connection from BOE to HANA use to fail.

From BI 4.2 SP5, support for SSL JDBC communication from SAP Business Objects to HANA for SAML workflows has been included.

In the below screen, for non-secure connection, uncheck Secure connection checkbox and check for secure connection for both HTTP and JDBC connection.

 

If a customer is upgrading from 4.2 SP04.

  • All JDBC connection retained as JDBC connection with secure flag un-checked
  • All HTTP connection retained as HTTP connection with secure flag un-checked
  • All HTTPS connection changed as HTTP connection with secure flag checked
  • Customer will have option to create Secure JDBC connection

 

Basically, customer will have flexibility to convert any Non-SSL connection to SSL connection, by selecting the checkbox and vice-versa.

 

Publication to support ServerGroup assignment at UserGroup and Folder

ServerGroup assigned at UserGroup and Folder would be respected while scheduling publication.

From BI 4.2 SP5, if a user tries to schedule a publication, it will consider ServerGroup assigned at different levels. Basically it will look in below order

Publication -> Folder -> UserGroup -> Report -> Common pool

If ServerGroup is identified at any level, it will use that ServerGroup for scheduling else will consider next objects.

Example 1

Input:

Publication “P” belong to Folder “F1”

Folder “F1”

ServerGroup “SG1” set at folder “F1”

Algorithm:

Check to see if there is any ServerGroup setting at Publication “P” level

No ServerGroup set

Check to see if there is any ServerGroup setting at Folder level “F1”

ServerGroup “SG1” is set

Output:

ServerGroup “SG1”

Use the Server SG1 for scheduling Publication “P”

 

Example 2

Input:

Publication “P” belong to Folder “F1”

Folder “F1”

No ServerGroup set at Folder “F1”

User Belong to UserGroup UG1

ServerGroup “SG1” set at UserGroup “UG1”

 

Algorithm:

Check to see if there is any ServerGroup setting at Publication “P” level

No ServerGroup set

Check to see if there is any ServerGroup setting at Folder level “F1”

No ServerGroup set

Check to see if there is any ServerGroup setting at UserGroup “UG1”

ServerGroup “SG1” is set

Output:

ServerGroup “SG1”

Use the Server SG1 for scheduling Publication “P”

 

Expired Status for Scheduling

Expired is a new status introduced in SAP BI 4.2 SP5. If the document does not runs in the specified period of time, the status of its instance would be expired. Prior to BI 4.2 SP5, it used to be failed state.

Basically, expired status would differentiate between failure due to time elapsed or any other reason.

Example:

  • Schedule a recurrence job, say, every minute from 8:15 AM to 8:18 AM
  • Pause recurring instance at 8:17 AM
  • At 8:18 AM, you will have Expired instance, since the time has elapsed.

 

 

SAP BW Change password

We have an option to change BW password in CMC and BI Launch Pad, if the BW password is expired and requires change at next logon.

Consider BusinessObjects system is setup with SAP Authentication and SAP BW password for a given user is expired, in such a case user will have option to change password during next login from CMC and BI Launchpad.

Prior to BI 4.2 SP5, if the user tries to login it would get error message if the password is expired and they need to change BW password from somewhere else say from SAP GUI and then perform login on CMC or BI LAUNCHPAD with the updated password. With BI 4.2 SP5

User will get below option to change BW password, when the password is expired and user tries to login in BI Launchpad or CMC.

 

Custom header in Adaptive Job server

Custom header in Adaptive Job server has been introduced as part of BI 4.2 SP5. While scheduling a document from SAP BusinessObjects to Email destination, the added custom header would be deliver along with the default headers to the recipient email.

Custom header in Adaptive Job Server is configures as below.

  • Login to CMC
  • Click on servers
  • Click on Adaptive Job Server
  • Click on Destination
  • Select Email in the destination
  • Scroll down and enable custom headers

Email from BI Platform (AJS) will have custom header in recipient headers.

 

Customize Authentication Options in CMC and BI Launch Pad

By default, all Authentication types are displayed in BI Launch Pad, Fiori BI Launch Pad and CMC, from BI 4.2 SP5, Administrator will have option customize the authentication type that should be available to end-user on CMC and BI Launch Pad.

New property “logon.authentication.visibleList” is introduced in BIlaunchpad.properties and CmcApp.properties, which will ensure only limited authentication types are available for end user.

By default, all authentication types are be listed in CMC

Stop Tomcat, Modify the CmcApp.properties file to list only Enterprise and LDAP as below and start tomcat.

Only modified list will be visible to end users

Properties files are located at <Tomcat directory>\webapps\BOE\WEB-INF\config\default

SAML 2.0 Authentication

The Business Intelligence Platform supports SAML 2.0 as an authentication mechanism for single sign-on experience. This means that you can now log on to a cloud application like Analytics Hub or SAP Analytics Cloud and access the resources in BI applications like Fiori BI Launch Pad, BI Launch Pad, and Open Document during the same logon session using SSO.

GenPSE to replace SSLC tool

SSLC tool which was used to generate certificates till BI 4.2 SP04 does not support SHA2 digest, Additionally, SSLC is based on RSA library and would be coming to end of life.

Keep this in mind, SAP BusinessObjects came up with new tool GenPSE, which is based on SAP Crypto library and support SHA2 algorithm.

GenPSE will be used in

  • generating self-signed x509 certificate and PSE files which are used in CORBA/SIA SSL workflow
  • generating CSR for 3rd party CA to sign

More details on the how to enable SSL using GenPSE in BI4.2 SP5 is available in the blog

https://blogs.sap.com/2017/11/08/enabling-ssl-in-bi-platform-4.2-sp05/

 

Commentary performance improvement

Commentary was delivered as part of BI 4.2 and it supports ODBC and JDBC connections to commentary database. JDBC was performant however ODBC had few performance constraints. In 4.2 SP5, we have resolved commentary performance issue.Performance test shows significant improvement in the performance of View, add, update, and delete comments.

Session termination on change password

For security reason, BI Platform has ensured, when the user changes it’s password, all it’s existing session would terminate. Which mean all the session which was created using older password would be terminated and user needs to login using new password.

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Vamshidhar Mitta

    Hi Pranav,

    Great stuff and well explained. Just a quick question on the support of RWS on tomcat, is it on 8.5.7 ? or on 8.5.13 which is bundled by default with BI installation.

    Also any information on its support with Tomcat 7.

     

    Thanks,

    Vamshidhar

    (0) 
  2. Deepu Sasidharan

    Great blog Pranav!

     

    It will be helpful if you also write blog about SAML SSO available in SP 5.  Which SAML providers will be supported, configuration steps etc..

    (0) 
  3. Pranav Kumar Post author

     

    Hello Deepu,

     

    We have a plan to have a detailed blog on SAML, link of it would be updated in this blog as well.

     

    Regards,

    Pranav

    (0) 

Leave a Reply