IBM Support

How to configure Gateway server in DMZ for a IBM Cognos Controller distributed install

Troubleshooting


Problem

Customer would like their database server and the main IBM Cognos Controller application server in the secure LAN. However, they would like remote users (on the internet) to connect to a gateway located in the DMZ (demilitarized zone) of their firewall.
How do they configure IBM Cognos Controller to have a separate gateway server?

Symptom

Customer would like all the communication from their client devices to go through a 'middle-man' (the 'Gateway' server), which is located in the DMZ.
  • In other words, they want their architecture to look similar to the following:
 
IMPORTANT: The information in this technote is provided purely as a guideline only. Although it is suitable for most environments, it describes the simplest requirement (of having a separate DMZ gateway) in mind.
  • It is important the customer discusses their IBM Cognos Controller architecture with their experienced Cognos Technical Consultant to ensure that they choose the optimal solution for their business.

Cause

Modern versions of IBM Cognos Controller have two different/separate clients:
  • Controller Classic (the traditional executable file 'CCR.EXE')
  • Controller Web (a web interface, running in a browser)
  
Therefore there are two separate portions of IBM Cognos Controller that you will need to add/configure on your Gateway server:
  • (A) IBM Cognos Controller Classic gateway
  • (B) IBM Cognos Controller Web frontend
================================== 
More Information
(A) Classic Client
Cognos Analytics (previously known as 'Cognos BI') components contain functionality so that its front end 'gateway' can act as a proxy server / relay (by default for HTTP web traffic over port 80). This functionality can be used for IBM Cognos Controller, to relay all traffic to/from the 'controllerserver' virtual directory, which is located on the IIS server on the <appserver> in the LAN.
  • This 'proxy' functionality is enabled/triggered by using the 'controller' parameter.
  • For example, by modifying the WSSUrl from the default value (http://appserver/ibmcognos/controllerserver) to the new one (http://<gateway>/ibmcognos/bi/v1/controller)

Note: By using the 'controller' parameter, you are creating an extra layer of complexity (with the communication between the client and server)
  • It adds an extra 'tier' to the client<=>server communication process
  • Therefore, in general, do not use this parameter except in exceptional circumstances (e.g. when requiring a DMZ solution)
In other words, for a typical 'local' network configuration, this 'controller' parameter change is generally not needed.
To configure IBM Cognos Controller, version 10.3.0 and earlier, with the parameter 't=controller', see separate IBM technote #6257771
(B) Controller Web
Since Controller version 10.4.0, there has been a 'front end' and 'back end' component to the IBM Cognos Controller Web.
  • This separation has allowed the possibility to split the IBM Cognos Controller Web onto two separate servers.
In this scenario, you would install the IBM Cognos Controller Web 'front end' on the gateway server (and configure it to communicate to the 'back end' running on the server on the LAN).
================================== 

Environment

The IBM Cognos Controller (and Cognos Analytics) architecture is extremely flexible, which allows its individual components to be placed on separate physical servers. This is known as a 'distributed installation'.
  • For more details, see documentation which comes with the products.
There are a huge variety of possible configurations. This article assumes the simplest configuration, where there are only two physical servers:

(1) <gateway>
This is the 'Gateway' server, and is located inside the DMZ
  • Some people may refer to this as the 'Web Server', although (technically) there is a web service (IIS) running on *all* Controller servers
Its only roles are to:
  • Act as the 'bridge' between the client and the 'main' application server (known as a 'gateway')
  • Provide (optional)  the clients as the location to download the client software (known as a 'client distribution server')
However, it does NOT perform any processing tasks (it is not a report server, or process any business/financial logic)
(2) <appserver>
This is the 'main application' server
  • It is located inside the LAN.

Resolving The Problem

Modern versions of Controller (for example 10.4.2)
There are two separate/different portions of IBM Cognos Controller that you will need to add onto your Gateway server:
  • (A) IBM Cognos Controller Classic gateway
    • Instructions to create a 'classic client' gateway are inside separate IBM technote #6257779.
  • (B) IBM Cognos Controller Web frontend
    • This requires using IBM Cognos Controller version 10.4.0 (or later)
    • To install IBM Cognos Controller Web front end, simply choose the following option inside the installation wizard:
image 5534
  • After installing, configure the front end to communicate to the 'main' IBM Cognos Controller application server (back end)
    • TIP: For basic instructions, see separate IBM technote #791535.
    • TIP: For CAM (or split) instructions, see separate IBM technote #305259.
==================================
Old (legacy/unsupported) versions of IBM Cognos Controller (for example 10.3.0 and earlier)
Old/legacy versions of IBM Cognos Controller had Cognos BI 'runtime' components combined into the IBM Cognos Controller server installation media.
  • Therefore the Cognos BI gateway components were installed as part of the IBM Cognos Controller server installation wizard.
For a guide on how this is installed/configured, see separate IBM technote #6257771.
==================================

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"ARM Category":[{"code":"a8m0z000000brYKAAY","label":"Installation"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Version(s)","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Historical Number

1041303

Document Information

Modified date:
10 November 2021

UID

swg21367311

Page Feedback