Customer would like to configure their architecture so that user's IBM Cognos Controller 'classic' clients (the program CCR.EXE) do not connect directly to the main IBM Cognos Controller application server. Instead they connect to a separate 'gateway' server.
- In other words, they want to achieve something similar to what is described inside separate IBM technote #386373.
How can they achieve this, when using Cognos Analytics?
- WSS Url defines which website the IBM Cognos Controller client connects to.
- By default, the classic client connects directly to the IIS webserver of the 'main' IBM Cognos Controller application server (in the above example it is called 'servername').
- This is so that all classic client <=> server communication travels via the Cognos Analytics 'gateway' server (which acts as a 'relay'/'proxy').
- IBM Cognos Controller 10.4.x
- Cognos Analytics 11.0.13 +
The following instructions assume that:
- There is already a fully-tested/working 'main' IBM Cognos Controller application server and 'main' Cognos Analytics (CA) server (existing on the secure LAN).
- To make it simple, the instructions assume that both the IBM Cognos Controller and CA server software are installed on the same physical Windows box.
- The customer simply wants to install a separate dedicated CA-gateway-only server (perhaps in their DMZ) to add to their existing (working) IBM Cognos Controller/CA main server
- All IIS webservers are using the default HTTP over TCP port 80 (not HTTPS over 443, for example).
- If you want to use SSL then use the instructions, only once you have http working properly, inside separate IBM technote #372873.
- The system is configured to use ISAPI (not CGI)
- Servers based on Windows 2019.
- Each section contains parts to perform on the "Gateway" server (which you may have placed inside the DMZ), and parts to be done on the 'main' IBM Cognos Controller application server (which will be inside the secure LAN)
- These are clearly labelled with " <gateway>" and "<appserver>" headings
Install/configure Microsoft IIS Web Server including:
- Application Development - "ISAPI Extensions"
- Application Development - "ISAPI Filters":
- Increase IIS timeout to at least 60 minutes
Next, install the relevant CA gateway component files on the server:
- Navigate to the Cognos Analytics installation media, and launch the installation wizard (for example double-click on "ca_server_var_win64_11.0.13.exe")
- At the screen 'Component Selection' choose/select only the 'Gateway Components', and then complete the wizard
- Navigate to the IBM Cognos Controller installation media, and launch the installation wizard server, and launch the installation wizard
- At the screen 'Component Selection' for most customers you should only choose/select the 'Gateway Components':
(B) Firewall configuration
Assuming your gateway/appserver devices are on different networks (DMZ/LAN) than ask your network administrator to modify the firewall (between the LAN and the DMZ) to:
- Open the firewall to allow TCP traffic on port 80 between the external client devices (on the Internet) and the gateway server's external IP address (in the DMZ)
- Open the firewall to allow TCP traffic on port 80 between the gateway server's IP address (which may be an 'internal' LAN IP address or an 'external' DMZ IP address - it all depends on your DMZ/firewall configuration) and the application server's (internal/LAN) IP address.
- Install IIS Application Request Routing (ARR) 3 (including the URL Rewrite associated module)
- Download "CA_IIS_config.bat"
- Edit that file (for example in NOTEPAD) with the correct settings. For example, typically would change the 'dispatcher' name line to something similar to: set disp.name=<appserver>
- Finally, run the modified CA_IIS_config.bat.
- Add a rewrite rule on /ibmcognos/bi and name it the same as the parameter user on the WSS URL (in this document, we called it 'controller')
- Ensure that this rewrite rule is BEFORE the existing Reverse Proxy and any SSO (enabled or not) rules
- Highlight your server
- Double-click ‘ISAPI and CGI restrictions’ (in the right pane)
- Check that there is an entry 'IBM Cognos Analytics Isapi':
- Launch IIS Mananger/administration tool
- Browse to find the following website: <default web site>\ibmcognos\cgi-bin
- Open section 'Request Filtering'
- Click 'Edit Feature Settings'
- Click 'Rules'
- Change this to: 3145728000
- Highlight/select the virtual directory cgi-bin
- Double-click ‘Handler Mappings’ (in the right-hand pane)
- Click ‘Add Module Mapping’
- Enter the values similar to the following (modify the path as appropriate for where you have installed it):
- Request path: cognosisapi.dll
- Module: IsapiModule
- Executable (optional): C:\Program Files\ibm\cognos\analytics\cgi-bin\cognosisapi.dll
- Name: ISAPI-cognos
- Click OK.
Using Windows Explorer, browse to here: C:\Program Files\ibm\cognos\analytics\cgi-bin
Edit the following file (inside NOTEPAD): web.config
In the row for 'ISAPI-cognos' add the following text after the entry resourceType="File": allowPathInfo="true"
TIP: For most servers, the above is enough to solve the problem. However, in some environments the file contains the phrase: types="CgiModule" (instead of: modules="CgiModule" )
- In this situation, you will need to change the file to say: modules="CgiModule"
(1) <gateway> server
(2) <appserver> server
2. Inside the 'environment' section modify the following (under 'Gateway Settings'):
3. Gateway URI: http://<gateway>:80/ibmcognos/bi/v1/disp
- Browse to the installation folder (TIP: By default: C:\Program Files\IBM\IBM Cognos Controller Local Client)
- Open the following file in NOTEPAD: CCR.exe.config
- Locate the setting similar to:
- Modify it to something similar to:
- Save changes and test.
- TIP: For an explanation of what this method is, see separate IBM technote #123099.
2. Open the section 'Controller Client Distribution Server'
3. Modify the CASUrl: http://<gateway>/ibmcognos/controllerbin
4. Modify the WSSUrl: http://<gateway>/ibmcognos/bi/v1/controller
Was this topic helpful?
18 April 2022