Jump to content
  • Welcome!

    We are so excited to have you here.

    Join now to access our forum discussions on all things ibi - products, solutions, how-to's, knowledgebase, peer support and more.

    Please register or login to take part. (If you had a previous community account simply click > Sign In > Forgot Password)

     

  • Our picks View All

    • In today's fast-paced business landscape, the ability to derive actionable insights from data quickly is paramount. Data scientists and analysts are tasked with the challenge of turning vast amounts of information into valuable insights that drive strategic decision-making. In this article, we'll explore how WebFOCUS, a leading business intelligence and analytics platform, empowers users to gain insights through its robust feature name “Instant Insights”


      • 0 replies
        • Like
    • After Oracle announced that their Java release wouldn’t be free anymore for production environments, several customers wanted to get rid of it and started using OpenJDK packages instead. ibi already moved on the same path and we started using OpenJDK in our products a few releases ago (even we went back to Oracle in the latest versions).
      • 0 replies
        • Like
    • We’ve recently seen an increase in cyberattacks on enterprises around the world. And as everybody knows, the weakest point in our companies is… US. Humans are the weakest entry point and the one that most hackers will use to access our company assessments.

      Because of that, several of our customers have recently asked how they can enable MFA (Multi-Factor Authentication) on their WebFOCUS installations.



       
      • 0 replies
        • Like
    • This article will help you to deploy the WebFOCUS Container Edition using shipped images onto the single node cluster created using Openshift on Linux or Mac.

      • 0 replies
        • Thanks
        • Like

Welcome to the ibi Community

See recent community activity

  • In today's fast-paced business landscape, the ability to derive actionable insights from data quickly is paramount. Data scientists and analysts are tasked with the challenge of turning vast amounts of information into valuable insights that drive strategic decision-making. In this article, we'll explore how WebFOCUS, a leading business intelligence and analytics platform, empowers users to gain insights through its robust feature name “Instant Insights”

    Instant Insights with WebFOCUS:
    WebFOCUS is designed to streamline the data-to-insights journey, enabling users to uncover valuable information in real-time. Here's how WebFOCUS facilitates instant insights:

    Interactive Data Exploration:
    WebFOCUS offers interactive data exploration capabilities that allow users to visually analyze data and uncover insights on-the-fly. With intuitive and interactive visualizations, users can drill down into data, apply filters, and explore trends dynamically. This enables rapid discovery of patterns, anomalies, and correlations without the need for extensive coding or manual analysis.

    Self-Service Analytics:
    Empowering users with self-service analytics capabilities is a key feature of WebFOCUS Instant Insights. With self-service tools, business users can access and analyze data independently, reducing reliance on IT or data science teams. WebFOCUS provides a user-friendly interface that enables non-technical users to create ad-hoc reports, build customized dashboards, and perform self-guided analysis, fostering a culture of data-driven decision-making across the organization.


     
    WebFOCUS is not limited to just Instant Insights. WebFOCUS also  integrates predictive analytics capabilities, allowing users to not only explore current data but also forecast future trends and outcomes. By utilizing machine learning algorithms and predictive modeling techniques, users can generate insights that reveal potential future scenarios based on historical data. This seamless integration of predictive analytics within the Instant Insights feature enables users to quickly identify emerging trends, anticipate customer behavior, and make informed decisions with a forward-looking perspective. 
     
    Whether it's predicting customer churn, forecasting sales volumes, or optimizing supply chain operations, WebFOCUS ensures that users have the foresight to stay ahead in a dynamic business environment. Stay tuned for our next blog to learn more about how WebFOCUS provides predictive analytics capabilities.

    Conclusion:
    In conclusion, WebFOCUS offers a comprehensive suite of features and best practices that enable users to gain instant insights from data. From interactive data exploration and self-service analytics to real-time data integration, predictive analytics, and natural language processing, WebFOCUS empowers users to uncover valuable insights quickly and efficiently. By leveraging these capabilities, organizations can accelerate decision-making, drive innovation, and gain a competitive edge in today's data-driven world.
  • After Oracle announced that their Java release wouldn’t be free anymore for production environments, several customers wanted to get rid of it and started using OpenJDK packages instead. ibi already moved on the same path and we started using OpenJDK in our products a few releases ago (even we went back to Oracle in the latest versions).
    This documentation will try to help you moving from Oracle to OpenJDK.
    In my case, I’m going to use Adoptium as my Java OpenSource JDK. So, to use the 11 release, I had to install Temurin: https://adoptium.net/temurin/archive/?version=11
    Once installed, there are a few steps that need to be performed to make WebFOCUS work with this new JDK.
    As WebFOCUS installs by default its own Java (depending on the platform), the easiest way (in my opinion) is, with the services stopped, no matter if Linux/UNIX or Windows, to rename the folders where they are located, for example C:\ibi\tomcat\jdk and C:\ibi\WebFOCUS93\jdk
    That way the product won’t be able to find this Oracle Java release, but it’ll also fail to start services or make calls. 
    To fix that, I recommend to create soft links to point to the desired Java release and keeping the files for the product untouched, for example, if I have my Adoptium Java installed on 
    C:\Java\Adoptium → Inside I’ve the C:\Java\Adoptium\jdk11
     
    On Linux it’s as follows:
    /usr/etc/adoptium → And inside the jdk11: /usr/etc/adoptium/jdk11
     
    So for Windows, I use the mklink command:
    mklink /D C:\ibi\tomcat\jdk C:\Java\Adoptium\jdk11
    mklink /D C:\ibi\WebFOCUS93\jdk C:\Java\Adoptium\jdk11
     
    On Linux/UNIX:
    ln -s /usr/etc/adoptium/jdk11 /opt/ibi/tomcat/jdk
    ln -s /usr/etc/adoptium/jdk11 /opt/ibi/WebFOCUS93/jdk
     
    That’ll fix some part of the issues you can find when migrating to OpenJDK, most of them if you already have the product installed and based on the Oracle Java release, so let’s go for the next ones…
    In case that you use Derby as Repository, it also has it’s own jdk inside, so you’ll need to repeat the process for the softlinks there as well: C:\ibi\derby\jdk.
     
    ENVIRONMENT VARIABLES
    You’ll need to replace the JAVA_HOME, JDK_HOME and JRE_HOME (if needed) to point to hte new ones
    I created an ADOPTIUM_HOME environment variable on my Windows box, so I just have to replace the rest of them pointing to that one.
    This is what I had before:
    JAVA_HOME=C:\Java\Oracle\jdk11
    JDK_HOME=%JAVA_HOME%
    JRE_HOME=%JAVA_HOME%\jre 
    And now I have it as follows:
    ADOPTIUM_HOME=C:\Java\Adoptium\jdk11
    JAVA_HOME=%ADOPTIUM_HOME%
    JDK_HOME=%JAVA_HOME%
    JRE_HOME=%JAVA_HOME%\jre
    If using command lines Windows uses ‘set’:
    set ADOPTIUM_HOME=C:\Java\Adoptium\jdk11
    set JAVA_HOME=%ADOPTIUM_HOME%
    After that, you can just type ‘set’ on a command prompt and you’ll see if your changes are in place.
    This way, I just need to switch the JAVA_HOME back to the Oracle one in case I want to revert my changes.
    On Linux it’s quite similar, you must replace the old values for the new ones 
    set ADOPTIUM_HOME=/usr/etc/adoptium/jdk11
    set JAVA_HOME=$ADOPTIUM_HOME
    (notice that in Linux, instead of use %variablevalue% it is just $variablevalue)
    Type ‘env’ on a command prompt to see if the changes have been made.
    WebFOCUS
    For the Reporting Server side, there’s not too much to do, as it picks the values from the environment variables, so just check that your JAVA service (JSCOM) is using the OpenJDK one and that should be all. 
    For the WebFOCUS Client, as it picks Java from Tomcat, there’s nothing much to do there either. In Windows, you can change the default JVM being used on Tomcat’s Configuration Utility, but if you’ve correctly created the soft links, you don’t need to change it:
     

     
    The same happens with WebFOCUS ReportCaster, WebFOCUS Search (Solr) and Derby. If the soft links are correctly configured, nothing else needs to be done.

    We’ll have a separate chapter for AppStudio in a few.
    Just in case you want to keep (in Windows) one service to be used with Oracle Java (or different OpenJDK releases), and another with your new OpenJDK, you can follow these steps… 
    For ReportCaster, copy and rename the ‘service.bat’ file under C:\ibi\WebFOCUS93\ReportCaster\bin, with a different name, like ‘service_openjdk.bat’ and edit it.
    Modify some entries there to point to your desired OpenJDK environment variables:

     
    Notice that I’ve replaced the JAVA_HOME that already pointed to the soft link I created just for this documentation, that C:\ibi\WebFOCUS93\jdk can be the Oracle Java one and ReportCaster can use the Adoptium one doing these changes.
    I’ve also modified the name which the service will use to be created:

     
    And with these changes, you can now run it passing as parameters the ‘install’ option and some extra text that will be added to differentiate:
    service_openjdk.bat install RCAdoptium 
    Now you have a new service that will use the OpenJDK to start ReportCaster:

     
    If you have issues starting this service, check the properties of the service and make sure that at the Log On tab you have the Local System Account checked:
     

     
    You can do the same for Solr by editing the file ibi_solr_service_cfg.ps1 under C:\ibi\WebFOCUS93\Solr
     

     
    Remember that you just can have one of each service up and running, as both will use the same configuration files, hence they’ll be using the same ports.
     
    WebFOCUS AppStudio 
    For the WebFOCUS AppStudio, things are a little bit different, if you already have it installed, you just need to follow the ‘rename and create soft link’ tasks as we did for the WebFOCUS93 folder but under C:\ibi\AppStudio93\jdk, and that should be all.
     
    But… if you don’t have it installed and you don’t want to use Oracle Java at all you have two options. The AppStudio installer first uncompresses the installation, which contains Oracle Java, and uses that one for the installation. If you don’t want to use it at all (even if you don’t have it installed on your server, the installer will use the one that comes with it), here are the options:
    Option 1: Through the command line export this variable:
    set JAVA_TOOL_OPTIONS=”-Dos.name=Windows 7” 
    This will enable the compatibility mode for the CMD installer
    o    Execute the installation with the following command: IBI_wf-as_9.3.0_win_x86_64.exe LAX_VM “C:\Java\Adoptium\jdk11\bin\java.exe”
    o    Once installed, repeat the process for creating the soft link under C:\ibi\AppStudio93\jdk pointing to your OpenJDK Option 2: Uncompress the IBI_wf-as_9.3.0_win_x86_64.exe for example under C:\Temp\IBI_wf-as_9.3.0_win_x86_64 Replace the C:\Temp\IBI_wf-as_9.3.0_win_x86_64Windows_Pure_64_Bit\resource\jre with the one that comes with your OpenJDK (C:\Java\Adoptium\jdk11\jre) Install the product using the following commands:
    SET JAVA_TOOL_OPTIONS="-Dos.name=Windows 7"
    C:\Temp\IBI_wf-as_9.3.0_win_x86_64\Windows_Pure_64_Bit\installWebFOCUS930.exe LAX_VM "C:\Temp\IBI_wf-as_9.3.0_win_x86_64\Windows_Pure_64_Bit\resource\jre\bin\java.exe  
    Wait for the product to finish the installation and that’ll be all.
    Happy OpenSource executions!
  • We’ve recently seen an increase in cyberattacks on enterprises around the world. And as everybody knows, the weakest point in our companies is… US. Humans are the weakest entry point and the one that most hackers will use to access our company assessments.
    Because of that, several of our customers have recently asked how they can enable MFA (Multi-Factor Authentication) on their WebFOCUS installations.
    Adding this extra layer of security will require our users to interact with a device, so even if they don’t have a strong password, this method won’t allow them to provide or ‘write it on a post-it attached to the monitor’. That way, even if the hacker can get our password and account, they’ll need to have physical access to our device.
     
    OAuth MFA
    For this sample I’ll be using Google as the OAuth provider, you can start configuring it following the instructions on: https://developers.google.com/identity/openid-connect/openid-connect, but you can use your own OAuth IdP.
    I’ve used the FQDN of my computer on the information there: 
     

    The Authorized redirect URIs must match the one that you use to access WebFOCUS from your browser, but you’ll also need to add the jsp that will validate the token that will be returned from your Identity Provider:
                https://fqdn:port/ibi_apps/service/wf_openidconnect_security_check.jsp
    Replace fqdn with the fully qualified domain name of your box and port for your application server port number where WebFOCUS is deployed.
    This part is the important one, as there’s not too much to configure on the WebFOCUS side apart from that. 
    In my case, my OAuth consent screen doesn’t have any additional scopes configured apart from the email one, so I’m not limiting the scopes that I receive from Google:
     

     
    My WebFOCUS Security configuration just has the default content for Google (you can change those URLs for the ones of your IdP), and you’ll need to add the ClientID and ClientSecret there. I also changed the Attribute Name for User ID to match Google’s scope, and left the Optional one as ‘email’ as well:
     

     
    Saving changes and restarting the Application Server is the last thing you need to do, once restarted, you should be able to use SSO against OAuth.
     

     
     
    Once done, you should be able to connect to WebFOCUS using your Google account, and if you have configured the 2nd MFA method there, you are already done, but if not, just access your Google account to manage your profile and enable it (https://myaccount.google.com/u/1/security): 
     


     
    Here you can see it in action:
     
     
    Another method for MFA you can use is SAML instead of OAuth.
    At this case, I’ve been requested twice for the MFA, because the account that I use to login into SAML is my Google one, so I’m being prompted first to access my google account, and secondly in SAML.
    Your IdP should have an option under the security configuration to enable MFA, I’m using OKTA, and there I’ve enabled the Okta Verify (Application for your Mobile devices) and also the Google Authenticator one:
     


     

     
    Here’s a short screen-recording of how it works:
    Happy & Secure connections!
    Pablo Alvarez
     
  • This article will help you to deploy the WebFOCUS Container Edition using shipped images onto the single node cluster created using Openshift on Linux or Mac.
    Please note that WFCE deployment on Openshift cluster on Mac is NOT certified and recommended for production usage.
    Pre-requisite: To deploy the WebFOCUS Container Edition onto the cluster you will need software/tools - Helm, Helmfile, and Docker.
    Let's get started...
     
    Deployment Steps
              1. Download Openshift local installer from:
                  https://console.redhat.com/openshift/create/local

              2. Install openshift local installer -  crc-linux-amd64.tar.xz (linux) / crc-macos-installer.pkg (mac)
              3. Setup openshift cluster using terminal
    crc setup  
              4.  Update openshift cluster configuration to allocate more cpu, memory and diskspace
    crc config set memory 16000 crc config set cpus 6 crc config set disk-size 80  
              5. Once completed start cluster instance (this might take 10-15 mins)
    crc start Provide pull secret (one time activity copy from https://console.redhat.com/openshift/create/local)
    Once created user should get below details:

     
             6. Update docker configuration to allow push images to insecure openshift local registry
    For Linux:
    vi ~/etc/docker/daemon.json Add below entry
    {     "insecure-registries" : [ "default-route-openshift-image-registry.apps-crc.testing:443" ] } And then restart docker (for linux)
    sudo systemctl daemon-reload sudo systemctl restart docker  
    For Mac:
    Update settings using docker desktop and restart

     
             7. Login to Openshift cluster as a developer user
    eval $(crc oc-env) oc login -u developer https://api.crc.testing:6443  
             8. Create new openshift project
    oc new-project webfocus  
             9. Download IBI_wfce_images_1.3.0.tar and IBI_wfce_1.3.0.tar from eDelivery
    Load docker images
    docker load -i IBI_wfce_images_1.3.0.tar Once completed verify using
    docker images Should show below list

     
             10. Tag and Push images to crc registry 
    docker login -u `oc whoami` -p `oc whoami --show-token` default-route-openshift-image-registry.apps-crc.testing:443 docker image tag ibi2020/webfocus:wfs-9.3-1.3.0 default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfs-9.3-1.3.0 docker image push default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfs-9.3-1.3.0 docker image tag ibi2020/webfocus:wfs-etc-9.3-1.3.0  default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfs-etc-9.3-1.3.0 docker image push default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfs-etc-9.3-1.3.0 docker image tag ibi2020/webfocus:wfc-9.3-1.3.0  default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfc-9.3-1.3.0 docker image push default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:wfc-9.3-1.3.0 docker image tag ibi2020/webfocus:cm-9.3-1.3.0   default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:cm-9.3-1.3.0   docker image push default-route-openshift-image-registry.apps-crc.testing:443/webfocus/repo:cm-9.3-1.3.0  
    Verify once completed using below command:
    oc get imagestreams repo -n webfocus  -o jsonpath='{range .status.tags[*]}{.tag}{"\n"}' Expected output is

     
             11. Untar IBI_wfce_1.3.0.tar
    tar -xvf IBI_wfce_1.3.0.tar Above command will extract the IBI_wfce_1.3.0 directory for all the scripts, Helmfile, env, etc files required by WebFOCUS CE.
     
             12. Deploy infra
    cd IBI_wfce_1.3.0/scripts/helmfile/infra source ../export-defaults.sh helmfile --state-values-file=../environments/oc-default.yaml.gotmpl sync Verify infra pods are up and running using command
    oc get pods -n webfocus Expected output as follows:

     
             13. Remove imagePullSecret (optional step - only needed if internal registry is used)
                   edit scripts/helmfile/environments/dev-wf.integ.yaml.gotmpl and remove all instances of
    imageInfo: imagePullSecrets: - name: ibi-docker-hub Once removed file would look like:
    appserver: # imagePullSecrets: # - name: ibi-docker-hub autoscaling: enabled: true #edaetc: # imagePullSecrets: # - name: ibi-docker-hub edaserver: # imagePullSecrets: # - name: ibi-docker-hub service: type: NodePort #sessionAffinity: ClientIP autoscaling: enabled: true clm: # imagePullSecrets: # - name: ibi-docker-hub service: annotations: {} type: NodePort autoscaling: enabled: false cachemanager: # imagePullSecrets: # - name: ibi-docker-hub service: type: NodePort autoscaling: enabled: true #etcd: # image: # pullSecrets: # name: ibi-docker-hub swego: enabled: true storage: accessMode: ReadWriteOnce global: # imageInfo: # imagePullSecrets: # - name: ibi-docker-hub prometheusAdapter: metricsServer: false prometheus: server: service: type: NodePort  
             14. Update Customer id and EUA in below file
                   IBI_wfce_1.3.0/scripts/helmfile/environments/wf.integ.yaml.gotmpl

    Also, update license key in IBI_wfce_1.3.0/scripts/license/license.txt
    Note: For customer id and license key contact Admin or ibi Support team.
             15. Deploy WebFOCUS
    Execute below command from directory: IBI_wfce_1.3.0/scripts/helmfile
    helmfile -e dev --state-values-file=environments/oc-default.yaml.gotmpl --state-values-set global.imageInfo.image.repository=default-route-openshift-image-registry.apps-crc.testing/webfocus/repo sync  
    Verify using pod status
    oc get pods -n webfocus You can expect output like one below

     
             16. Create Route to access apperver
    oc expose svc appserver View route:
    oc get route -n webfocus
     
    Now, access WebFOCUS
    http://appserver-webfocus.apps-crc.testing/webfocus/
    Credentials: secret/terces
     
    Troubleshooting
             1. Appserver goes in CrashLoopBackOff ?
    Appserver might not have enough resources so assign more resources. Also, try increasing initialDelaySeconds for livenessProbe and readinessProbe.
    oc edit sts appserver -n webfocus Example:

             
             2. 500 Gateway Timeout error
    Increase the timeout on the Openshift route to 2 minutes
    https://docs.openshift.com/container-platform/3.11/install_config/configuring_routing.html
    oc annotate route appserver --overwrite haproxy.router.openshift.io/timeout=120s  
    Thank you for your interest in WebFOCUS CE and we hope this documentation proves useful to you! 
    For any further assistance feel free to contact ibi Support team.
  • The aim of this article is to explain what Global Name property is and how to configure it. 
    In the context of WebFOCUS, where maximizing efficiency and maintaining consistency are top priorities, the Global Name property shines as a vital tool for synchronization. This feature fundamentally alters the way filter control values are handled across multiple pages. 
    Understanding the Global Name Property
    At its core, the Global Name property serves as the linchpin in the synchronization process, nestled within the Settings tab of the Properties panel for a filter control. When activated, this property facilitates the synchronization of filter selections across multiple pages within the same browsing session, offering a significant advantage for Portal creation.
    Use Cases for Global Name Property
    Executive Dashboards: In a professional setting, executives often rely on comprehensive dashboards to monitor key performance indicators (KPIs) and objectives and key results (OKRs). By utilizing the Global Name property, content consumers can seamlessly switch between different views of the dashboard while maintaining consistency in filter selections, enabling quicker decision-making and analysis.
    Sales Performance Analysis: Sales teams benefit greatly from analyzing performance data across various dimensions such as region, product, and time period. With the Global Name property, the Leadership team can configure interactive reports that allow sales representatives to drill down into specific data subsets without losing sight of the broader context, enhancing their ability to identify trends and opportunities.
    Customer Segmentation: Marketing professionals leverage customer segmentation to tailor campaigns and promotions to specific demographics or purchasing behaviors. By employing the Global Name property, marketers can create dynamic reports/charts that adapt to changing segmentation criteria, ensuring that insights remain relevant

    Configuring the Global Name Filter Control Property: A Step-by-Step Guide
    Prepare Your Content: Begin by creating the charts or reports you desire using WebFOCUS Designer, ensuring consistency by using the same master file across all content.
    Launch WebFOCUS Designer in Assemble mode: Access the Hub and click on the “+” icon, selecting “Assemble Visualizations” to launch WebFOCUS Designer in assemble mode.
    Add Content to First Page: From the left navigation panel, navigate to the desired workspace within the “Content” tab and select the content you wish to add to the first page.
    Add Filters: From the left navigation panel, move to the “Filters” tab to add desired filters. You can either add all filters at once or selectively add them by right-clicking on each filter.
    Set Global Name Property: Choose the filter for which you wish to set the Global Name property. Within the Properties panel, under General Settings, locate the Global Name field and enter your desired name. This name will serve as the identifier for synchronization across pages. Save and Repeat: Save the page and repeat the process to create additional pages as needed, ensuring consistency in content and filter selection. Test Synchronization: Run the first page and update the filter value. Then, navigate to the second page, run it and observe how the filter control displays the updated value automatically. This bidirectional synchronization ensures that changes made on one page reflect instantaneously across all linked pages.

    The Global Name property in WebFOCUS is not merely a feature; it's a catalyst for efficiency and cohesion in your analytics endeavors. By following this step-by-step guide and exploring various use cases, you can harness its power to seamlessly synchronize filter selections across multiple pages, empowering you to navigate your analytics portal with unparalleled ease and precision.
     
    video1152876214.mp4
  • What is ibi Data Intelligence?
    Our platform is a unified data management solution that offers a comprehensive suite of tools for data integration, application integration and data quality improvement, empowering businesses to unlock the full potential of their data.
    What can I accomplish with ibi Data Intelligence?
    We understand that successfully leveraging data requires the collaboration between both the business and technology (IT) teams within organizations. The platform provides those teams with key features and capabilities, such as:
    Data Integration: Seamlessly connect disparate data sources, facilitate data movement, transformation and consolidation for a unified view. Application Integration: Facilitate communication between different applications to orchestrate, automate & streamline information exchange. Data Quality Improvement: Implement robust data quality checks & transformations to verify, cleanse & enrich your data to ensure high accuracy and reliability.
    These capabilities allow organizations the needed functions to solve their various use cases, regardless of industry, including:
    Enterprise Data Integration:  Large enterprises managing diverse data environments need to unify data from multiple sources for comprehensive business intelligence. Application Data Exchange: Organizations with multiple interdependent software applications need to ensure real-time data consistency across business applications. Data Quality Management: Businesses prioritizing data accuracy for compliance and reporting need to implement data cleansing & validation to ensure data integrity. How can I get started with ibi Data Intelligence?
    We recommend reaching out to your ibi account team and connecting with an Account Technology Strategist to review your use case and develop a solution strategy fit for your organization.
  • Just when you think you’ve achieved something great, maybe even perfect, the world sometimes throws you a curve. Like many other things today, design processes and product strategies seem to be in a continuous state of evolution. While methodologies and core design principles hold strong, desired outcomes and the definitions of success somehow seem to change.
    A year ago I collaborated with Angie Hildack, ibi PM Lead, on an article titled “Welcome to the new WebFOCUS!” where we set the stage for the great things we had planned for the product. As I look back at the experience vision we described in that article and consider the progress we’ve made since then, I feel we are indeed delivering on that promise. Although it has not been without challenges and complexities we’ve needed to overcome. It’s become clear that attempting to solve some of the experience challenges we set out to address ended up introducing new challenges that also had to be met with careful consideration. There are times where solving one problem causes another, and then another, and another, etc. It’s a cycle of design exploration and iteration that is not new in the world of product design, but it is unique and challenging each time it occurs. The goals and the endpoint you strive for sometimes end up being quite different when you actually get there. In life, the destination is often relatively unknown and is entirely dependent on the journey itself. And more times than not, the old saying is absolutely true. It’s the journey that matters, not the destination. Of course in the world of product design, the destination absolutely matters. But the journey is every bit as rewarding if you look at it the right way.
    So how do we ensure the journey leads to the right destination? It’s important to periodically revisit the process, the goals, and the expected outcomes… and make adjustments accordingly as trends, audiences and needs change. With the increasing importance of designing for all user types, this heightened level of user awareness has naturally impacted the way we think and feel and design, which in turn, has altered our concept of the product design lifecycle. We plan longer release cycles with phases of incremental exploration, validation, and updates which allow more flexibility for course correction and problem solving. This provides us the best opportunity to evolve our design strategy as it unfolds while still keeping the destination, wherever and whatever it may be, in sight. 
    With WebFOCUS and the Hub in particular, we’ve spent the last few years heavily focused on reaching new audiences and leveraging modern technologies. We aim to draw greater performance and outcomes from data and provide improved reporting, visualization and collaboration capabilities for better real-time decision making. This of course is critical to our long-term strategy for growth and continued success. As for the journey… we continue to toe the line between old and new ways of working, traditional and modern ways of thinking, manual and automated workflows, back-end code and front end UI, etc. We’re working hard to connect the past with the future to ensure they complement each other with relative harmony. Can WebFOCUS be everything to everybody? Time will tell. We haven’t reached the destination yet so it’s hard to say with certainty. But we hope to come as close to this as we can. This is the journey we are on… and it is not ours alone. Through ongoing partnerships and collaboration with our customers, we travel this road together as we imagine, and re-imagine, the future of WebFOCUS. Together we will see the forest for the trees.
    We’ve come a long way this past year and continue to add key features of great value as planned. But it’s entirely possible the concept of a final destination may simply not exist. Even so, we’ll continue on this course and we’re glad to be sharing this journey with you. And as the saying goes, “a journey of a thousand miles begins with a single step”. This is very true. This past year was a great first step to realizing our vision and we’re excited about the possibilities in store for the future.
     
  • This article intends to cover what you need to secure your search in Solr and how it's connected to WebFOCUS.
    Sometimes, some of our sensitive data is stored in the WebFOCUS Repository or at the WebFOCUS Reporting Server Application folders (hold files that are not stored temporarily, for example) and Solr allows you to find almost everything under WebFOCUS, so when performing a search, the connection between Solr and WebFOCUS is not encrypted by default and uses HTTP protocol. With this article, we want to enhance your security by adding an extra SSL layer to the communications between Solr and WebFOCUS, enabling SSL in Solr and WebFOCUS, and making available the connection between them. You'll find a troubleshooting section and a tips section at the end. I do recommend to read the entire article, and, of course, if you have any doubts or comments about it, we're here to help!
    To enable SOLR to work under a secure connection, you’ll need to have a valid certificate with a fully qualified domain name to be used (FQDN), we’ll follow all the steps to create one on your own and use it to secure and encrypt your connection between our WebFOCUS Client and the SOLR service.

    Even if I used this under Windows, the same steps apply to Linux, also, I used the WSL (Windows Subsystem for Linux) on my box to perform some of the steps, but that’s not necessary if you have the required components or you’ve been already provided with a valid certificate, so you don’t need to generate a new one.

    The very first step was to create the certificate and the key for my machine. Here’s where I used the WSL (CentOS) to use the OpenSSL commands. But if you don’t want to install WSL, the easiest way to get OpenSSL on your Windows box is by installing Git for Windows and running the Git Bash utility that comes with it (it’ll open a command prompt window in which you can execute Linux commands) or PowerShell for Windows.

     
    If you have WSL, you may need to install the OpenSSL package, so you’ll need to follow your distribution updater package to get it.
    sudo apt install openssl
    Or
    sudo yum install openssl
    Note: You may want to upgrade your repositories and packages before installing it (sudo apt update && sudo apt upgrade / sudo yum update && sudo yum upgrade). Once the package is installed, you can run the OpenSSL command that will generate the key file and the certificate file we will use later
    To get the FQDN:
    $myFQDN = (Get-WmiObject Win32_ComputerSystem).DNSHostName + "." + (Get-WmiObject Win32_ComputerSystem).Domain
    >> Write-Host $myFQDN

    And to generate the key and certificate files:
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout keyfile.key -out certificatefile.crt -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=yourfqdn" -addext "subjectAltName=DNS
    :yourfqdn,DNS:*.tibco.com,IP:10.0.0.1"
    The output will be similar to these screenshots:
     
     
     
    You’ll need to change the values (highlighted in red) to match your company name, organization unit, country, etc… (not really needed so that you can use the ones in the sample). Still, the most important part is the Common Name (CN), which’s the one that needs to match the URL you’ll be using on your browser to access WebFOCUS, and it has to contain the FQDN.
    The key thing here is that Solr expects to have a valid domain to create a real secure connection between environments.
    Note: I’ve also added as DNS the entire tibco.com domain, that way, this will work even if I add my region, like: https://machinename.emea.tibco.com
    Now that we have created the key and the certificate, we need to store it under a keystore, so the next step is creating it based on them:
    openssl pkcs12 -export -in tibco-pc1t3xv0.crt -inkey tibco-pc1t3xv0.key -out tibco-pc1t3xv0.p12

    You’ll be prompted for a password, so don’t forget which one you’ve selected as it’ll be used later.
    Lastly, we need this recently created certificate to be “trusted” by our environment, in case you can’t certify it with a CA (Certificate Authority like VeriSign, IdenTrust, DigiCert, Let's Encrypt, GoDaddy, or similar) or already have a certified one by these authorities, which is the recommended for Production environments, and even more if they are publicly available.
    Your server has a JDK installed (requirement for WebFOCUS) so, in order to validate it ‘internally’ we’ll use the cacerts keystore that comes with the JDK installation. You can check it’s content by executing the following command from the command prompt:
    For Java11: keytool -v -list -cacerts
    For Java 8: keytool -v -list -keystore <path to cacerts>\cacertsfile.ext
    Note: Keytool is a tool also provided in the JDK, so it has to be in the PATH variable of the OS to be able to execute it anywhere, if you don’t have it there, you can use the entire path to it to make it work.
    You’ll be prompted for a password, and the default one is ‘changeit’ (without quotes). You’ll see a bunch of certificates scrolling on your screen (usually around ~99). So if you also want to review them, just send that output to a text file you can check later:
    Java11: keytool -v -list -cacerts > C:\Temp\cacerts_content.txt
    Java8: keytool -v -list -keystore <path to cacerts>\cacertsfile.ext > C:\Temp\cacerts_content.txt
    The cacerts file is usually stored under %JAVA_HOME%\lib\security (or $JAVA_HOME/lib/security in Unix/Linux environments), but depending on how you have your environment configured, you may be using the one that comes with WebFOCUS (C:\ibi\WebFOCUS93\jdk) or Tomcat (C:\ibi\tomcat\jdk), not adding the -keystore parameter we’re making sure that we are importing our certificate in the cacerts file that the OS is reading.
    The command to import our certificate into that cacert file is:
    keytool -import -alias {aliasname} -cacerts -file {certificatename.cer} 
    So you should be using something like:
    Java11: keytool -import -alias mylocalcert -cacerts -file tibco-pc1t3xv0.crt
    Java8:  keytool -import -alias WF8207SSL -keystore <path to cacerts>\cacerts -file <path to crt>\WF8207SSL.crt
    keytool -import -alias mylocalcert -cacerts -file tibco-pc1t3xv0.crt
    Again, you’ll be prompted for the cacerts password and it’ll also ask you if you trust the certificate you are importing (obviously, you trust it, as you are the one who has created it).

    Now our certificate is also trusted, and these files will now be used in our WebFOCUS installation. I recommend applying them to Tomcat first, so we’ll be able to access WebFOCUS using SSL, then apply it to Solr, and finally connect both.

    So, even if it’s not needed, as long as you want to secure the connection between the WebFOCUS Client and Solr, you’ll probably want to secure the WebFOCUS Client as well, so now that we have the certificate, the key, and the keystore, we should be able to make that happen.
    For Tomcat, is as simple as adding the following block to the server.xml file located under Tomcat’s ‘conf’ folder:
    <!-- IBI SSL Port -->
        <Connector port="8443"
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          maxThreads="150"
          maxPostSize="-1"
          URIEncoding="UTF-8"
          SSLEnabled="true"
          scheme="https"
          secure="true"
          keystoreFile = "C:\ibi\certs\tibco-pc1t3xv0.p12"
          keystoreType = "PKCS12"
          keystorePass = "keystorepasswd"
          ciphers="TLS_RSA_WITH_AES_128_CBC_SHA"
          clientAuth="false"
          sslProtocol="TLS"
          sslEnabledProtocols="TLSv1.2"/>
    <!-- IBI SSL Port END -->
    After that, you just need to restart Tomcat and you should be able to access via http (if you didn’t disable the 8080 port) and https.

     
    Note: If you still don’t get the ‘Certificate is valid’, just keep going, there’s an ‘Other Tips’ section at the end of the Article that may help you with this as well.
    If you don’t use the FQDN, you’ll see that the connection will appear as insecure (as the URL doesn’t match the certificate) even it’s using SSL:

     
    If you have any issues at any of the steps we’ve taken, don’t hesitate to write me at pablo.alvarez@cloud.com
    If you are using a different Application Server, you can also ping me or open a Support Ticket case.
    Do let me know if you want me to write another article about certificates by sending me an email requesting it 😉
    Now, we should focus on the Solr configuration. You have a ‘solr.in.*’ file (.sh for Unix/Linux, .cmd for Windows) under C:\ibi\WebFOCUS93\Solr\solr\bin (or ../ibi/WebFOCUS93/Solr/solr/bin if you are using a Linux/Unix environment), edit it and uncomment the following lines (and make sure the values matches the ones for your environment):
    set SOLR_SSL_ENABLED=true
    set SOLR_SSL_KEY_STORE=C:\ibi\certs\local\tibco-pc1t3xv0.p12
    set SOLR_SSL_KEY_STORE_PASSWORD=keystorepasswd
    set SOLR_SSL_TRUST_STORE=C:\ibi\certs\local\tibco-pc1t3xv0.p12
    set SOLR_SSL_TRUST_STORE_PASSWORD=keystorepasswd
    set SOLR_SSL_NEED_CLIENT_AUTH=false
    set SOLR_SSL_WANT_CLIENT_AUTH=false
    set SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
    set SOLR_SSL_CHECK_PEER_NAME=true
    set SOLR_SSL_KEY_STORE_TYPE=PKCS12
    set SOLR_SSL_TRUST_STORE_TYPE=PKCS12
    I also recommend uncommenting and changing the following line to get a more detailed log the first time to debug the issues you could face, and once it’s working properly, set it back to the default value (INFO) or even comment it out:
    set SOLR_LOG_LEVEL=INFO
    If all the previous steps were correctly performed, you should be able to restart the Solr service now and be able to access the Solr Dashboard via https: https://servername.company.ext:8983/solr
     

    The latest configuration part is to tell WebFOCUS that the connection between them is now being made using SSL, so you’ll need to access your WebFOCUS Client Administration Console Configuration and change the Solr Url to match the one you used to access the Dashboard:

    And that should be all, you are now connected in an even more secure way and performing secure searches within your data and WebFOCUS:

     
     
    TROUBLESHOOTING
    During the investigation on how to enable SSL (and make it work with WebFOCUS), -John Calappi (who was also an important part on this Technical Article and you can contact him as well 😜), and I found some issues. Even if we were able to start Solr with SSL, WebFOCUS wasn’t able to communicate with it and the message you receive is as follows:

     
    This is why I recommend you configure the DEBUG mode on Solr, to try to figure out why it’s not working.
    Our magnify_search.log files from WebFOCUS showed this messages:
    [2024-04-17 12:45:21,648] INFO  main - {} - SolrSearchClientFactory.init() initializing Solr client with: url: https://tibco-pc1t3xv0:8983/solr, username: , collection: ibi-protected
    [2024-04-17 12:45:21,650] INFO  main - {} - createSolrClient(): created SolrClient for url: https://tibco-pc1t3xv0:8983/solr
    [2024-04-17 12:45:21,672] ERROR main - {} - testClient(): error: IOException occurred when talking to server at: https://tibco-pc1t3xv0:8983/solr
    [2024-04-17 12:45:21,673] ERROR main - {} - createSolrClient(): Error testing Solr client
    [2024-04-17 12:45:21,673] ERROR main - {} - Error! Creating SolrClient
     
    Even the Solr service was started and we were able to access the Solr Dashboard using SSL.
    Checking the Solr logs in DEBUG mode showed us that the ‘handshake’ wasn’t being performed. The ‘handshake’ is when you try to communicate with the endpoint securely, but the endpoint doesn’t trust you and doesn’t perform the handshake.
     



     
    2024-04-08 12:38:40.340 WARN  (main) [   ] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@20b9d5d5[provider=null,keyStore=file:///C:/ibi/certs/local/mokochino_pkcs12.jks,trustStore=file:///C:/Program%20Files/Java/jdk-11/lib/security/cacerts]
    2024-04-08 12:38:42.993 DEBUG (qtp1489193907-23) [   ] o.e.j.i.s.SslConnection fill NOT_HANDSHAKING
    2024-04-08 12:38:43.401 DEBUG (qtp1489193907-27) [   ] o.e.j.i.s.SslConnection DecryptedEndPoint@569cafab{l=/10.98.96.15:8983,r=/10.98.96.15:60038,OPEN,fill=-,flush=-,to=414/120000} stored fill exception => javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    We got these messages when the certificate wasn’t added to the cacerts file, and also when the keystore we used didn’t have the .key attached to it, so it was considered a ‘public’ certificate (like having a low fence or an open padlock, both are secure methods, but used incorrectly, so not secure at all). In order to have a proper handshake between products, the keystore needs to have the required files to accept the connections.
    OTHER TIPS
    Make sure that you are adding your certificate to the proper cacerts file, sometimes, there are several Java JDK releases installed and each one has its own cacerts file. For example, when you install WebFOCUS, sometimes it also includes its own jdk (C:\ibi\WebFOCUS93\jdk) or even under Tomcat you can have another one (C:\ibi\tomcat\jdk), Linux/UNIX environments doesn’t usually have them, but Windows does. In that case, I usually delete those ones and use the mklink command to create symbolic links (similar to the Linux ones, not Windows shortcuts) just in case that there’s some hardcoded path pointing there. You could use it as follows:
    mklink /D {destination} {source}
    Sample:
    mklink /D C:\ibi\WebFOCUS93\jdk C:\Progra~1\Java\jdk11              
    It is also recommended to add your new certificate into your client OS, so any browser you use can also trust this one on their side. From your Windows OS, double-click on your .crt file (you can copy the file from the server or the content of it as it’s just a plain-text file) and you’ll see something like this:

    Click on the Install Certificate… and place it under the Trusted Root Certification Authorities:

    After finishing this process, you’ll see that certificate as valid:

    Another option to have SSL in your WebFOCUS Installation that Ben Naphtali also suggested is to put in front of our install a Load Balancer like NGINX and have that using SSL. That way, even if you don’t have SSL configured in WebFOCUS, you won’t be able to access it without going first to NGINX in a secure way (NGINX will manage and redirect the petitions to WebFOCUS and Solr). NGINX, Apache WebServer using the mod_proxy module or mod_jk, or any Load Balancer should work for this.
    As said before, let me know if you want me to write another Technical Article about how to properly install the Load Balancer in front of your WebFOCUS install to secure it, this will also allow you to have different WebFOCUS Clients to handle HighAvailability features in production environments.
    You could also enable SSL in the WebFOCUS Reporting Server Side, but that part is perfectly described in the Security & Administration Manual, so you just need to follow that one to make it work.
    Happy & Secure connections!
    Pablo Alvarez
  • As the world of business intelligence (BI) continues to evolve, companies are constantly seeking more efficient, insightful, and accessible ways to analyze data.  ibi WebFOCUS, a comprehensive BI platform, stands at the forefront of this transformation. Below, we explore the future trends in business intelligence and how ibi WebFOCUS is positioned to meet these emerging demands.
     
    1. Increased Demand for Real-time Data
    In today's fast-paced market environment, the need for real-time data analytics is more critical than ever. Businesses require immediate insights to make quick decisions. WebFOCUS caters to this need by providing instant analytics capabilities, allowing companies to monitor operations and market conditions as they happen, leading to more timely and informed decisions.
     
    2. The Rise of Artificial Intelligence and Machine Learning
    AI and machine learning are becoming integral to business intelligence. These technologies can predict trends, automate tasks, and offer new insights, transforming data into actionable intelligence. WebFOCUS integrates AI capabilities, enabling users to leverage predictive analytics and machine learning to drive business outcomes.
     
    3. Democratization of Data
    The democratization of data means making analytics accessible to non-experts, allowing more people within an organization to make data-driven decisions. WebFOCUS promotes this trend with user-friendly interfaces and customizable dashboards, making it easier for non-technical users to derive insights without deep statistical knowledge.

     
    How WebFOCUS Is Embracing These Trends
     
    IBI's WebFOCUS is a prominent player in the business intelligence domain, continuously evolving to integrate advanced features like Natural Language Querying (NLQ), Instant Insights, and Machine Learning functions. These capabilities position WebFOCUS as a forward-thinking solution in the BI landscape, enhancing user experience and analytical depth. Here's a closer look at how these features empower users and organizations.
    Natural Language Query (NLQ)
    Natural Language Querying is a revolutionary feature that allows users to interact with their data using everyday language. This accessibility significantly lowers the barrier to data analytics, enabling users from various organizational levels to engage with data directly, without needing specialized training in data querying languages such as SQL.
    Instant Insights
    In the age of big data, speed is crucial. Instant Insights is another innovative feature of WebFOCUS that caters to the need for rapid data analysis. This feature automatically generates visualizations based on the underlying data as soon as it is accessed, providing immediate visual insights. Users can quickly identify trends, outliers, and patterns without manually sifting through the data or building visualizations from scratch.
    Machine Learning Functions
    Machine Learning (ML) functions within WebFOCUS elevate its analytics capabilities by offering predictive analytics and pattern recognition that go beyond traditional data analysis techniques. These ML functions can automatically identify complex patterns and predict future trends based on historical data. For businesses, this means not only understanding current data but also forecasting future scenarios, optimizing processes, and personalizing customer interactions based on predictive models.
     
    The integration of NLQ, Instant Insights, and Machine Learning functions into WebFOCUS represents a significant leap towards more intuitive, efficient, and predictive business intelligence tools. As BI technology continues to evolve, WebFOCUS is clearly positioned at the forefront, ready to empower organizations with smarter, faster, and more accessible data insights.
     
  • How To 
    Customize Pages on Demand in WebFOCUS 9.x
    The aim of this document is to explain the process for changing the "Pages on Demand" design.
    If you want to get my sample design - please download the zip file attached
    New Design: 

    To change the design of the "Pages on Demand" functionality, the following steps are necessary - complete guide attached in PDF Format
     Step 1 - Replacing icons
     Previously files for customization where stored in following folder: drive:/ibi\WebFOCUSversion\ibi_html\viewer
    As of Release 9.0.0, the ibi WebFOCUS system file configuration no longer includes the ibi_html directory located at drive:\ibi\WebFOCUSversion\WebFOCUS, where version is the number of your installed version. If you store customized files in the ibi_html directory, you must backup them from this directory before installing or upgrading to WebFOCUS Release 9.0.0 or higher. If you do not take this precaution, you will lose customized files stored in the ibi_html directory.
    Solution in 9.x:
    All the entire \ibi_html folder structure has been moved to a .jar file, if you go to drive:\ibi\WebFOCUSversion\webapps\webfocus\WEB-INF\lib you will find a file called webfocus-ibi-html-version.jar, if you edit with winrar or 7zip and go to META-INF, resources you will find the old \ibi_html folder and you could add your custom files.
    For on-demand paging this would be following storage location
    drive:\ibi\WebFOCUSversion\webapps\webfocus\WEB-INF\lib\webfocus-ibi-html-version.jar\META-INF\resources\ibi_html\viewer\
    Make a backup of the existing jar file and save it into a new folder outside webapps\webfocus\WEB-INF\lib “drive:\ibi\backup”.
    The ibi_html change is part of a larger shift to replace standalone files in the WebFOCUS installation with packaged files.  This is being done to reduce the size of the install and for security reasons but it will require you to follow those steps
    Be aware that after upgrading this step would need to be repeated!
    To get you a sample design please check the files included with my documentation. Just copy and replace the files from the "On Demand Paging Custom Icons" folder to the following folder via 7zip or Winrar - drive:\ibi\WebFOCUSversion\webapps\webfocus\WEB-INF\lib\webfocus-ibi-html-version.jar\META-INF\resources\ibi_html\viewer\
    It is also possible to replace the gif files with your own selected icons.  But please use the same size for the new / changed icons.
     
    Step 2 - Customizing Templates
    The original files are stored in following folder drive:\ibi\WebFOCUSversion\client\home\etc\prod
    My sample will show you how to customize vcp_page.xml and vcp_page_1.xml - the main files that build the deferred execution screen.
    To get you a sample please check the files included with my documentation - to be found in “On Demand Paging xml Files”
    Please copy the files into following folder drive:\ibi\WebFOCUSversion\client\wfc\etc\custom
    Within the xml files, parts of the HTML / CSS code have been changed or blocks have been completely commented out, so that some functionalities (e.g. Close or Help) are not visible in "Pages on Demand" anymore.
    Feel free to make your own changes as needed
    Feel free to make your own code adjustments within the above-mentioned files.
     
    Step 3 - Restart
    ●       Stop your application server - for example Tomcat
    ●       Clear your App Server work directory - for example drive:\ibi\tomcat\work\Catalina
    ●       Clear your browser cache
    ●       Start your application server - for example Tomcat
     
    Customize Pages on Demand in WebFOCUS 9.x (1).pdf ondemandpaging_9x.zip
×
  • Create New...