Post date: Jun 24, 2020 1:56:22 AM
Support Status: NOT Supported for HOSTING / Supported for VPN
Integration Method: Customer Client with VPN
Hosted: NO
Additional Charge: Yes - IPSEC VPN
Product Description:
Insight Software's Intellicast Server provides web-based front ends for exposing Spreadsheet Server reports and data models.
Integration Method:
As an app that provides a web-based front-end to Spreadsheet Server, Intellicast requires a public, Internet-facing web server be set up to allow for inbound control requests from the Internet. The security ramifications of this architecture currently limits how Intellicast can be supported in Viewpoint's cloud; Intellicast must be hosted on the customer's own local servers/workstations, connected to Vista's database over an IPSEC VPN. This is commonly the way that our VRL Cloud customers experience third party, client-side integrations. For customers in our RDP Clouds (e.g. VEC and VFC), this is uncommon.
NOTE: If customer is using VRL, then all client-side applications remain hosted locally on the customers workstations anyway. If the customer is conversely using our RDP-based solutions (e.g. Viewpoint For Cloud (VFC) or RDP Published apps in VEC), then we normally host third party apps, like Microsoft Excel, Spreadsheet Server, etc. on our Terminal Servers directly. However, even for RDP customers, Intellicast may not be hosted in our environment due to security concerns.
Using Intellicast:
In this case, we need to treat the situation as if the customer has no RDP capabilities, as with VRL. In this situation, the customer would need to host Excel, Spreadsheet Server, and Intellicast locally on their local network environment, connected to Vista over an IPSEC VPN tunnel. Again, for Intellicast to be able to talk to the Vista database in this situation, a VPN will need to be set up between the customer's environment and the Viewpoint network. In addition, Spreadsheet Server and Excel will also need to be hosted on the local workstation. Once the SSL VPN is available, we will recommend that approach. However, until the SSL VPN is ready for customer use, an IPSEC VPN will need to be purchased and set up.
Steps:
Set up VPN: Instructions on IPSEC VPNs are located here: How do I set up an IPSEC VPN to access my Vista database directly?
Request Dedicated SQL Account(s): You will need to ask Viewpoint for one or more dedicated SQL accounts for this product. These will be SQL account(s), directly on Vista. Normal Viewpoint cloud accounts do not work as they use AD, and your client workstations are not joined to Viewpoint's domain. NOTE: you MUST grant your SQL service account(s) access to the appropriate data in Vista to generate your reports, using Vista security groups and roles, AS WELL AS SQL permissions. Your SQL account MUST also be attached to the Vista database and given db_read privileges.
NOTE: the permissions needed (e.g. tables and queries) to run reports often vary by customer. Please make certain you review the permissions of the account that is used to run Spreadsheet Server today, then copy those Vista permissions to the new SQL Service account(s) that are needed.
For example, if you have two users that access this product on-premise today, you'll need to create SQL accounts for these users to use with this product. Then copy their permissions to those new SQL accounts.
IMPORTANT: For security reasons you should use a separate SQL account for each end user that needs to run this product; each human running this solution should have their own, dedicated SQL account in Vista.
Set up ISS to talk to Vista: Update the settings for this product to point to the new location for Vista's database. If you have those, you can follow the instructions in the third party's help documentation to add a new ODBC connection to enable the product to speak to the new Vista server. If you have issues with those instructions, our friends at Insight Software can help you create the new connection. Here is a link with a high level description of what needs to happen: https://www.tutorialgateway.org/create-odbc-connection/
Open the Firewall Ports: Ensure that you have opened the following ports in your firewall for this product's ODBC connection to and from Vista:
TCP port 1433 inbound and outbound (this is the actual DB connection)
UDP Port 1434 inbound and outbound (this is the SQL Server Browser service)
Here are some detailed instructions on how to test that connection: I need to check my VPN to the Vista Database? How do I do that? Is there a firewall blocking me?
NOTE: Once this solution is configured to talk to Vista, you might need to also ensure that your common, shared reports location for its reports is moved. Many customers use the Vista server's "Viewpoint Repository" folder, or a mapped drive on the Vista database directly to share Spreadsheet Server and other reports with staff members. This method will NOT work when connecting to Vista over a VPN. The reason being is that no mapped drives are available over a VPN and direct access to the Viewpoint repository is not possible. Instead, we highly recommend that you set up a separate shared folder to use as the main storage location for reports. This shared reports folder can be an on-premise Windows file share, or even better, a common, synchronized folder using a cloud synchronization service installed on your local workstations (e.g. Box, Dropbox, OneDrive, or NextCloud).
tl;dr: Customers who need to integrate Intellicast with Vista need to use an SSL (forthcoming) or IPSEC VPN and have Intellicast, Spreadsheet Server, and Excel installed locally. You will need to move the shared reports for Spreadsheet Server, et al to another, still accessible location, and off of the Vista server. When connecting with a VPN like this, dedicated SQL account(s) will need to be made for each user who needs to use Spreadsheet Server and Intellicast. Firewall ports will also need to be opened (UDP port 1434 and TCP port 1433).