Author: Eric Vasbinder
Support Status: SUPPORTED
Integration Method (RDP Customers - e.g. VFC and VEC RDP Published Apps): Hosted Client
Integration Method (VRL Customers): Customer Client with IPSEC VPN
Hosted: YES (RDP Connection) / NO (VPN Connection)
Additional Charge: YES (RDP Connection) Hosted Application Management Fee / NO (TLS Database Endpoint (TLS VPN) or YES (IPSEC VPN)
IMPORTANT
Hosting of this solution in the Trimble Viewpoint One cloud is ONLY allowed for customers using our legacy Viewpoint For Cloud (VFC) or Viewpoint Enterprise Cloud (VEC) RDP solutions. Our more modern, VRL-based clouds (e.g. Viewpoint One or Trimble Construction One) require that this solution be physically hosted outside of our cloud, connected over a VPN.
Microsoft's SQL Server Reporting Services (SSRS) Report Builder (SSRS-RB) allows for system administrators, report writers, and others to quickly and easily create SSRS dashboards and reports that speak with an SSRS instance.
As a client-side app, SQL Server Reporting Services (SSRS) Report Builder can either be hosted with Viewpoint on our terminal servers or hosted on the customer's own local workstations. Which method is used depends on which cloud version the customer is using. If the customer is using a modern, Vista Remote Link (VRL) cloud to connect to Vista, then all client-side applications remain hosted locally on the customer's workstations. If the customer is conversely using our legacy RDP-based solutions (e.g. Viewpoint For Cloud (VFC) or RDP Published apps in VEC), then we need to host this solution on our terminal servers.
PLEASE NOTE: There are special considerations when it comes to THIRD-PARTY CONSULTANTS who do not have access to customer corporate networks. Please see section "C" below for more details.
In this case, Viewpoint hosts and then publishes this application as a published / remote app for each end user who needs SSMS access. Note that a modest hosted application management fee is required in order to cover the management costs of third party application management by our cloud team.
RDP (Hosted) Steps:
1. (CUSTOMER) Set Up Dedicated SQL Account(s): The customer will need to create one or more dedicated SQL accounts for this integration. One of your admin users with access to VA User Profile form will use the Vista application itself to create this account. Vista will create the appropriate SQL account if you follow the subsequent instructions. Normal Viewpoint cloud accounts do not work as they use AD, and your client workstations are not joined to Viewpoint's domain.
a. Here is a link to the instructions on how to set up a SQL account in Vista: I need a dedicated SQL account for my integration to Vista in your cloud. How do I set that up?
b. NOTE: You MUST grant your SQL service account(s) access to the appropriate data in Vista as necessary. For access for this integration, you may need to place a support ticket with Viewpoint to ensure that this new account is granted enough privileges. NOTE: In some cases, DBO privileges may be necessary, but are tightly controlled. Please discuss your needs with Viewpoint.
c. For example, if you have two users that access this tool on-premise today, you'll need to create SQL accounts for these users to use with it in our cloud. Then copy their permissions to those new SQL accounts.
d. IMPORTANT: For security reasons you should use a separate SQL account for each end user and application that needs to have one; each human running this tool should have their own, dedicated SQL account in the Vista Database.
(1) For example, user "Joe Malone" who needs to have access to Vista for this integration would have an account created in the form "jmalone.ssrsrb.svc".
e. IMPORTANT: Please ensure that this account also has access to SSRS as needed for this integration. Please contact Viewpoint Cloud Support for additional assistance if necessary.
2. (CUSTOMER) Request Publication of this app: The customer will create a Viewpoint Cloud Support ticket, requesting that the app in question be published for each user who needs it.
3. (CUSTOMER and VIEWPOINT) Set Up Solution to Talk to Vista in the Cloud: Update the settings for this integration to point to the new IP address for Vista's database in our cloud and use the new credentials created in the previous step 1.
a. If you have those, you can follow the instructions in the third party's help documentation to add a new database connection to enable the product to speak to the new Vista server.
b. NOTE that a new DataSource Name (DSN) may be needed, as built-in DSNs should not be used for custom SSRS reports. Please create the new DSN and coordinate with our support team to ensure it is stood up as needed.
4. OPTIONAL FOR THIRD PARTY ACCESS - (CUSTOMER CLOUD ADMIN) Create an account for your third-party: This would be used by your consultant to access your environment in the Viewpoint cloud. Please go to your cloud management portal to create this access.
In this case, the customer has no RDP capabilities, as with VRL, those are not needed; all client-side apps are run locally, on the customers own local workstations. In this case, this integration would be installed on each local client workstation that needs to use it. Of course, for this solution to be able to talk to the Vista database in this situation, a VPN will need to be set up between the customer's environment and the Viewpoint network.
CRITICAL: Due to the design of SSRS Report Builder, our new TLS Database Endpoint (TLS VPN) is not suitable for use with SSRS-RB. As such, you will need to use an IPSEC VPN if you wish to use SSRS-RB.
VRL (VPN-CONNECTED) Steps:
1. (CUSTOMER IT) Set up VPN:
a. Instructions on IPSEC VPNs are located here: How do I set up an IPSEC VPN to access my Vista database directly?
b. Test the VPN: https://sites.google.com/trimble.com/vista-cloud-faq/home/integration-technology/test-vpn-sql-port-vista-database
2. (CUSTOMER) Set Up Dedicated SQL Account(s): The customer will need to create one or more dedicated SQL accounts for this integration. One of your admin users with access to VA User Profile form will use the Vista application itself to create this account. Vista will create the appropriate SQL account if you follow the subsequent instructions. Normal Viewpoint cloud accounts do not work as they use AD, and your client workstations are not joined to Viewpoint's domain.
a. Here is a link to the instructions on how to set up a SQL account in Vista: I need a dedicated SQL account for my integration to Vista in your cloud. How do I set that up?
b. NOTE: You MUST grant your SQL service account(s) access to the appropriate data in Vista as necessary. For access for this integration, you may need to place a support ticket with Viewpoint to ensure that this new account is granted enough privileges. NOTE: In some cases, DBO privileges may be necessary, but are tightly controlled. Please discuss your needs with Viewpoint.
c. For example, if you have two users that access this tool on-premise today, you'll need to create SQL accounts for these users to use with it in our cloud. Then copy their permissions to those new SQL accounts.
d. IMPORTANT: For security reasons you should use a separate SQL account for each end user and application that needs to have one; each human running this tool should have their own, dedicated SQL account in the Vista Database.
e. IMPORTANT: Please ensure that this account also has access to SSRS as needed for this integration. Please contact Viewpoint Cloud Support for additional assistance if necessary.
3. (CUSTOMER) Set Up Solution to Talk to Vista in the Cloud: Update the settings for this integration to point to the new IP address for Vista's database in our cloud and use the new credentials created in the previous step 2.
a. If you have those, you can follow the instructions in the third party's help documentation to add a new database connection to enable the product to speak to the new Vista server.
4. Open the Firewall Ports: Ensure that you have opened the following ports in your firewall for the direct connection to and from Vista:
a. TCP port 1433 inbound and outbound (this is the actual DB connection)
b. UDP Port 1434 inbound and outbound (this is the SQL Server Browser service)
5. (CUSTOMER) Set up Custom DataSource Name (DSN): As built-in DSNs should not be used for custom SSRS reports, please coordinate with our support team to set up a custom DSN for your environment if needed.
In order for the IPSEC VPN method, Section "B", to work with third-party consultants, those third party consultants will need to either have direct access to the customer's corporate network OR have set up a consultant-managed cloud environment which may be connected to customer environments over IPSEC VPN connections. Here is a Vista Cloud FAQ article that will provide more details on this topic: Cloud Access for Third Party Consultants
It is important to note that, if IPSEC VPNs are not possible from the consultant's managed cloud environment to the customer's Trimble Viewpoint Cloud environment, then a limited exception may be possible to use SSRS-RB in our Azure Virtual Desktop (AVD).
This exception is time limited and will eventually go away as customers transition to more modern reporting tools such as PowerBI and Viewpoint Analytics. We recommend an evaluation to transition to these tools be made if possible.
In addition, this exception will need the approval of Viewpoint cloud product management for each instance.
As our AVD access will eventually go away, we highly recommend using an IPSEC VPN if you must continue to use SSRS Report Builder.
tl;dr: Customers who need to integrate SSRS Report Builder with Vista need to either host it with us (RDP Cloud Customers) or use an IPSEC VPN and have it installed locally (VRL Cloud). If the customer is using VRL Cloud, they'll need to have a VPN set up to connect their network to the Viewpoint cloud and create a dedicated SQL account for each user, as well as a new, custom DSN. For the VPN method, firewall ports will also need to be opened (UDP port 1434 and TCP port 1433). Third-Party consultants should use the methods described in the cloud FAQ article above.
changelog
Thursday, 11 April 2024 at 07:42AM:
Updated to show that the exception for SSRS-RB to be installed on our AVD instances will require approval by product and that other tools like PowerBI and Analytics are recommended.
Tuesday, 12 December 2023 at 05:10PM:
Updated to remove confusing references to TLS Database Endpoint (TLS VPN)
added note about custom DSN