Excel Services Security Best Practices Common Security Settings

The ability to configure the administrative settings for Excel Services Application can be found by opening the SharePoint Central Administration Web Application. Then the Excel Services Settings page needs to be accessed.

It is important for the Excel Services Settings to be configured for several things. External data controls the external data connections for Excel Calculation Services. Load Balancing allows Excel Services Application sessions will be spread out across the Excel Calculation Services. Memory Utilization is the memory allocated for Excel Calculation Services. Security is where communication and web service settings are determined. The Excel Services Application is also authenticated here. Session Management maintains the sessions of behavior for the Excel Calculation Services. Workbook Cache are the settings for caching of the workbook files in memory and on disk. The use of Excel Service Settings Page can help you to configure options for a file. This access method also enables encryption for connections and methods. All of these scenarios directly affect the security of any deployment.

With impersonation you have the ability for a thread to run in the secure context. This is a good idea when you want Excel Calculation Services to authorize users to access any workbooks that have been stored in HTTP or UNC locations. This has no bearing on any workbooks that have been stored in SharePoint Server 2010 databases. Most of the server farms deploy front end web servers and Excel Calculation Services applications that run on various computers. With impersonation Kerberos delegate is restrained. When you have workbooks to open, Excel Calculation Services serves can allow that to happen from HTTP or UNC sites. However, the process account has to be used because the user account won’t be able to be impersonated.

The use of SSL for encryption for the data that will be transmitted is very important when you rely on Excel Calculation Services, data sources, client computers, or front end web servers. In order to encrypt the data while it is being transmitted, click on Connection Encryption settings and make sure it says required. If it says not required which is the default setting your data won’t be as secure as it needs to be. The Excel Calculation Services will only allow data that has been transferred between client computers and front end web servers to be done through SSL. If you don’t require encryption then you will have to configure the SSL manually. This will allow you to have encryption for the connections that occur between client computers and front end computers. However, you can have connections from front end servers and Excel Calculation Service applications that aren’t encrypted.