As we have talked about before, Teradata embraces the concept of SMP and MPP. Within the hardware context, there are two componets that build up this platform. The first if the Processor Node, this is responisble as the name implies for the data processing. This is mostly related to the concept of SMP. Within the realm of MPP, the BYNET is responsible for providing the interprocessor network that link together the components of the MPP system. This can take many forms, including broadcast, multicast, or point-to-point communication. The one that I had the most questions about was the BYNET thing.
The BYNET simply acts as the interconnect hub. Just think of it as the torso while the remaining SMP‘s are the limbs of the overall architecture. Most Teradata architects would poo-poo this description as it doesn’t embrace the concept of everything that the BYNET does but for the sake of my development it is the connector of a series of nodes (I am a Microsoft developer at the end of the day). Important thing to remember is that BYNET‘s in a multinode system can be load balanced and follow a standard TCP/IP protocol for inter-messaging. But, for the nodes to be aware of process oriented directions, load balancing is actually not required, just refines the process. At the end of the day, within all this, you end up with the overall MPP. If the BYNET is a single node, a virtual BYNET is used for simulation.
The configuration of Microsoft Business Connectivity Services in order to authenticate credentials is very important. A user will offer the requested information for authentication to the external data. There are several methods that can be used to supply such credentials to external data. They can be windows based but they don’t necessarily have to be. Windows authentication can be Windows Challenge & Response (NTLM) or Microsoft Negotiate, or non Windows specific types like Basic, Digest, or Forms Based.
In order for Microsoft Business Connectivity Services to pass the request for credentials, the solution designer has to add authentication information to various types of external content. This includes the authentication mode offering Microsoft Business Connectivity Services the information for processing incoming requests from a user. It allow allows for a map to be implemented which will be passed to the external content system for determining authentication information. This is how the credentials of any user are passed to the external data system. That information can be mapped and then stored in a secure store service before it is passed to the external system.
There are three ways in which such authentication can take place with external content. The external system can be assumed as a web based service. Therefore the Microsoft Business Connectivity Services from the administrative passes can be used to determine the authentication mode. An external content type can be created in either Microsoft Visual Studio 2010 or Microsoft SharePoint Designer. The authentication mode can be created by editing the .XML file which defines the type of external content.
This information will help you to understand the various authentication modes of Microsoft Business Connectivity Services that are offered:
- Credentials With an external web service this mode relies on Secure Store Service (SSS or trip S) to map the credentials of the user. Those credentials are offered by a service that isn’t Windows based in order to access the external data. This web service can be basic as it will still offer authentication. It is recommended that you use SSL to ensure this mode is secure.
- PassThrough This passes the credentials of a logged in user to the external system. It requires the credentials of the user to be known to the external system.
- RdbCredentials With an external database, this is a mode that uses Secure Store Service to map the credentials of a user. They are matched to those credentials supplied by a non Windows based entity. The connection should use SSL or IPS in order to maintain a high level of security while using this mode.
- RevertToSelf If a web browser is being used to access the external data, this is a mode that has a map of the credentials of the user. This will then be compared to the identity account of the Microsoft Business Connectivity Services account. The credentials are passed through to the external system. If the user is using an Office Client applications then this mode is very similar to the PassThrough mode. This is because it will be operating according to the credentials of the user.
- WindowsCredentials With this mode a Secure Store Service is used in conjunction with an external database or web service. The credentials of the user are mapped and compared to a set of Windows credentials that are part of the external system.
With Microsoft Business Connectivity Services you will be able to access external data with security tokens. They are incoming and can be passed along to verify security tokens for the external systems. Each security token consists of a particular set of identity claims for a specific user. The use of that information for authentication purposes is, as detailed in multiple places in the site, called claims based authentication.
The process of how the verification and authentication works with claims based authentication is one that offers a high level of security. When a user tries to gain access to any operation on an external list that is set up for claims authentication they will be prompted to enter their information. While this is taking place a request is make to the Secure Token Service (STS) to offer a security token. If the request is granted based on the information that the user submits, the Secure Token Service will issue that security token.
Within that security token that is issued, a set of claims will be included that target a given application. Then the Secure Token Service will return the security token to the client application. The client will pass the token to the Secure Token Service. There the security token will be evaluated using the target application set of identifiers. They are specific in order to return a given set of credentials that will be applied to a particular external system. The client will receive the credentials then pass them to the external system. This allows the user to retrieve, view, and update external data.
The next BCS post we will talk about permissions and how they work in BCS. Baited breathe.
When doing development with SharePoint, it is pretty well-known that because you develop directly against the object model that the environment must have SharePoint present. However, at a client this morning I was helping to build some test and development environments and for some reason the error:
“the local SharePoint server is not available”
kept bubbling up, when clearly there was a local SharePoint instance present. This error can occur after a variety of actions, such as invoking SharePoint Explorer or in visual studio deployment steps.
The quickest way to resolve the error make sure that the account being used to run Visual Studio is a db_owner on the SharePoint config and SharePoint admin databases.