Crystal Enterprise 8.5 - Administrator's Guide PDF

Crystal Enterprise 8.
5
Administrators Guide
Crystal Decisions, Inc.

895 Emerson St.
Palo Alto
California, USA 94301
Copyright 2002 Crystal Decisions, Inc., 895 Emerson St., Palo Alto, California,
USA 94301. All rights reserved.
Issue 1.
No part of this documentation may be stored in a retrieval system, transmitted or
reproduced in any way, except in accordance with the terms of the applicable
software license agreement. This documentation contains proprietary information
of Crystal Decisions, Inc., and/or its suppliers.
Trademark Acknowledgements
2002 Crystal Decisions, Inc. All rights reserved. Crystal Decisions, Crystal,
Crystal Reports, Crystal Enterprise, Seagate Info, Seagate Software, Seagate, and
the Seagate and Crystal logos are trademarks or registered trademarks of Crystal
Decisions, Inc. and/or Seagate Technology, Inc. All other trademarks referenced
are the property of their respective owner.
Contents
Chapter 1: Welcome to Crystal Enterprise
What is Crystal Enterprise? ............................................................... 2
Who should use this guide? ............................................................... 2
About this guide ................................................................................ 2
Chapter contents ................................................................................................... 2
Product registration .......................................................................... 5

Crystal Care technical support .......................................................... 6
Document conventions ..................................................................... 6
Chapter 2: Administering Crystal Enterprise

Administration overview ................................................................... 8
Working with the Crystal Management Console ............................... 8
Logging on to the Crystal Management Console .................................................... 9
Navigating within the Crystal Management Console .............................................. 9
Setting console preferences ................................................................................. 10
Logging off of the Crystal Management Console .................................................. 11
Working with the Crystal Configuration Manager .......................... 11

Accessing the CCM for Windows ........................................................................ 11
Accessing the CCM for UNIX .............................................................................. 12
Making initial security settings ........................................................ 13

Setting the Administrator password ...................................................................... 13
Disabling the Sign Up feature .............................................................................. 13
Disabling the Guest account ............................................................................... 14
Modifying the default security levels ................................................................... 14
Crystal Enterprise Administrators Guide
Chapter 3: Crystal Enterprise Security Concepts

Security overview ........................................................................... 16
How Crystal Enterprise authenticates and authorizes ..................... 16
Primary authentication ........................................................................................ 17
Secondary authentication and authorization ........................................................ 18
Security management components ................................................. 19

Web Component Server ...................................................................................... 19
Automated Process Scheduler ............................................................................. 20
Security plug-ins .................................................................................................. 20
Processing extensions .......................................................................................... 24
Active trust relationship .................................................................. 25

Logon tokens ....................................................................................................... 25
Ticket mechanism for distributed security ............................................................ 26
Sessions and session tracking .......................................................... 27

WCS session tracking .......................................................................................... 28
APS session tracking ............................................................................................ 28
Environment protection .................................................................. 28

Web browser to web server ................................................................................. 29
Web server to Crystal Enterprise .......................................................................... 29
Auditing web activity ...................................................................... 29

Protection against malicious logon attempts ................................... 30
Password restrictions ........................................................................................... 30
Logon restrictions ................................................................................................ 30
User restrictions .................................................................................................. 31
Guest account restrictions ................................................................................... 31
Chapter 4: Managing User Accounts and Groups

What is account management? ....................................................... 34
Crystal Enterprise default users and groups .................................... 34
ii
Default users ....................................................................................................... 34

Default groups .................................................................................................... 35
Default Windows NT group ................................................................................ 36
Available authentication types ........................................................ 36

Managing Enterprise and general accounts ..................................... 37
Creating a user account ....................................................................................... 37
Modifying a user account .................................................................................... 39
Deleting a user account ...................................................................................... 39
Changing password settings ................................................................................ 40
Creating a group ................................................................................................. 41
Modifying a group ............................................................................................... 42
Viewing group members ..................................................................................... 42
Deleting a group ................................................................................................. 43
Disabling the Sign Up feature .............................................................................. 43
Disabling the Guest account ............................................................................... 43
Managing NT accounts ................................................................... 44

Working with NT accounts ................................................................................. 44
Mapping NT accounts ......................................................................................... 44
Unmapping NT users and groups ........................................................................ 47
Viewing mapped NT users and groups in Crystal Enterprise ................................ 48
Using account aliases for NT ............................................................................... 49
Troubleshooting NT accounts ............................................................................. 51
Setting up NT Single Sign On .............................................................................. 52
Managing LDAP accounts ............................................................... 54

Working with LDAP accounts ............................................................................. 54
Configuring LDAP authentication and mapping LDAP accounts .......................... 54
Unmapping LDAP users and groups .................................................................... 57
Viewing mapped LDAP users and groups in Crystal Enterprise ............................ 58
Changing connection parameters and member groups ........................................ 58
Managing multiple LDAP hosts ........................................................................... 58
iii
Using account aliases for LDAP ........................................................................... 59

Troubleshooting LDAP accounts ......................................................................... 61
Chapter 5: Managing Folder Objects

Folders overview ............................................................................. 64
Creating and deleting folders .......................................................... 64
Creating a new folder .......................................................................................... 64
Creating a new subfolder at any level .................................................................. 65
Deleting folders ................................................................................................... 66
Copying and moving folders ........................................................... 66

Adding a report to a new folder ...................................................... 67
Specifying folder rights ................................................................... 68
Setting limits for folders, users, and groups .................................... 70
Managing User Folders ................................................................... 71
Chapter 6: Publishing Objects to Crystal Enterprise

Publishing overview ........................................................................ 74
Publishing options ............................................................................................... 74
Publishing with the Crystal Publishing Wizard ................................ 75

Adding objects/folders ......................................................................................... 76
Adding multiple objects ...................................................................................... 76
Selecting the APS ................................................................................................ 77
Duplicating the folder structure ........................................................................... 78
Creating and selecting a folder on the APS .......................................................... 78
Moving objects between folders .......................................................................... 79
Changing scheduling options .............................................................................. 79
Changing default values ...................................................................................... 80
Changing object properties .................................................................................. 80
Entering database logon information ................................................................... 81
iv
Setting parameters ............................................................................................... 81

Setting the schedule format ................................................................................. 82
Finalizing the objects to be added ....................................................................... 82
Publishing with the Crystal Management Console .......................... 82

Saving objects directly to the APS ................................................... 84
Chapter 7: Importing Objects to Crystal Enterprise

Crystal Import Wizard overview ..................................................... 86
Importing information from Crystal Enterprise ..................................................... 86
Importing information from Seagate Info ............................................................. 88
Importing with the Crystal Import Wizard ...................................... 89

Specifying the source and destination environments ............................................ 90
Selecting information to import ........................................................................... 91
Chapter 8: Controlling Users Access to Objects

Object rights overview .................................................................... 96
Viewing object rights settings ......................................................... 96
Setting common access levels ......................................................... 98
Setting advanced object rights ...................................................... 100
Base rights and available rights .......................................................................... 102
Using inheritance to your advantage ............................................ 103

Group and folder inheritance ............................................................................ 103
Enabling and disabling inheritance with access levels ....................................... 104
Inheritance with advanced rights ....................................................................... 105
Customizing a top-down inheritance model ............................... 108

Creating groups for the tutorials ......................................................................... 109
Setting up an open system of decreasing rights .................................................. 112
Setting up a closed system of increasing rights ................................................... 131
Chapter 9: Managing Report Objects and Instances

Report objects and instances overview ......................................... 138
What are report objects and instances? .............................................................. 138
Report object management ........................................................... 139

Publishing a new report object .......................................................................... 139
Copying, moving, or creating a shortcut for a report .......................................... 141
Applying processing extensions to reports ......................................................... 142
Deleting a report object ..................................................................................... 145
Searching for a report ........................................................................................ 146
Managing a report object and its instances ................................... 146

Changing properties of a report and specifying servers for scheduling ............... 147
Managing the history of report instances ........................................................... 149
Changing database information ......................................................................... 150
Updating parameters ......................................................................................... 151
Using filters ....................................................................................................... 152
Scheduling a report instance ............................................................................. 153
Scheduling a report with events ......................................................................... 163
Selecting a destination ....................................................................................... 166
Choosing a format ............................................................................................. 173
Setting instance limits for a report object ........................................................... 174
Setting object rights for users and groups ........................................................... 176
Chapter 10: Managing Events

Managing events overview ............................................................ 180
File-based events ........................................................................... 181
Schedule-based events .................................................................. 182
Custom events ............................................................................... 184
vi
Chapter 11: Crystal Enterprise Architecture

Architecture overview and diagram .............................................. 186
Client tier ...................................................................................... 187
ePortfolio .......................................................................................................... 187
Crystal Management Console ............................................................................ 188
Crystal Configuration Manager .......................................................................... 188
Crystal Publishing Wizard ................................................................................. 188
Crystal Import Wizard ....................................................................................... 188
Crystal Web Wizard .......................................................................................... 189
Intelligence tier ............................................................................. 189

Web Component Server .................................................................................... 189
Web Connectors ............................................................................................... 190
Automated Process Scheduler ........................................................................... 190
File Repository Servers ...................................................................................... 191
Event Server ...................................................................................................... 191
Cache Server ..................................................................................................... 192
Processing tier ............................................................................... 192

Job Server .......................................................................................................... 192
Page Server ....................................................................................................... 192
Data tier ........................................................................................ 193

Information Flow .......................................................................... 193
What happens when you view a report? ............................................................ 193
What happens when you schedule a report? ..................................................... 194
Chapter 12: Managing and Configuring Servers

Server management overview ....................................................... 196
Viewing current metrics ................................................................ 196
Viewing current server metrics .......................................................................... 197
Viewing system metrics ..................................................................................... 199
vii
Viewing and changing the current status of servers ...................... 199

Starting, stopping, and restarting servers ............................................................ 200
Enabling and disabling servers ........................................................................... 201
Printing, copying, and refreshing server status ................................................... 203
Configuring the intelligence tier ................................................... 204

Clustering Automated Process Schedulers ......................................................... 204
Copying APS data from one database to another ............................................... 208
Deleting and recreating the APS database ......................................................... 213
Selecting a new or existing APS database .......................................................... 213
Setting root directories and idle times of the File Repository Servers ................. 215
Modifying Cache Server performance settings ................................................... 216
Modifying the polling time of the Event Server .................................................. 218
Modifying logging behavior of the Web Component Server ............................... 218
Modifying report viewing and viewer options .................................................... 219
Configuring the processing tier ..................................................... 221

Modifying Page Server performance settings ...................................................... 221
Modifying the number of jobs per Job Server ..................................................... 222
Setting default scheduling destinations for Job Servers ....................................... 223
Configuring Windows processing servers for your data source .......................... 227
Configuring UNIX processing servers for your data source ................................ 229
Logging server activity .................................................................. 234

Advanced server configuration options ......................................... 235
Changing the default server port numbers ......................................................... 235
Configuring Crystal Enterprise on a multihomed machine ................................. 238
Adding and removing Windows server dependencies ....................................... 239
Changing the server startup type ........................................................................ 240
Chapter 13: Scaling Your System

Scalability overview ...................................................................... 242
Choosing between live and saved data .......................................... 242
viii
Live data ........................................................................................................... 243

Saved data ........................................................................................................ 243
Common configurations ................................................................ 243

One-machine setup ........................................................................................... 244
Three-machine setup ......................................................................................... 244
Six-machine setup ............................................................................................. 244
General scalability considerations ................................................ 245

Increasing overall system capacity ..................................................................... 245
Increasing scheduled reporting capacity ............................................................ 246
Increasing on-demand viewing capacity ............................................................ 247
Enhancing custom web applications .................................................................. 247
Improving web response speeds ........................................................................ 248
Adding and deleting servers .......................................................... 249

Adding a server ................................................................................................. 249
Deleting a server ............................................................................................... 251
Chapter 14: Managing Server Groups

Server group overview .................................................................. 254
Creating a server group ................................................................. 254
Working with server subgroups .................................................... 255
Modifying the group membership of a server ................................ 257
Chapter 15: Working with Firewalls

Firewalls overview ........................................................................ 260
What is a firewall? ............................................................................................. 260
Firewall types .................................................................................................... 261
Configuring Crystal Enterprise to work with firewalls ................... 263

Configuring for packet filtering .......................................................................... 263
Configuring for Network Address Translation .................................................... 263
Configuring for SOCKS servers .......................................................................... 265
ix
Chapter 16: Licensing Information

Licensing overview ........................................................................ 270
Accessing license information ........................................................................... 271
Adding a license key ......................................................................................... 272
Viewing current account activity ....................................................................... 272
Appendix A: Object Rights and Access Levels

Object rights ................................................................................. 274
Access levels ................................................................................. 275
Default rights on the root folder ................................................... 277
Appendix B: UNIX Tools

UNIX tools overview ..................................................................... 280
Script utilities ................................................................................ 280
ccm.sh .............................................................................................................. 280
apsdbsetup.sh .................................................................................................... 283
serverconfig.sh .................................................................................................. 283
sockssetup.sh .................................................................................................... 284
uninstall.sh ........................................................................................................ 285
Script templates ............................................................................ 285

startservers ........................................................................................................ 285
stopservers ........................................................................................................ 285
silentinstall.sh .................................................................................................... 286
Scripts used by Crystal Enterprise ................................................. 286

env.sh ............................................................................................................... 286
initlaunch.sh ..................................................................................................... 286
patchlevel.sh ..................................................................................................... 286
postinstall.sh ..................................................................................................... 287
crystalrestart.sh .................................................................................................. 287
setup.sh ............................................................................................................. 287
Appendix C: Server Command Lines

Command lines overview .............................................................. 290
Standard options for all servers ..................................................... 290
Automated Process Scheduler ....................................................... 292
Web Component Server ................................................................ 292
Page Server and Cache Server ....................................................... 293
Job Server ..................................................................................... 294
Input and Output File Repository Servers ..................................... 295
Event Server .................................................................................. 295
Appendix D: Troubleshooting path mappings

Path mapping overview ................................................................. 298
Web server virtual directory mappings ......................................... 298
The /crystal virtual directory .............................................................................. 299
The /viewer virtual directory .............................................................................. 299
Web server application mappings ................................................. 300

Configuring application mappings on Windows ................................................ 300
Configuring application mappings on UNIX ...................................................... 302
Web Connector virtual path mappings ......................................... 304

Configuring virtual path mappings on Windows ................................................ 305
Configuring virtual path mappings on UNIX ...................................................... 307
Appendix E: General Troubleshooting

Troubleshooting overview ............................................................. 310
Documentation resources ............................................................. 311
Web accessibility issues ................................................................ 311
Using an IIS web site other than the default ....................................................... 311
UNIX Web Connector cannot access WCS on Windows ................................... 312
xi
Communication error when accessing the CMC ................................................ 312

Unable to connect to APS when logging on to the CMC .................................... 312
Windows NT authentication cannot log you on ................................................ 313
Reporting viewing and processing issues ....................................... 313

Troubleshooting reports and looping database logon prompts ........................... 314
Troubleshooting reports with Crystal Reports ..................................................... 316
Error detected by database driver ...................................................................... 318
Server resources must be available on local drives ............................................ 319
Supporting Crystal Reports 8 web distribution ................................................... 320
Page Server error when viewing a report ........................................................... 320
ePortfolio considerations .............................................................. 321

Supporting ePortfolio users in multiple time zones ............................................ 321
Setting default report destinations ...................................................................... 321
Setting preferences and report viewers for ePortfolio users ................................ 321
ePortfolio and Windows NT Single Sign On ...................................................... 322
Configuring your web farm for load balancing ............................. 322
Glossary ..........................................................................325
Index ..............................................................................335
xii
Welcome to Crystal Enterprise
This chapter briefly describes Crystal Enterprise and outlines

the contents and the intended audience of this Administrators
Guide. Product registration and technical support information
is also included, along with a brief description of the
document conventions used within this guide.
What is Crystal Enterprise?
What is Crystal Enterprise?

Crystal Enterprise is a flexible, scalable, and reliable solution for delivering
powerful, interactive reports to end users via any web applicationintranet,
extranet, Internet or corporate portal. Whether it is used for distributing weekly
sales reports, providing customers with personalized service offerings, or
integrating critical information into corporate portals, Crystal Enterprise delivers
tangible benefits that extend across and beyond the organization. As an integrated
suite for reporting, analysis, and information delivery, Crystal Enterprise provides
a solution for increasing end-user productivity and reducing administrative efforts.
Who should use this guide?

This guide is intended for system administrators who are responsible for
configuring, managing, and maintaining a Crystal Enterprise installation.
Familiarity with your operating system and your network environment is
certainly beneficial, as is a general understanding of web server management and
scripting technologies. However, in catering to all levels of administrative
experience, this guide aims to provide sufficient background and conceptual
information to clarify all administrative tasks and features.
For more information about the product, consult the Crystal Enterprise Getting Started
Guide, the Crystal Enterprise Installation Guide, the Crystal Enterprise ePortfolio Users
Guide, and the Crystal Enterprise Web Developers Guide. Online versions of these
guides are included in the doc directory of your product distribution. Once you install
Crystal Enterprise, they are also accessible from the Crystal Enterprise Launchpad.
About this guide

This guide provides you with information and procedures covering a wide range
of administrative tasks. Procedures are provided for common tasks. Conceptual
information and technical details are provided for all advanced topics.
Chapter contents
The following list provides a short description of each of the remaining chapters in
this guide.
Chapter 2: Administering Crystal Enterprise
This chapter provides a general description of system administration as it relates
to Crystal Enterprise. It then introduces the administration tools that allow you to
manage and configure Crystal Enterprise, and it shows how to make some
common changes to the systems default security settings.
1: Welcome to Crystal Enterprise
Chapter 3: Crystal Enterprise Security Concepts

This chapter details the ways in which Crystal Enterprise addresses enterprise
security concerns, thereby providing administrators and system architects with
answers to typical questions regarding security.
Chapter 4: Managing User Accounts and Groups
This chapter describes the tasks related to account management for users and
groups. It includes instructions that describe how to add, modify, and remove
accounts within Crystal Enterprise. It also details how to use and integrate NT and
LDAP authentication with Crystal Enterprise.
Chapter 5: Managing Folder Objects
This chapter describes basic folder administration tasks and shows how to add
folders and how to change settings, such as object rights and limits, for new
folders.
Chapter 6: Publishing Objects to Crystal Enterprise
This chapter focuses on the publishing process: it introduces the Crystal
Publishing Wizard and tells you how you can use it to add Crystal reports and
other objects to ePortfolio or to your custom web desktop; it also describes
alternative ways of adding objects to the Crystal Enterprise environment.
Chapter 7: Importing Objects to Crystal Enterprise
The Crystal Import Wizard allows you to import information from other Seagate
Info or Crystal Enterprise systems into your new Crystal Enterprise system. This
chapter provides a general overview of the Crystal Import Wizard along with a
series of procedures that lead you through the process of importing information.
Chapter 8: Controlling Users Access to Objects
This chapter describes the ways in which object rights enable you to secure the
content that you publish to Crystal Enterprise. Predefined access levels, advanced
rights, and inherited rights are all discussed in detail. Examples and procedures
are provided in the form of tutorials.
Chapter 9: Managing Report Objects and Instances
This chapter describes the management of report objects and instances using the
Crystal Management Console. It includes information on scheduling and choosing
the settings for a report object, such as the format, the intended destination, the
rights settings, and so on.
Chapter 10: Managing Events
This chapter provides information on creating and managing events. It describes
file-based events, custom events, and schedule-based events.
About this guide
Chapter 11: Crystal Enterprise Architecture

This chapter provides an overview of the Crystal Enterprise architecture, describes
the different components, and identifies how they work together to distribute
reports over the web.
Chapter 12: Managing and Configuring Servers
This chapter provides information on a range of server tasks that allow you to
customize the behavior of Crystal Enterprise. The chapter first covers
straightforward tasks like starting and stopping servers, and then proceeds to
more advanced configuration options, including APS clustering and other serverspecific settings.
Chapter 13: Scaling Your System
This chapter provides general information about ways in which you might begin
to scale, or expand, your Crystal Enterprise system. The chapter also shows how
to add server components to your installation.
Chapter 14: Managing Server Groups
This chapter shows how to create server groups and subgroups. It also shows how
to modify the group membership of an individual server.
Chapter 15: Working with Firewalls
This chapter describes how Crystal Enterprise works with firewall systems. After
providing some background information on the supported types of firewalls, this
chapter explains how to configure firewalls and Crystal Enterprise to work together.
Chapter 16: Licensing Information
This chapter describes how to view licensing information and add license keys
with the Crystal Management Console (CMC). It also shows how to view your
current account activity.
This appendix maps the object rights that are available in the Crystal Management
Console (CMC) to the actual rights available through the Crystal Enterprise SDK;
it also lists the object rights that make up each of the predefined access levels, and
the default rights that are applied to the system root folder. This appendix is
provided primarily for reference purposes. For complete details on setting object
rights, see Controlling Users Access to Objects on page 95.
This appendix details each of the administrative tools and scripts that are included
with the UNIX distribution of Crystal Enterprise. This appendix is provided
primarily for reference purposes. Concepts and configuration procedures are
discussed in more detail throughout this guide.
1: Welcome to Crystal Enterprise

This appendix lists the command-line options that control the behavior of each
Crystal Enterprise server.
This appendix describes the ways in which virtual directories, application
mappings, and virtual paths must be set up between your web server, the Web
Connector, and the Web Component Server in order for Crystal Enterprise to work
correctly.
This appendix provides general troubleshooting steps and solutions to some
specific configuration problems. For up-to-date answers to commonly asked
questions, registered customers can freely download additional technical
documents or knowledge base articles from Crystal Care technical support.
Glossary
This section defines some common Crystal Enterprise terminology.
Product registration
There are several ways you can register your product:
Fill out the Product Registration form on the Crystal Decisions, Inc. web site at:
http://www.crystaldecisions.com/register/
Print the Product Registration form and fax it to the registration fax number
closest to you. Crystal Decisions will then fax you a registration number that
can be entered into the product the next time you use it.
Registration fax numbers
USA/Canada +1 (604) 681-5147
United Kingdom +44 (0) 20 8231 0601
Australia +6 2 9955 7682
Germany +49 (0) 69 9509 6182
Hong Kong +852 2893 2727
Singapore +65 777 8786
Registration is required to access online or telephone technical support. In
addition, registering the product ensures that you are kept up-to-date with
product advancements.
Crystal Care technical support
Crystal Care technical support

To find out about the technical support programs available for Crystal Enterprise:
Consult the enclosed Crystal Care information card.
Go to our support web site at:
http://support.crystaldecisions.com/crystalcare/
Contact your regional office. For details, go to:

http://www.crystaldecisions.com/contact/offices.asp
Document conventions
This guide uses the following conventions:
Commands and buttons
For easy recognition within procedures, User Interface (UI) features appear in
bold type. For example: On the File menu, click New.
Keyboard shortcuts
Delete means the Delete key, or the Del key on your numeric keypad. Enter
means the Enter, Return, or CR key, depending on which of these keys appears
on your keyboard.
Key combinations
CTRL+KEY, SHIFT+KEY, and ALT+KEY are examples of key combinations.
Hold down the first key in the combination and, at the same time, press the
second key in the combination (designated above as KEY). For example:
CTRL+C means hold the Control key down and press the letter C on your
keyboard (CTRL+C is the Windows Copy command).
Key terms are italicized when first defined.
Monospaced font indicates data that you enter using your keyboard. For
example: In the Formula Editor, type If Sales > 1000 Then crRed
Monospaced, italicized font indicates variable data that you must replace with
data appropriate to your current settings, environment, or task. For example,
in the following URL, you would replace webserver
http://webserver/crystal/enterprise/
Administering Crystal Enterprise
This chapter provides a general description of system

administration as it relates to Crystal Enterprise. It then
introduces the administration tools that allow you to
manage and configure Crystal Enterprise, and it shows
how to make some common changes to the systems default
security settings.
Administration overview
Administration overview
The regular administrative tasks associated with Crystal Enterprise can be roughly
divided into three major categories: user management, content management, and
server management. The remainder of this guide provides technical and procedural
information corresponding to each of these management categories. This chapter
briefly introduces new Crystal Enterprise administrators to some of the available
management tools. It also shows you how to make initial security settings, such as
setting the password for the systems default Administrator account.
You will typically use the following applications to manage Crystal Enterprise:
Crystal Management Console (CMC)
This web application is the most powerful administrative tool provided for
managing a Crystal Enterprise system. It offers you a single interface through
which you can perform almost every task related to user management, content
management, and server management.
For an introduction to the CMC, see Working with the Crystal Management
Console on page 8.
Crystal Configuration Manager (CCM)
This server administration tool is provided in two forms. In a Windows
environment, the CCM allows you to manage local and remote servers through its
Graphical User Interface (GUI) or from a command line. In a UNIX environment,
the CCM shell script (ccm.sh) allows you to manage servers from a command line.
For an introduction to the CCM, see Working with the Crystal Configuration
Manager on page 11.
Crystal Publishing Wizard
This application allows you to publish your reporting content to Crystal Enterprise
quickly. It also allows you to specify a number of options on each report that you
publish. Although this application runs only on Windows, you can use it to publish
reports to Crystal Enterprise servers that are running on Windows or on UNIX.
For more information on publishing content to Crystal Enterprise, see
Publishing overview on page 74.
Working with the Crystal Management Console

You will use the Crystal Management Console (CMC) extensively to manage your
Crystal Enterprise system. This tool allows you to perform user management tasks
such as setting up authentication and adding users and groups. And it allows you
to publish, organize, and set security levels for all of your Crystal Enterprise
content. Additionally, the CMC enables you to manage servers and create server
groups. Because the CMC is a web-based application, you can perform all of these
administrative tasks remotely.
Any user with valid credentials to Crystal Enterprise can log on to the CMC and
set his or her preferences. However, users who are not members of the
2: Administering Crystal Enterprise
Administrators group cannot perform any of the available management tasks

unless they have been granted rights to do so. For complete details about object
rights, see Controlling Users Access to Objects on page 95.
Logging on to the Crystal Management Console

There are two ways to access the CMC: type the name of the machine you are
accessing directly into your browser, or select Crystal Launchpad from the
program group on the Windows Start menu.
To log on to the CMC

1 Go to the following page:
http://webserver/crystal/enterprise/admin/
Replace webserver with the name of the web server machine that has the Web
Connector component installed. If you changed this default virtual directory on
the web server, you will need to type your URL accordingly.
Tip: On Windows, you can click Start > Programs > Crystal Enterprise > Crystal
Launchpad, and then click the Crystal Management Console link.
2 When the Log On page appears, select Enterprise in the Authentication Type
list.
Windows NT and LDAP authentication also appear in the list; however, you
must map your third-party user accounts and groups to Crystal Enterprise
before you can use these types of authentication.
3 Type your User Name and Password.
For this example, type Administrator as the User Name. This default Enterprise
account does not have a password until you create one. For details, see Setting
the Administrator password on page 13.
If youre using LDAP or Windows NT authentication, you may log on using an
account that has been mapped to the Crystal Enterprise Administrators group.
4 Click Log On.
The CMC Home page appears.
Navigating within the Crystal Management Console

Because the CMC is a web-based application, you can navigate through its areas
and pages in a number of ways:
Click the links on the Home page to go to specific management areas.
Select the same management areas from the drop-down list in the upper-left
corner of the console. Click Go if your browser doesnt take you directly to the
new page.
Click hyperlinks and icons that let you to jump to other areas.
Working with the Crystal Management Console
Once you leave the Home page, your location within the CMC is indicated by a
path that appears above the title of each page. For example, Home > Users > New
User indicates that youre on the New User page. You can click the hyperlinked
portions of the path to jump quickly to different parts of the application. In this
example, you could click Home or Users to go to the corresponding page.
Setting console preferences

The Preferences area of the CMC allows you to customize your administrative
view of Crystal Enterprise. Log on to the CMC and click the Preferences button
in the upper right corner of the CMC. Select from the following options:
Viewer
This list sets the default report viewer that is loaded when you view a report in
the CMC. To set the available and default viewers for all users, see Modifying
report viewing and viewer options on page 219.
Maximum number of objects per page
This option limits the number of objects listed on any page or tab in the CMC.
Maximum number of characters for each page index
When a list of objects spans multiple pages, the full list is sorted alphanumerically
and indexed before being subdivided. At the top of every page, hyperlinks are
displayed as an index to each of the remaining pages. This setting determines the
number of characters that are included in each hyperlink.
In this example, the maximum number of characters is set to 3, so threecharacter hyperlinks are used to index the report objects on each page.
Time zone
If you are managing Crystal Enterprise remotely, use this list to specify your
time zone. Crystal Enterprise synchronizes scheduling patterns and events
appropriately. For instance, if you select Eastern Time (US & Canada), and you
schedule a report to run at 5:00 a.m. every day on a server that is located in San
Francisco, then the server will run the report at 2:00 a.m. Pacific Time.
For more information about time zones, see Supporting ePortfolio users in
multiple time zones on page 321.
10
Menu style
These options change the ways in which menus are displayed in the CMC. You
can view buttons, text, or both.
My Password
Click the Change Password link to change the password for the account under
which you are currently logged on.
Logging off of the Crystal Management Console

When you have finished using the CMC, end the session by logging off. The Logoff
button is located in the upper-right corner of the console.
Working with the Crystal Configuration Manager

The Crystal Configuration Manager (CCM) is a server-management tool that
allows you to configure each of your Crystal Enterprise server components. This
tool allows you to start, stop, enable, and disable servers. It also allows you to view
and to configure advanced server settings such as default port numbers, APS
database and clustering details, SOCKS server connections, and more.
Accessing the CCM for Windows

From a Windows machine, use the CCM to manage Crystal Enterprise server
components that are running locally or on a remote Windows machine. To run the
CCM, you must have NT administrator rights on the local machine. If you are
managing servers on a remote machine, you must also have NT administrator
rights on the machine you are connecting to. Depending on the configuration of
your network, you might be prompted to enter a user name and password.
To start the CCM

From the Crystal Enterprise program group, click Crystal Configuration Manager.
The servers that are available on the local machine appear in the list. A status icon
is displayed for each server:
A green arrow indicates the server is running.
A yellow arrow indicates the server is starting.
A red arrow indicates the server is not running.
11
Working with the Crystal Configuration Manager
To connect to servers on a remote machine

1 Once you have started the CCM, you can connect to a remote machine in
several ways:
In the Computer Name field, type the name of the machine you want to
connect to; then press Enter.
In the Computer Name field, select a remote machine from the list.
On the toolbar, click Browse. Select the appropriate computer; then click OK.
2 If prompted, log on to the remote machine with an account holding
administrative rights.
Note: You may need to type your user name as domain\username.
The CCM lists the servers associated with this machine.
Accessing the CCM for UNIX

Run the CCM on your UNIX server to manage Crystal Enterprise server
components that are running on that machine. You can run the CCM remotely
through a telnet session or locally through a terminal window. To run the CCM,
you must have execute permissions on the ccm.sh script and on its parent crystal
directory.
To run the CCM

1 Go to the crystal directory that was created by the Crystal Enterprise
installation:
cd INSTALL_ROOT/crystal
2 Run ccm.sh with command-line options to manage one or more servers.

For instance, the following set of commands starts the Crystal Enterprise
servers and enables each server on its default port:
./ccm.sh -start all
./ccm.sh -enable all
Note: The main options for the CCM are covered in more detail in UNIX
Tools on page 279.
To view additional help on ccm.sh

The ccm.sh script also provides a detailed description of its command-line options.
To see the command-line help, issue the following command:
./ccm.sh -help | more
12
Making initial security settings

This section focuses on some of the key security settings that you may want to
make immediately, before publishing content and providing users with access to
Crystal Enterprise. The list of Related topics shows where you can find
additional procedures and information related to security.
Related topics
For a technical overview of security within Crystal Enterprise, see Crystal
Enterprise Security Concepts on page 15.
For procedures on setting up authentication, see Available authentication
types on page 36.
For details about object rights, see Controlling Users Access to Objects on
page 95.
Setting the Administrator password

As part of the installation, Crystal Enterprise creates an Administrator account and
a Guest account that do not have passwords. Log on to the Crystal Management
Console (CMC) with the Administrator account and use the following procedure
to create a secure password for the Administrator account.
Note: Do not create a password for the Guest account if you plan to use the
anonymous Single Sign On or the Sign Up features available in ePortfolio.
To change the Administrator password

1 Go to the Users management area of the CMC.
2 Click the link for the Administrator account.
3 In the Enterprise Password Settings area, enter and confirm the new
password.
4 If it is selected, clear the User must change password at next logon check box.
5 Click Update.
Disabling the Sign Up feature

When users connect to ePortfolio without specifying a user name and password,
the system logs them on automatically under the Guest account. By default, each
user then has the ability to sign up and create a new account on the system. You
have the option to change this default behavior and to prevent guest users from
creating their own accounts.
13
Making initial security settings
To disable the Sign Up feature

1 Go to the Authorization management area of the CMC.
2 Click the Enterprise tab.
3 In the Guest Account Restrictions area, clear the Guest users can create
their own Enterprise accounts check box.
4 Click Update.
Disabling the Guest account

By disabling the Guest account, you ensure that no one can log on to Crystal
Enterprise with this account. In doing so, you also disable the anonymous Single
Sign On functionality of ePortfolio, so users will be unable to access ePortfolio
without providing a valid user name and password.
To disable the Guest account

2 In the Account Name column, click Guest.
3 On the Properties tab, select the Account is disabled check box.
4 Click Update.
5 If you are prompted for confirmation, click OK.
Modifying the default security levels

This procedure shows where you can modify the default object rights that users are
granted to the top-level Crystal Enterprise folder.
Initially, the Everyone group is granted Schedule access to the top-level folder,
and the Administrators group is granted Full Control. You can change these
default security levels to suit your needs. For a full description of object rights and
inheritance patterns, see Object rights overview on page 96.
To modify top-level security settings

1 Go to the Settings management area of the CMC.
2 Click the Rights tab.
3 As required, change the entry in the Access Level list for each user or group
that is displayed.
4 Click Update.
5 Click Add/Remove to grant different levels of security to additional users or
groups.
14
Crystal Enterprise Security Concepts
This chapter details the ways in which Crystal Enterprise

addresses enterprise security concerns, thereby providing
administrators and system architects with answers to
typical questions regarding security.
15
Security overview
Security overview
The Crystal Enterprise architecture addresses the many security concerns that
affect todays businesses and organizations. The current release supports features
such as distributed security, Single Sign On (SSO), resource access security,
granular object rights, and third-party Windows NT and LDAP authentication in
order to protect against unauthorized access. To allow for further customization of
security, Crystal Enterprise supports dynamically loaded processing extensions.
And, for monitoring and auditing purposes, Crystal Enterprise allows you to log
various web statistics, thus enabling you to detect potential security concerns.
Because Crystal Enterprise provides the framework for an increasing number of
components from the Enterprise family of Crystal products, this chapter details the
security features and related functionality to show how the framework itself
enforces and maintains security. As such, this chapter does not provide explicit
procedural details; instead, it focuses on conceptual information and provides
links to key procedures.
Related topics
For key procedures that show how to modify the default accounts, passwords,
and other security settings, see Making initial security settings on page 13.
For procedures that show how to set up authentication, users, and groups, see
Managing User Accounts and Groups on page 33.
For procedures that show how to set object rights for your Crystal Enterprise
content, see Controlling Users Access to Objects on page 95.
How Crystal Enterprise authenticates and authorizes

Authentication is the process of verifying the identity of a user who attempts to
access the system, and authorization is the process of verifying that the user has
been granted sufficient rights to perform the requested action upon the specified
object. This section describes the authentication and authorization processes in
order to provide a general idea of how system security works within Crystal
Enterprise. Each of the components and key terms is discussed in greater detail
later in this chapter.
Because Crystal Enterprise is fully customizable, the authentication and
authorization processes may vary from system to system. This section uses
ePortfolio as a model and describes its default behavior. If you are developing your
own Crystal Enterprise end-user or administrative applications using the Crystal
Enterprise Software Development Kit (SDK), you can customize the systems
behavior to meet your needs. For complete details, see the Crystal Enterprise Web
Developer's Guide.
For procedures that show how to set up the different authentication types, see
Available authentication types on page 36.
16
3: Crystal Enterprise Security Concepts
Primary authentication
Primary authentication occurs when a user first attempts to access the system. The
user provides a user name and password and specifies an authentication type. The
authentication type may be Enterprise, Windows NT, or LDAP authentication,
depending upon which type(s) you have enabled and set up in the Authorization
management area of the Crystal Management Console (CMC). The users web
browser sends the information by HTTP to your web server, which routes the
information through the Web Connector to the Web Component Server (WCS).
Note: All communication between the users web browser and the WCS is
similarly routed through the web server and the Web Connector. For clarity, the
web server and the Web Connector are explicitly discussed only when necessary.
The WCS passes the users information to logon.csp and runs the script. Internally,
this script communicates with the SDK and, ultimately, the appropriate security
plug-in authenticates the user against the user database.
For instance, if the user specifies Enterprise Authentication, the SDK ensures that
the Crystal Enterprise security plug-in performs the authentication. The plug-in
component verifies the user name and password against the system database and
notifies the Automated Process Scheduler (APS) of the results. Alternatively, if the
user specifies Windows NT or LDAP Authentication, the SDK uses the
corresponding security plug-in to authenticate the user. The plug-in verifies the
user name and password against the external user database and notifies the APS
of the results.
If the security plug-in reports a successful match of credentials, the APS grants the
user an active identity on the system and the system performs several actions:
The APS stores the users information in memory in an APS session variable.
While active, this session consumes one user license on the system.
The APS generates and encodes a logon token and sends it to the WCS.
The WCS stores the users information in memory in a WCS session variable.
While active, this session stores information that allows Crystal Enterprise to
respond to the users requests.
Note: If you are familiar with the SDK, you should note that the WCS here
instantiates the InfoStore object and stores it in the WCS session variable.
The WCS sends the logon token to the users web browser, and the web
browser caches the token in a cookie. Until the logon token expires, its
encoded information serves as the users valid ticket for the system.
Each of these steps contributes to the distributed security of Crystal Enterprise,
because each step consists of storing information that is used for secondary
identification and authorization purposes. This is the model used in ePortfolio.
However, if you are developing your own client application and you prefer not to
store session state on the WCS, you can design your application such that it avoids
using WCS session variables.
17
How Crystal Enterprise authenticates and authorizes
Note:
The third-party Windows NT and LDAP security plug-ins work only once you
have mapped users and groups from the external user database to Crystal
Enterprise. For details, see Available authentication types on page 36.
In a Single Sign On situation, users credentials are retrieved by other means
and authenticated against the user database automatically. Hence, users are
not prompted for their credentials.
Secondary authentication and authorization

Secondary authentication is the process of double-checking the identity of each
user who attempts to view, run, schedule, or otherwise act upon an object that is
managed by Crystal Enterprise. Authorization is the process of verifying that the
user has been granted sufficient rights to perform the requested action upon the
specified object.
When a user attempts to access an object on the system, the web browser sends the
request by HTTP to the WCS. Before fulfilling the users request, the WCS
performs a series of security-related steps.
First, the WCS ensures that the user has a valid logon token:
If there is a valid logon token, the WCS proceeds to its next task.
If there is no valid logon token, the primary authentication process is repeated.
For more information about logon tokens, see Logon tokens on page 25.
Second, the WCS checks internally for an active WCS session that matches the
users logon token:
If the corresponding WCS session variable remains in memory, the WCS
proceeds to its next task.
If the WCS session variable has timed out, the user is logged back on with the
logon token. The SDK authenticates the user against the appropriate user
database, and the APS and the WCS recreate the required session variables. In
this case, Crystal Enterprise does not have to prompt the user for credentials,
because the encoded logon token contains the required information.
Third, the WCS ensures that the appropriate server component actually processes
the users request:
If the WCS can process the request itself, it queries the APS database for the
rights associated with the object that the user requested.
For instance, if the user requests a list of reports in a specific folder, the WCS
queries the APS database for a list of the reports that the user is authorized to
see. The WCS then dynamically lists the reports in an HTML page, and sends
the page to the users browser.
18
If a different server component must process the request, the WCS sends the
request and the users logon token to the appropriate server component. That
server component then queries the APS database for the rights associated with
the object that the user requested.
For instance, if the user attempts to refresh a reports data, the WCS passes the
request along to the Page Server. The Page Server passes the logon token to the
APS to ensure that the user is authorized to refresh the report.
For details about how the APS calculates a users effective rights to an object,
see Calculating a users effective rights on page 106.
This secondary authentication and authorization process begins similarly to initial
identification; here, however, the authentication algorithm followed by the WCS
maintains system security in the fewest number of steps, thereby providing the
most efficient response to the users initial request.
Note: If the user does not have the right to perform the requested action, the WCS
displays an appropriate message. For details about setting object rights, see
Controlling Users Access to Objects on page 95.
Security management components

System security within Crystal Enterprise is distributed across most components,
but it is managed primarily by the WCS, the APS, and the security plug-ins. These
components work together to authenticate and to authorize users who access
Crystal Enterprise, its folders, and its other objects.
This section discusses the key components as they relate to system security.
Because they are responsible for additional tasks, several of the components
discussed in this section are described in additional detail in Crystal Enterprise
Architecture on page 185.
Web Component Server

The WCS is the gateway between the web server/Web Connector machine and the
remaining Crystal Enterprise components. As such, the WCS receives all HTTP
requests that are sent to Crystal Enterprise from users web browsers.
The WCS ensures that each user has a valid logon token for the system. If the logon
token is missing, or if it has expired, the WCS initiates the primary authentication
process. For details, see Primary authentication on page 17.
The WCS is also responsible for maintaining the users session state in the WCS
session variable. This session variable contains information that Crystal Enterprise
uses when fulfilling users requests. For details, see Sessions and session
tracking on page 27.
19
Automated Process Scheduler

In relation to system security, the APS performs a number of important tasks. The
majority of these tasks rely upon the database that the APS uses to keep track of
Crystal Enterprise system data. This data includes security information, such as
user accounts, group memberships, and object rights that define user and group
privileges.
When you first set up your system, the APS allows you to create user accounts and
groups within Crystal Enterprise. And, with its third-party security plug-ins, the
APS allows you to reuse existing user accounts and groups that are stored in a
third-party system (a Windows NT user database or an LDAP directory server).
The APS supports third-party authentication, so users can log on to Crystal
Enterprise with their current Windows NT or LDAP credentials.
When users log on, the APS coordinates the authentication process with its
security plug-ins; the APS then grants the user a logon token and an active session
on the system. The APS also responds to authorization requests made by the rest
of the system. When a user requests a list of reports in a particular folder, the APS
authorizes the request only when it has verified that the users account or group
membership provides sufficient privileges.
For details about the APS and how it calculates a users effective rights to an object,
see Calculating a users effective rights on page 106.
For more information about the APS and the APS database, see Automated
Process Scheduler on page 190.
Security plug-ins
Security plug-ins expand and customize the ways in which Crystal Enterprise
authenticates users. Crystal Enterprise currently ships with the system default
Crystal Enterprise security plug-in and with the Windows NT and LDAP security
plug-ins. Each security plug-in offers several key benefits.
Security plug-ins facilitate account creation and management by allowing you to
map user accounts and groups from third-party systems into Crystal Enterprise.
You can map third-party user accounts or groups to existing Crystal Enterprise
user accounts or groups, or you can create new Enterprise user accounts or groups
that corresponds to each mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings.
So, once you map a Windows NT or LDAP group into Crystal Enterprise, all users
who belong to that group can log on to Crystal Enterprise. When you make
subsequent changes to the third-party group membership, you need not update or
refresh the listing in Crystal Enterprise. For instance, if you map a Windows NT
group to Crystal Enterprise, and then you add a new NT user to the NT group, the
security plug-in dynamically creates an alias for that new user when he or she first
logs on to Crystal Enterprise with valid NT credentials.
20
Moreover, security plug-ins enable you to assign rights to users and groups in a
consistent manner, because the mapped users and groups are treated as if they
were Enterprise accounts. For example, you might map some user accounts or
groups from Windows NT, and some from an LDAP directory server. Then, when
you need to assign rights or create new, custom groups within Crystal Enterprise,
you make all of your settings in the CMC.
Each security plug-in acts as an authentication provider that verifies user credentials
against the appropriate user database. When users log on to Crystal Enterprise,
they choose from the available authentication types that you have enabled and set
up in the Authorization management area of the CMC: Enterprise (the system
default), Windows NT, or LDAP.
Note: The Windows NT security plug-in cannot authenticate users if the Crystal
Enterprise server components are running on UNIX.
Crystal Enterprise security plug-in

The Crystal Enterprise security plug-in (secEnterprise.dll) is installed and
enabled by default when you install Crystal Enterprise on Windows or on UNIX.
This plug-in allows you to create and maintain user accounts and groups within
Crystal Enterprise; it also enables the system to verify all logon requests that
specify Enterprise Authentication. In this case, user names and passwords are
authenticated against the Crystal Enterprise user list, and users are allowed or
disallowed access to the system based solely on that information. For details on
setting up Enterprise users and groups, see Managing Enterprise and general
accounts on page 37.
Default accounts
When you first install Crystal Enterprise, this plug-in sets up two default
Enterprise accounts: Administrator and Guest. Neither account has a default
password. For details on setting these passwords, Making initial security
settings on page 13.
Single Sign On
The Crystal Enterprise authentication provider supports anonymous Single Sign
On for the Guest account. Thus, when users connect to ePortfolio without
specifying a user name and password, the system logs them on automatically
under the Guest account. If you assign a secure password to the Guest account, or
if you disable the Guest account entirely, you disable this default behavior. For
details, see Disabling the Guest account on page 14.
Sign Up
By default, users who are logged on under the Guest account also have the ability
to sign up and create their own, new accounts on the system. To disable this default
behavior, see Disabling the Sign Up feature on page 13.
21
Windows NT security plug-in

The Windows NT security plug-in (secWindowsNT.dll) allows you to map user
accounts and groups from your Windows NT user database to Crystal Enterprise;
it also enables the system to verify all logon requests that specify Windows NT
Authentication. Users are authenticated against the Windows NT user database
before the APS grants them an active Crystal Enterprise session. This plug-in is
compatible with NT 4 or Windows 2000 Active Directory user databases. For
information on mapping Windows NT users and groups to Crystal Enterprise, see
Managing NT accounts on page 44.
Once you have mapped your NT users and groups, all of the Crystal Enterprise
client tools support NT authentication, except for the Crystal Import Wizard. You
can also create your own applications that support NT authentication. For more
information, see the Crystal Enterprise Web Developers Guide.
Note: The Windows NT security plug-in cannot authenticate users if the Crystal
Enterprise server components are running on UNIX.
Default account
If you install Crystal Enterprise on Windows NT/2000 as an Administrator of the
local machine, then this plug-in is enabled by default. A new NT group (called
Crystal NT Users) is created on the local machine, and your NT user account is
added to the group. The Crystal NT Users group is then mapped to Crystal
Enterprise. The result is that you can log on to Crystal Enterprise with your usual
NT user credentials.
Single Sign On
The Windows NT security plug-in supports Single Sign On, thereby allowing
authenticated NT users to log on to Crystal Enterprise without explicitly entering
their credentials. The Single Sign On requirements depend upon the way in which
users access Crystal Enterprise. In both scenarios, the security plug-ins
authentication provider verifies the credentials against the Windows NT user
database before the APS grants the user an active Crystal Enterprise session:
To obtain NT Single Sign On functionality from a thick-client application (such
as the Crystal Publishing Wizard), the user must be running a Windows
operating system, and the application must use the Crystal Enterprise SDK.
In this scenario, the Windows NT security plug-in queries the operating system
for the current users credentials.
To obtain Single Sign On functionality over the Web, the system must use
Microsoft components only. Specifically, the user must be running Internet
Explorer on a Windows operating system, and the web server must be running
Internet Information Server (IIS).
In this scenario, Internet Explorer and IIS engage in Windows NT Challenge/
Response authentication before IIS forwards the users credentials to Crystal
Enterprise.
22
Note: IIS performs the Challenge/Response authentication for every web page
viewed. This can result in severe performance degradation.
For details on configuring IIS for Single Sign On, Setting up NT Single Sign
On on page 52.
Note: ePortfolio provides its own form of anonymous Single Sign On, which
uses Enterprise authentication, as opposed to Windows NT authentication.
Design your own web applications accordingly (or modify ePortfolio) if you want
to use NT Single Sign On. For information on NT Single Sign On, see Setting up
NT Single Sign On on page 52.
LDAP security plug-in

The LDAP security plug-in (secLDAP.dll) allows you to map user accounts and
groups from your LDAP directory server to Crystal Enterprise; it also enables the
system to verify all logon requests that specify LDAP Authentication. Users are
authenticated against the LDAP directory server before the APS grants them an
active Crystal Enterprise session. User lists and group memberships are
dynamically maintained by Crystal Enterprise.
LDAP authentication for Crystal Enterprise is similar to NT authentication in that
you can map groups and set up authentication, authorization, and alias creation.
In addition, you can do the following:
Implement LDAP authentication when Crystal Enterprise is running on
Windows or on UNIX.
Assign LDAP aliases to existing users if the user names match the Enterprise
user names.
Create new Enterprise accounts for existing LDAP users.
Map users and groups to the LDAP directory service (either manually or
automatically).
Specify multiple host names and their ports.
For information on mapping your LDAP users and groups to Crystal Enterprise,
see Managing LDAP accounts on page 54.
Once you have mapped your LDAP users and groups, all of the Crystal Enterprise
client tools support LDAP authentication, except for the Crystal Import Wizard.
You can also create your own applications that support LDAP authentication. For
more information, see the Crystal Enterprise Web Developers Guide.
More about LDAP
Lightweight Directory Access Protocol (LDAP), a common, application-independent
directory, enables users to share information among various applications. Based on
an open standard, LDAP provides a means for accessing and updating information
in a directory.
23
LDAP is based on the X.500 standard, which uses a directory access protocol
(DAP) to communicate between a directory client and a directory server. LDAP is
an alternative to DAP because it uses fewer resources and simplifies and omits
some X.500 operations and features.
The directory structure within LDAP has entries arranged in a specific schema.
Each entry is identified by its corresponding distinguished name (DN) or common
name (CN). Other common attributes include the organizational unit name (OU),
and the organization name (O). For example, a member group may be located in a
directory tree as follows: cn=Crystal Enterprise Users, ou=Enterprise Users A,
o=Research. Refer to your LDAP documentation for more information.
Because LDAP is application-independent, any client with the proper authorization
can access its directories. LDAP offers you the ability to set up users to log on to
Crystal Enterprise through LDAP authentication. It also enables users to be
authorized when attempting to access objects in Crystal Enterprise. As long as you
have an LDAP server (or servers) running, and use LDAP in your existing
networked computer systems, you can use LDAP authentication (along with
Enterprise and NT authentication).
Processing extensions
Crystal Enterprise offers you the ability to further secure your reporting
environment through the use of customized processing extensions. A processing
extension is a dynamically loaded library of code that applies business logic to
particular Crystal Enterprise view or schedule requests before they are processed
by the system.
Note: On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded
libraries are often referred to as shared libraries (.so file extension). You must
include the .dll or .so file extension when you name your processing extensions.
Through its support for processing extensions, the Crystal Enterprise
administration SDK essentially exposes a handle that allows developers to
intercept the request. Developers can then append selection formulas to the
request before the report is processed.
A typical example is a report-processing extension that enforces row-level
security. This type of security restricts data access by row within one or more
database tables. The developer writes a dynamically loaded library that intercepts
view or schedule requests for a report (before the requests are processed by the
Page Server or the Job Server). The developers code first determines the user who
owns the processing job; then it looks up the users data-access privileges in a
third-party system. The code then generates and appends a record selection
formula to the report in order to limit the data returned from the database. In this
case, the processing extension serves as a way to incorporate customized row-level
security into the Crystal Enterprise environment.
24
The CMC provides methods for registering your processing extensions with
Crystal Enterprise and for applying processing extensions to particular object. For
details, see Applying processing extensions to reports on page 142.
By enabling processing extensions, you configure the appropriate Crystal
Enterprise server components to dynamically load your processing extensions at
runtime. Included in the SDK is a fully documented API that developers can use
to write processing extensions. For details, see the Crystal Enterprise Web
Developers Guide.
Note: In the current release, processing extensions can be applied only to Crystal
report (.rpt) objects.
Active trust relationship

In a networked environment, a trust relationship between two domains is generally
a connection that allows one domain accurately to recognize users who have been
authenticated by the other domain. While maintaining security, the trust
relationship allows users to access resources in multiple domains without
repeatedly having to provide their credentials.
Within the Crystal Enterprise environment, the active trust relationship works
similarly to provide each user with seamless access to resources across the system.
Once the user has been authenticated and granted an active session, all other
Crystal Enterprise components can process the users requests and actions without
prompting for credentials. As such, the active trust relationship provides the basis
for Crystal Enterprises distributed security.
Tip: When combined with Single Sign On functionality, the active trust
relationship allows users to access their Crystal Enterprise resources without ever
having to explicitly provide credentials to Crystal Enterprise.
Logon tokens
A logon token is an encoded string that defines its own usage attributes and
contains a users session information. The logon tokens usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users. The current logon token usage attributes are:
Number of minutes
This attribute restricts the lifetime of the logon token.
Number of logons
This attribute restricts the number of times that the logon token can be used to
log on to Crystal Enterprise.
Both attributes hinder malicious users from gaining unauthorized access to Crystal
Enterprise with logon tokens retrieved from legitimate users.
25
Active trust relationship
Ticket mechanism for distributed security

Enterprise systems dedicated to serving a large number of users typically require
some form of distributed security. An enterprise system may require distributed
security, for instance, to support features such as load balancing, stateless
environments, or transfer of trust (the ability to allow another component to act on
behalf of the user).
Crystal Enterprise addresses distributed security by implementing a ticket
mechanism (one that is similar to the Kerberos ticket mechanism). The APS grants
tickets that authorize components to perform actions on behalf of a particular user.
In Crystal Enterprise, the ticket is referred to as the logon token.
This logon token is most commonly used over the Web. When a user is first
authenticated by Crystal Enterprise, he or she receives a logon token from the APS.
The users web browser caches this logon token. When the user makes a new
request, other Crystal Enterprise components can read the logon token from the
users web browser.
This use of the logon token provides the distributed security that is required for
load balancing to be implemented in conjunction with effective fault-protection.
For instance, suppose that you are running one web server and two Web
Component Servers, and each of the three components is running on a separate
machine. The Web Connector is installed on the web server, so as to direct all
Crystal Enterprise requests to the Web Component Servers. By default, the Web
Connector balances all Crystal Enterprise traffic across the two Web Component
Servers: when a user first connects to Crystal Enterprise, the Web Connector passes
the logon request to whichever Web Component Server has the most resources
available. If the log on is successful, the user is granted a logon token and an active
identity on the system.
The users active identity is stored as a session variable on the Web Component
Server that processed the request; consequently, the users active identity is not
immediately accessible by the other Web Component Server. For this reason, the
Web Connector uses the users logon token to route all of the users requests to the
Web Component Server that is storing the users session. By doing so, the Web
Connector maintains security while providing optimal performance: the users
identity is verified, but the system does not have to repeatedly prompt the user for
his or her credentials; in addition, the user is prevented from unnecessarily
consuming resources on both Web Component Servers.
If the Web Component Server that is storing the users active session is taken
offline, the logon token again serves a critical purpose. If one Web Component
Server ceases to respond to a users requests, ePortfolio and the CMC are designed
such that the Web Connector is instructed to redirect the request to the remaining
Web Component Server. The client application logs the user on with the valid
logon token, and the remaining Web Component Server is able to authenticate the
user and create a new, active session without prompting the user for his or her
26
credentials. The remaining Web Component Server can then authorize and carry
out the users request. In this way, the logon token enables the systems loadbalancing and fault-tolerance mechanisms to maintain a secure environment
without affecting the users experience.
In this scenario, when the original Web Component Server is brought back online,
the Web Connector automatically resumes its load-balancing responsibilities by
routing each subsequent request to the least used Web Component Server.
Note: Crystal Enterprise supports implementations of the Secure Sockets Layer
(SSL) protocol that rely upon affinity or sticky connections. However, in these
scenarios, the Web Connector may be prevented from automatically load
balancing across WCS machines.
Sessions and session tracking

In general, a session is a client-server connection that enables the exchange of
information between the two computers. A sessions state is a set of data that
describes the sessions attributes, its configuration, or its content. When you
establish a client-server connection over the Web, the nature of HTTP limits the
duration of each session to a single page of information; thus, your web browser
retains the state of each session in memory only for as long as any single Web page
is displayed. As soon as you move from one web page to another, the state of the
first session is discarded and replaced with the state of the next session.
Consequently, Web sites and Web applications must somehow store the state of
one session if they need to reuse its information in another.
Crystal Enterprise uses two common methods to store session state: cookies and
session variables. A cookie is a small text file that stores session state on the client
side: the users web browser caches the cookie for later use. The Crystal Enterprise
logon token is an example of this method. A session variable is a portion of memory
that stores session state on the server side. When Crystal Enterprise grants a user
an active identity on the system, information such as the users authentication type
is stored in a session variable. So long as the session is maintained, the system
neither has to prompt the user for the information a second time nor has to repeat
any task that is necessary for the completion of the next request.
Ideally, the system should preserve the session variable while the user is active on
the system. And, to ensure security and to minimize resource usage, the system
should destroy the session variable as soon as the user has finished working on the
system. However, because the interaction between a web browser and a web
server can be stateless, it can be difficult to know when users leave the system, if
they do not log off explicitly. To address this issue, Crystal Enterprise implements
session tracking.
27
Environment protection
WCS session tracking

The WCS implements session tracking similarly to most web servers. The serverside script pages (Crystal Server Pages) programmatically save variables to the
WCS session. By default, the WCS retains the session until the user explicitly logs
off, or until 20 minutes after the users last request (whichever occurs first).
Note:
If you are familiar with the SDK, you should note that a WCS session is an
instance of an InfoStore object.
The WCS session timeout can be programmatically configured in the serverside .csp pages to timeout earlier if the default of 20 minutes is not desired.
APS session tracking

The APS implements a simple tracking algorithm. When a user logs on, he or she
is granted an APS session, which the APS preserves until the user logs off, or until
the WCS session variable is released.
The WCS session is designed to notify the APS on a recurring basis that it is still
active, so the APS session is retained so long as the WCS session exists. If the WCS
session fails to communicate with the APS for a ten-minute time period, the APS
destroys the APS session. This handles scenarios where client-side components
shut down irregularly.
Note: If you are familiar with the SDK, you should note that an APS session is an
instance of an EnterpriseSession object.
Environment protection
Environment protection refers to the security of the overall environment in which
client and server components communicate. Although the Internet and web-based
systems are increasingly popular due to their flexibility and range of functionality,
they operate in an environment that can be difficult to secure. When you deploy
Crystal Enterprise, environment protection is divided into two areas of
communication:
Web browser to web server
Web server to Crystal Enterprise
28
Web browser to web server

When sensitive data is transmitted between the web browser and the web server,
some degree of security is usually required. Relevant security measures usually
involve two general tasks:
Ensuring that the communication of data is secure.
Ensuring that only valid users retrieve information from the web server.
These tasks are typically handled by web servers through various security
mechanisms, including the Secure Sockets Layer (SSL) protocol, Windows NT
Challenge/Response authentication, and other such mechanisms.
You must secure communication between the web browser and the web server
independently of Crystal Enterprise. For details on securing client connections,
refer to your web server documentation.
Web server to Crystal Enterprise

Firewalls are commonly used to secure the area of communication between the
web server and the rest of the corporate intranet (including Crystal Enterprise).
Crystal Enterprise supports firewalls that use IP filtering, static network address
translation (NAT), or SOCKS proxy servers, and it supports a multitude of
configurations. Supported environments can involve multiple firewalls, web
servers, or Web Component Servers.
For complete details on Crystal Enterprise and firewall interaction, see Working
with Firewalls on page 259.
Auditing web activity

Crystal Enterprise provides insight into your system by recording web activity and
allowing you to inspect and to monitor the details. The WCS allows you to select
the web attributessuch as time, date, IP address, port number, and so onthat
you want to record. The auditing data is logged to disk and stored in commadelimited text files, so you can easily report off the data or import it into other
applications. For more information, see Modifying logging behavior of the Web
Component Server on page 218.
29
Protection against malicious logon attempts

No matter how secure a system is, there is often at least one location that is
vulnerable to attack: the location where users connect to the system. It is nearly
impossible to protect this location completely, because the process of simply
guessing a valid user name and password remains a viable way to attempt to
crack the system.
Crystal Enterprise implements several techniques to reduce the probability of a
malicious user achieving access to the system. The various restrictions listed below
apply only to Enterprise accountsthat is, the restrictions do not apply to accounts
that you have mapped to an external user database (Windows NT or LDAP).
Generally, however, your external system will enable you to place similar
restrictions on the external accounts.
Password restrictions
Password restrictions ensure that Enterprise users create passwords that are
relatively complex. You can enable the following options:
Enforce mixed-case passwords
This option ensures that passwords contain at least two of the following
character classes: upper case letters, lower case letters, numbers, or punctuation.
Must contain at least N characters
By enforcing a minimum complexity for passwords, you decrease a malicious
users chances of simply guessing a valid users password.
Logon restrictions
Logon restrictions serve primarily to prevent dictionary attacks (a method
whereby a malicious user obtains a valid user name and attempts to learn the
corresponding password by trying every word in a dictionary). With the speed of
modern hardware, malicious programs can guess millions of passwords per
minute. To prevent dictionary attacks, Crystal Enterprise has an internal
mechanism that enforces a time delay (0.51.0 second) between logon attempts. In
addition, Crystal Enterprise provides several customizable options that you can
use to reduce the risk of a dictionary attack:
Disable accounts after N failed attempts to log on
Reset failed logon count after N minute(s)
Re-enable account after N minute(s)
30
User restrictions
User restrictions ensure that Enterprise users create new passwords on a regular
basis. You can enable the following options:
Must change password every N day(s)
Cannot reuse the N most recent password(s)
Must wait N minute(s) to change password
These options are useful in a number of ways. Firstly, any malicious user
attempting a dictionary attack will have to recommence every time passwords
change. And, because password changes are based on each users first logon time,
the malicious user cannot easily determine when any particular password will
change. Additionally, even if a malicious user does guess or otherwise obtain
another users credentials, they are valid only for a limited time.
Guest account restrictions

By default, users who are logged on under the Guest account also have the ability
to sign up and create their own, new accounts on the system. The Guest account
restrictions allow you to disable this default behavior. For details, see Disabling
the Sign Up feature on page 13.
The Crystal Enterprise authentication provider supports anonymous Single Sign
On for the Guest account. Thus, when users connect to ePortfolio without
specifying a user name and password, the system logs them on automatically
under the Guest account. If you assign a secure password to the Guest account, or
if you disable the Guest account entirely, you disable this default behavior. For
details, see Disabling the Guest account on page 14.
31
32
Managing User Accounts and Groups
This chapter describes the tasks related to account

management for users and groups. It includes instructions
that describe how to add, modify, and remove accounts
within Crystal Enterprise. It also details how to use and
integrate NT and LDAP authentication with Crystal
Enterprise.
33
What is account management?
What is account management?

Account management can be thought of as all of the tasks related to creating,
mapping, changing, and organizing user and group information. The Users and
Groups management areas of the Crystal Management Console (CMC) provide
you with a central place to perform all of these tasks.
In the Users area, you can specify everything required for a user to access Crystal
Enterprise. To create user accounts, specify the following:
account name (required)
full name
description
password settings
connection type
group membership
In the Groups area, you can create groups that give a number of people access to
the report or folder. This enables you to make changes in one place instead of
modifying each user account individually. To create groups, specify the following:
group name (required)
description
users who belong to the group
subgroups that belong to the group
group membership
After the user accounts and groups have been created, you can add report objects
and specify rights to them. When the users log on, they can view the reports using
ePortfolio or their custom web application. For more information on objects and
rights, see Object rights overview on page 96.
Crystal Enterprise default users and groups

This section lists and describes the different types of default users and groups that
are found within Crystal Enterprise. Users are members of a group or groups
their rights are determined by which group or groups they are associated with
(and also by their user rights).
Default users
There are two default users included with Crystal Enterprise: Administrator and
Guest. These users and any new users (created or mapped users) are members of
a group or groups. For procedures on managing users, see Managing Enterprise
and general accounts on page 37.
34
4: Managing User Accounts and Groups
Administrator
The Administrator user belongs to the Administrators and Everyone groups. This
user is able to perform all of the tasks in all of the Crystal Enterprise applications
(for example, the Crystal Management Console, Crystal Configuration Manager,
Crystal Publishing Wizard, and ePortfolio). By default, the administrator is not
assigned a password. To assign a password, see Setting the Administrator
password on page 13.
Guest
The Guest user is a member of the Everyone group. This user can view reports that
are found within the Report Samples folder. Generally, the Guest user accesses
reports through ePortfolio. This account is enabled by default. To disable this
default setting, see Disabling the Guest account on page 43.
Note: If users in multiple time zones use the Guest account, see Supporting
ePortfolio users in multiple time zones on page 321.
Default groups
There are three default groups created in Crystal Enterprise: Administrators,
Everyone, and New Sign-Up Accounts. In addition to organizing users and
simplifying administration, groups enable you to determine the functionality a
user has access to. For procedures on managing groups, see Managing Enterprise
and general accounts on page 37.
Administrators
Users who belong to the Administrators group are able to perform all tasks in all
of the Crystal Enterprise applications (Crystal Management Console, Crystal
Configuration Manager, Crystal Publishing Wizard, and ePortfolio).
Note: To use the Crystal Configuration Manager, you may be required to have
additional rights on the local machine. For more information, see Working with
the Crystal Configuration Manager on page 11.
Everyone
Each user is a member of the Everyone group by default. Users are able to access
all of the Crystal Enterprise applications. By default, the Everyone group allows
access to all the reports that are found in the Report Samples folder.
New Sign-Up Accounts

Users who belong to the New Sign-up Accounts group have created their own
accounts through the sign-up feature in ePortfolio. See Disabling the Sign Up
feature on page 43 if you would like to disable this sign-up feature in ePortfolio.
By default, members of this group are able to view reports specified by the
administrator and perform report and folder tasks. The purpose of this group is to
35
Available authentication types
enable automatic tracking of users who have signed themselves up through the
sign-up feature in ePortfolio.
Note: Members of the New Sign-Up Accounts group also belong to the Everyone
group. If you restrict access to the New Sign-Up accounts group, ensure that the
change is also made for the Everyone group. You can also restrict access by
specifying the Advanced rights for the New Sign-Up Accounts group. For more
information on rights, see Setting advanced object rights on page 100.
Default Windows NT group

When you install Crystal Enterprise on Windows NT/2000, by default, Crystal
Enterprise creates a Crystal NT Users groupthis group is also added to Windows
NT/2000.
Crystal NT Users
When NT authentication is enabled, Crystal NT Users can use their NT accounts to
log on to Crystal Enterprise. By default, members of this group are able to view
folders and reports.
Available authentication types

Before setting up user accounts and groups within Crystal Enterprise, decide
which of the three authentication types you want to use:
Enterprise authentication
Use the system default Enterprise Authentication if you prefer to create distinct
accounts and groups for use with Crystal Enterprise, or if you have not already set
up a hierarchy of users and groups in a Windows NT user database or an LDAP
directory server. See Managing Enterprise and general accounts on page 37.
Windows NT authentication
If you are working in a Windows NT environment (Windows NT/2000), you
can use existing NT user accounts and groups in Crystal Enterprise. When you
map NT accounts to Crystal Enterprise, users are able to log on to ePortfolio
with their NT user name and password. This eliminates the need to recreate
individual user and group accounts within Crystal Enterprise. For more
information, see Managing NT accounts on page 44.
LDAP authentication
If you set up an LDAP directory server, you can use existing LDAP user
accounts and groups in Crystal Enterprise. When you map LDAP accounts to
Crystal Enterprise, users are able to access ePortfolio with their LDAP user
name and password. This eliminates the need to recreate individual user and
group accounts within Crystal Enterprise. For more information, see
Managing LDAP accounts on page 54.
Note: You can use Enterprise Authentication in conjunction with either NT or
LDAP authentication, or both.
36
Managing Enterprise and general accounts

Since Enterprise authentication is the default authentication method for Crystal
Enterprise, it is automatically enabled when you first install Crystal Enterprise.
When you add and manage users and groups, Crystal Enterprise maintains the
user and group information within its database.
This section focuses on the following account management tasks:
Creating a user account on page 37
Modifying a user account on page 39
Deleting a user account on page 39
Changing password settings on page 40
Creating a group on page 41
Modifying a group on page 42
Viewing group members on page 42
Deleting a group on page 43
Disabling the Sign Up feature on page 43
Disabling the Guest account on page 43
Note: In many cases, these procedures also apply to NT and LDAP account
management. For specific information on NT authentication, see Managing NT
accounts on page 44. For specific information on LDAP authentication, see
Managing LDAP accounts on page 54.
Creating a user account

When you create a new user, you specify the users properties and select the group
or groups for the user.
To create a user account

Creating a user account is made up of two processes: defining the property
information, and adding the user to a group or groups.
Defining the property information
2 Click New User.
3 On the Properties tab, type the account name, full name, and description
information.
Use the description area to include extra information about the user or account.
37
4 Specify the password information and settings. Options include:

Password
Enter the password and confirm. This is the initial password that you
assign to the user. The maximum password length is 64 characters.
Password never expires
Select the check box.
User must change password at next logon
This check box is selected by default. If you do not want to force users to
change the password the first time they log on, clear the check box.
User cannot change password
Select the check box.
5 Select the connection type.
Concurrent User
Choose Concurrent user if this user belongs to a license agreement that
states the number of users allowed to be connected at one time.
Named User
Choose Named user if this user belongs to a license agreement that
associates a specific user with a license. Named user licenses are useful for
people who require access to Crystal Enterprise regardless of the number of
other people who are currently connected.
6 Click OK.
Adding the user to groups
1 Click the Member of tab to specify the group or groups the user should belong to.
Note: By default, all Crystal Enterprise users of the system are part of the
Everyone group.
2 Click the Member of button to view the available groups.
3 In the Available groups area, select the group(s) that the new user should be a
member of.
Use SHIFT+click or CTRL+click to select multiple groups.
4 Click the > arrow to add the group(s); click the < arrow to remove the group(s).
5 Click OK.
The Member of tab appears and lists the groups in which the user is a member.
38
Modifying a user account

Use this procedure to modify a users properties or group membership.
Note: The user will be affected if he or she is logged on when you are making the
change.
To modify a user account

2 Under Account Name, click the link to the user whose properties you want to
change.
3 Make the required changes, as necessary, in the available fields.
In addition to all of the options that were available when you initially created
the account, you now can disable the account by selecting the Account is
disabled check box. You can also assign aliasesfor more information, see
Using account aliases for NT on page 49 and Using account aliases for
LDAP on page 59.
4 Click Update.
Deleting a user account

Use this procedure to delete a users account. The user might receive an error if
they are logged on when their account is deleted.
To delete a user account

Use the delete function to remove the account permanently. If you think the user
might require access to the account again in the future, select the Account is
disabled check box in the Properties page of the selected user. For procedural
information, see Modifying a user account on page 39.
2 Select the check box associated with the user you want to delete.
3 Click Delete.
The delete confirmation dialog box appears.
4 Click OK.
The user account is deleted.
Note: If your implementation supports the sign-up feature, users who have had
their accounts deleted are able to create a new account for themselves in
ePortfolio.
39
Changing password settings

Within the Crystal Management Console, you can change the password settings
for a specific user or for all users in the system. For information, see Protection
against malicious logon attempts on page 30.
The various restrictions listed below apply only to Enterprise accountsthat is, the
restrictions do not apply to accounts that you have mapped to an external user
database (Windows NT or LDAP). Generally, however, your external system will
enable you to place similar restrictions on the external accounts.
To change user password settings

2 Click the user whose password settings you want to change.
The Properties tab appears.
3 Select or clear the check box associated with the password setting you wish to
change.
The available options are:
Password never expires
User must change password at next logon
User cannot change password
4 Click Update.
To change password settings

3 Select the check box and enter the value related to the password setting.
The table below identifies the minimum and maximum values for each of the
settings you can configure:
Password Setting
Minimum
Recommended
Maximum
Must contain at least N characters
0 characters
64 characters
Must change password every N days
1 day
100 days
Cannot reuse the N most recent password
1 password
100 passwords
Wait N minutes to change password
1 minute
100 minutes
Disable account after N failed attempts
1 failed
100 failed
Reset failed logon count after N minutes
1 minute
100 minutes
Re-enable account after N minutes
1 minute
100 minutes
4 Click Update.
40
Creating a group
Groups are collections of users who share the same account privileges. For
instance, you may create groups that are based on department, role, or location.
Groups enable you to make changes in one place (a group) instead of modifying
each user account individually. Also, you can assign object rights to a group or
groups. For information on object rights, see Report object management on
page 139.
After creating a new group, you can add users, add subgroups, or specify group
membership so that the new group is actually a subgroup. Because subgroups
provide you with additional levels of organization, they are useful when you set
object rights to control users access to your Crystal Enterprise content.
To create a new group

1 Go to the Groups management area of the CMC.
2 Click New Group.
3 On the Properties tab, enter the group name and description.
4 Click OK.
Adding users
1 Click the Users tab.
2 Click Add/Remove Users.
3 Select the users to add to the group; then click the > arrow.
Tip:
To select multiple users, use the SHIFT+click or CTRL+click combination.
To search for a specific user, use the Look For field.
If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
4 Click OK.
The Users tab appears.
It lists all of the users who belong to this group.
Adding subgroups
1 Click the Subgroups tab.
2 Click Add/Remove Subgroups.
3 Select the groups that should be members of this new group; then click the >
arrow.
4 Click OK.
41
Specifying group membership

1 Click the Member of tab.
2 Click the Member of button.
3 Select the parent groups that this new group will be a member of; then click
the > arrow.
Any rights associated with the parent group will be inherited by the new group
you have created.
4 Click OK.
Modifying a group
You can modify a group by making changes to any of the settings.
Note: The users who belong to the group will be affected by the modification if
they are logged on when you are making changes.
To modify a group
2 Under the Group Name column, click the link to the group whose
configuration you want to change.
3 Make the necessary changes in one of the four tabs:
Properties
Users
Subgroups
Member of
4 Depending on which tab you have selected, click OK or Update after you have
made your changes.
Viewing group members

You can use this procedure to view the users who belong to a specific group.
To view group members

2 Under Group Name, click the desired group.
3 Click Users.
4 Click Refresh.
It may take a few minutes for your list to refresh if you have a large number of
users in the group or if your group is mapped to an NT user database or LDAP
user directory.
42
Deleting a group
You can delete a group when that group is no longer required.
Note: The users who belong to the group will be affected by the change if they are
logged on when the group is deleted.
To delete a group
2 Select the check box associated with the group you want to delete.
3 Click Delete.
The delete confirmation dialog box appears.
4 Click OK.
Disabling the Sign Up feature

When users connect to ePortfolio without specifying a user name and password, the
system logs them on automatically under the Guest account. By default, each user then
can sign up and create a new account on the system. You have the option to change
this default behavior and to prevent guest users from creating their own accounts.
To disable the Sign Up feature

3 In the Guest Account Restrictions area, clear the Guest users can create
their own Enterprise accounts check box.
4 Click Update.
Disabling the Guest account

By disabling the Guest account, you ensure that no one can log on to Crystal
Enterprise with this account. By disabling the Guest account, you also disable the
anonymous Single Sign On functionality of ePortfolio, so users will be unable to
access ePortfolio without providing a valid user name and password.
To disable the Guest account

2 In the Account Name column, click Guest.
3 On the Properties tab, select the Account is disabled check box.
4 Click Update.
5 If you are prompted for confirmation, click OK.
43
Managing NT accounts
This section provides an overview of NT authentication and the tasks related to
managing it. For information on how NT authentication works in conjunction with
Crystal Enterprise, see Windows NT security plug-in on page 22.
Note: NT authentication only works for servers running on Windows systems. If
you install Crystal Enterprise on a Windows NT/2000 machine, NT authentication
is installed and enabled by default.
Working with NT accounts

This section describes tasks related to NT user and group accounts in Crystal
Enterprise. It includes information about:
Mapping NT accounts on page 44
Unmapping NT users and groups on page 47
Viewing mapped NT users and groups in Crystal Enterprise on page 48
Using account aliases for NT on page 49
Troubleshooting NT accounts on page 51
Setting up NT Single Sign On on page 52
Note: NT accounts refer to both Windows NT and 2000 accounts.
Mapping NT accounts
To simplify administration, Crystal Enterprise supports user and group accounts
that are created using Windows NT/2000. However, before users can use their NT
user name and password to log on to Crystal Enterprise, their NT user account
needs to be mapped to Crystal Enterprise. When you map an NT account, you can
choose to create a new Crystal Enterprise account or link to an existing Crystal
Enterprise account.
There are two ways to map NT accounts to Crystal Enterprise: you can use either
the User Manager in Windows NT or Computer Management in Windows 2000,
or you can use the Crystal Management Console in Crystal Enterprise.
To map NT users and groups using Windows NT

1 From the Windows Administrative Tools program group, click User Manager.
Note: Ensure that you have selected the domain that contains the Crystal NT
Users group.
2 Select the Crystal NT Users group.
Note: The Crystal NT Users group is created automatically in Windows NT/
2000 when you install Crystal Enterprise on Windows NT/2000.
44
3 From the User menu, click Properties.

4 Click Add.
5 Select the group(s) and/or user(s); then click Add.
6 Click OK to add the group(s) and/or user(s).
7 Click OK to complete the process.
Tip: Users will now be able to log on to ePortfolio using their NT account if they
use the following format:
\\NTDomainName\NTusername or
\\NTMachineName\LocalUserName
Users do not have to specify the NT Domain Name if it is specified in the

Default NT Domain field on the Windows NT tab.
To map NT users and groups using Windows 2000

1 From the Windows Administrative Tools program group, click Computer
Management.
2 Under System Tools, select Local Users and Groups.
3 Click the Groups folder.
4 Select the Crystal NT Users and from the Action menu, select Properties.
5 Click Add.
6 Select the group(s) and/or user(s); then click Add.
7 Click OK to add the group(s) and/or user(s).
8 Click OK or Apply (and then Close) to complete the process.
Tip: Users will now be able to log on to ePortfolio using their NT account if they
use the following format:
\\NTDomainName\NTusername or
\\NTMachineName\LocalUserName
Users do not have to specify the NT Domain Name if it is specified in the

Default NT Domain field on the Windows NT tab.
To map NT users and groups using Crystal Enterprise

Before starting this procedure, ensure you have the NT domain and group
information.
2 Click the Windows NT tab.
45
3 Ensure that the NT Authentication is enabled check box is selected.

4 Complete the Default NT Domain field.
Note: By typing the default NT Domain Name, users do not have to specify the
NT Domain Name when they log on to Crystal Enterprise via NT
authentication.
5 Enter the NT domain\group in the Add NT Group (NT Domain\\Group) field.
Note: If you want to map a local NT group, you must type
\\NTmachinename\groupname.
6 Click Add.
The group is added to the list.
7 Select either:
Assign each added NT alias to an account with the same name
Use this option when you know some users have an existing Enterprise
account with the same name; that is, NT aliases will be assigned to existing
users (auto alias creation is turned on). Users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and NT account, will be added as a user to the Enterprise account (with the
user information that is stored in the NT account).
or
Create a new account for every added NT alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in
ePortfolio, the user will have separate NT and Enterprise accounts.
46
8 Click Update.
A message appears stating that it will take several seconds to update the
member groups.
9 Click OK.
Unmapping NT users and groups

Similar to mapping, it is possible to unmap users and groups using the
administrative tool in Windows NT/2000, or Crystal Enterprise.
To unmap NT users and groups using Windows NT

1 From the Administrative Tools program group, click User Manager.
2 Select Crystal NT Users.
3 From the User menu, click Properties.
4 Select the user(s) or group(s); then click Remove.
5 Click OK.
The user or group will no longer be able to access Crystal Enterprise.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their own
accounts through the sign-up feature. To restrict access, disable or delete the
users Enterprise account and disable the ability for guests to add users
anonymously. For more information, see Managing Enterprise and general
accounts on page 37.
To unmap NT users and groups using Windows 2000

1 From the Administrative Tools program group, click Computer Management.
2 Under System Tools, select Local Users and Groups.
3 Click the Groups folder.
4 Select Crystal NT Users.
5 From the Action menu, click Properties.
6 Select the user(s) or group(s); then click Remove.
7 Click OK or Apply (and then Close) to complete the process.
The user or group will no longer be able to access Crystal Enterprise.
Note: The only exceptions to this occur when a user has an alias to an Enterprise
account, or if your implementation allows users to create their own accounts
through the sign-up feature. To restrict access, disable or delete the users
Enterprise account and disable the ability for guests to add users anonymously.
For more information, see Managing Enterprise and general accounts on
page 37.
47
To unmap NT users and groups using Crystal Enterprise

3 In the Mapped NT Member Groups area, select the NT group you would like
to remove.
4 Click Delete.
5 Click Update.
The user or group will not be able to access Crystal Enterprise.
Tip: To deny NT Authentication for all groups, clear the NT Authentication is
enabled check box and click Update.
Note: The only exceptions to this occur when a user has an alias to an Enterprise
account, or if your implementation allows users to create their own accounts
through the sign-up feature. To restrict access, disable or delete the users
Enterprise account and disable the ability for guests to add users anonymously. For
more information, see Managing Enterprise and general accounts on page 37.
Viewing mapped NT users and groups in Crystal Enterprise

There are two methods to view mapped users and groups in Crystal Enterprise.
The method you use depends on the way the groups and users have been mapped.
To view users and groups that have been added using Windows NT/
2000 or Crystal Enterprise
2 If you added users and groups through Windows NT/2000, then click Crystal
NT Users.
If you added users and groups through the CMC, then select the appropriate group.
3 Click the Users tab.
4 Click OK to the message which states that accessing the user list may take
several seconds.
5 Click Refresh User List.
6 Click OK.
To view users and groups that have been added using Crystal Enterprise
The Mapped NT Member Groups area displays the groups that have been
mapped to Crystal Enterprise.
Note: You can view the groups and users by selecting the appropriate group
from the Groups management area and then clicking the Users tab.
48
Using account aliases for NT

If a user has multiple accounts in Crystal Enterprise, you can link them using the
assign alias feature. This is useful when you are aware of a user who has an NT
account mapped to Enterprise and an Enterprise account. By using an alias, the
user is able to use either an NT user name and password or an Enterprise user
name and password to log on. Thus, an alias enables a user to log on via more than
one authentication type.
You can also reassign an alias in Crystal Enterprise. For example, when you map
your NT accounts to Crystal Enterprise, if an alias is auto-mapped incorrectly, you
can use the Reassign Alias feature to update the mapped account information. This
occurs when the NT user name is different from the Enterprise account user name;
that is, if a user has the name Test User 1 in NT and the name 1234 User Test in
Crystal Enterprise, the auto-mapping feature (when you map your NT account to
Crystal Enterprise) will not assign Test User 1 the 1234 User Test alias. This
scenario only occurs when you choose the Assign each added NT alias to an
account with the same name option when you map your NT accounts to Crystal
Enterprise.
This section describes how to assign an NT alias, reassign an NT alias, and view
alias information.
To assign an NT alias
2 Select the user you want to create an alias for.
3 Click the Assign Alias button.
4 Select the appropriate NT alias or aliases.
5 Click the > arrow.
Tip:
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the users account will be deleted.
The Properties tab appears with the new alias listed. By default, NT, LDAP, and
Enterprise authentication methods are available.
49
To reassign an NT alias
2 Select the user whose alias you would like to change.
3 Click the Reassign Alias button.
Note: If there is only one alias for the user, you will receive a message asking
you to confirm that you wish to continue.
4 Click either Assign the Alias to a new user or select an existing user.
Note:
If you choose to assign the alias to a different user, and the original user
had only one NT alias and does not have an Enterprise alias, the users
original favorites folder will be deleted. As a result, the user will not be able
to access any reports that used to be in the original favorites folder.
When you assign an alias, you are moving an alias to the current user;
when you reassign an alias, you are moving the alias away from the
current user.
Tip:
5 Click OK.
To view alias information

1 In the Account Management area, click Users.
2 Select the user whose alias information you would like to view.
The bottom portion of the properties page contains the alias information. A user
can have any combination of Crystal Enterprise aliases, NT aliases, or LDAP
aliases. A Crystal Enterprise alias is generated when a new account is created.
An NT alias is created when users are mapped from NT to Crystal Enterprise.
Users will have both a Crystal Enterprise alias and an NT alias when their NT
accounts have been assigned to a Crystal Enterprise user.
50
Troubleshooting NT accounts
Creating a new NT user account
If you create a new NT user account, and the account does not belong to a
group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see Mapping NT accounts on page 44.
If you create a new NT user account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the user list. For more
information, see Viewing mapped NT users and groups in Crystal
Enterprise on page 48.
Creating a new NT group account

If you create a new NT group account, and the group account does not belong
to a group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see Mapping NT accounts on page 44.
If you create a new NT group account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the group list. For more
information, see Viewing mapped NT users and groups in Crystal
Disabling an NT user account

If you disable an NT user account, and that NT user account is mapped to
Crystal Enterprise, the user will not be able to log on to Crystal Enterprise,
except via Enterprise authentication.
Disabling an NT group account

If you disable an NT group account, and that NT group account is mapped to
Crystal Enterprise, the users who belong to that group will not be able to log
on to Crystal Enterprise, except via Enterprise authentication.
51
Setting up NT Single Sign On

You can configure Crystal Enterprise to allow users to use various Crystal
Enterprise applications without being prompted to log on. Users need only to enter
their NT user name and password information once at the beginning of the NT
session. For instance, if you have set up NT Single Sign On, when you launch the
CMC, NT authentication occurs in the background. You are not required to enter
any additional information.
Note: This feature is available if you are using a Microsoft Internet Information
Server (IIS) web server and users are using Internet Explorer as their web
browser. See the Platforms.txt file included with your product distribution for a
complete list of version requirements.
ePortfolio provides its own form of anonymous Single Sign On, which uses
Enterprise authentication, as opposed to Windows NT authentication. Design
your own web applications accordingly (or modify ePortfolio) if you want to use
NT Single Sign On. By default, when a user launches ePortfolio, he or she will be
automatically logged on using the Guest account (Enterprise authentication). You
can disable this featurefor more information, see Disabling the Sign Up
feature on page 43. However, even when you disable the Sign Up feature,
ePortfolio is designed to display a logon page. With Single Sign On enabled, the
user can select Windows NT from the Authentication list and click Log On without
entering his or her user name or password. In the Crystal Enterprise Web Developers
Guide, refer to lesson 2 of the tutorial for an example on creating a web application
that uses Single Sign On.
Setting up NT Single Sign On involves two processes:
Configuring the IIS web server
Using the documentation included with your IIS server, change the access and
authentication settings for the Enterprise virtual directory. Disable the settings
for allowing Anonymous access and Basic authentication options. Ensure
that the setting for Windows NT Challenge/Response (also referred to as
Integrated Windows authentication) is enabled.
Note: Crystal Enterprise does not support the Kerberos protocol.
Configuring the Web Component Server
Use the Crystal Configuration Manager (CCM) to configure the Web
Component Server.
52
To configure the Web Component Server using the CCM

1 From the Crystal Enterprise program group, click Crystal Configuration
Manager.
Note: To use the CCM, you must have NT administrator rights on the local
machine. If you are managing servers on a remote machine, you must also
have NT administrator rights on the machine you are connecting to.
Depending on the configuration of your network, you might be prompted to
enter a user name and password.
2 Select the Crystal Web Component Server; then click the Stop button.
3 Either double-click the Crystal Web Component Server or right-click the
Crystal Web Component Server and select Properties.
4 Click the Configuration tab.
5 Select the Use Windows NT Integrated security (NT Challenge/Response)
check box.
6 Click OK.
7 Restart the Web Component Server by selecting the Crystal Web Component
Server and then clicking the Start button.
53
Managing LDAP accounts

Since Enterprise authentication is the default authentication method for Crystal
Enterprise, it is automatically enabled when you first install Crystal Enterprise.
When you add and manage users and groups, Crystal Enterprise maintains the user
and group information within its database. To use LDAP authentication, you need
to first ensure that you have your respective LDAP directory set up. For more
information about LDAP, refer to your LDAP documentation. For more information
on the LDAP security plug-in, see LDAP security plug-in on page 23.
Note: When you install Crystal Enterprise, the LDAP authentication plug-in is
installed automatically, but not enabled by default.
Working with LDAP accounts

This section describes tasks related to LDAP accounts in Crystal Enterprise. In
particular, it includes information on:
Configuring LDAP authentication and mapping LDAP accounts on page 54
Unmapping LDAP users and groups on page 57
Viewing mapped LDAP users and groups in Crystal Enterprise on page 58
Changing connection parameters and member groups on page 58
Managing multiple LDAP hosts on page 58
Using account aliases for LDAP on page 59
Troubleshooting LDAP accounts on page 61
Configuring LDAP authentication and mapping LDAP accounts

To simplify administration, Crystal Enterprise supports LDAP authentication for
user and group accounts. Before users can use their LDAP user name and
password to log on to ePortfolio, you need to map their LDAP account to Crystal
Enterprise. When you map an LDAP account, you can choose to create a new
Crystal Enterprise account or link to an existing Crystal Enterprise account.
Before setting up and enabling LDAP authentication, ensure that you have your
LDAP directory set up. For more information, refer to your LDAP documentation.
To set up LDAP authentication using Crystal Enterprise

2 Click the LDAP tab.
54
3 Ensure that the LDAP Authentication is enabled check box is selected.

4 Select your server type from the LDAP Server Type list. Click Show Attribute
Mappings if you want to view or change any of the LDAP Server Attribute
Mappings or the LDAP Default Search Attributes.
By default, each supported server types server attribute mappings and search
attributes are already set.
55
5 In the LDAP Hosts area, type your LDAP host and port information in the
Add LDAP host (hostname:port) field (for example, myserver:123); then
click Add.
You can add more than one LDAP host of the same server type by repeating this
step. If you want to remove a host, highlight the host name and click Delete. For
more information on multiple hosts, refer to Managing multiple LDAP hosts
on page 58.
6 In the LDAP Server Administration Credentials area, enter the
distinguished name in the Distinguished Name field and the appropriate
password in the Password field.
If your LDAP Server allows querying and comparing for anonymous users,
leave this area blankCrystal Enterprise servers and clients will bind to the
primary host via anonymous logon.
7 Enter another distinguished name and password in the LDAP Referral
Credentials area if all of the following apply:
The primary host has been configured to refer to another directory server
that handles queries for entries under a specified base.
The host being referred to has been configured to not allow querying and
comparing for anonymous users.
A group from the host being referred to will be mapped to Crystal
Enterprise.
Although groups can be mapped from multiple hosts, only one set of referral
credentials can be set.
8 Enter the number of referral hops in the Maximum Referral Hops field.
If this field is set to zero, no referrals will be followed.
9 In the Base LDAP Distinguished Name field, type the distinguished name
(for example, o=SomeBase).
Note: If you are setting up LDAP authentication for the first time, before you
add any groups, you must click Update before you can continue to the next
step. This updates Crystal Enterprise with the LDAP host and base name.
10 In the Mapped LDAP Member Groups area, specify your LDAP group
(either by common name or distinguished name) in the Add LDAP group (by
cn or dn) field; click Add.
You can add more than one LDAP group by repeating this step. To remove a
group, highlight the LDAP group and click Delete.
56
11 Select either:
Assign each added LDAP alias to an account with the same name
Use this option when you know users have an existing Enterprise account
with the same name; that is, LDAP aliases will be assigned to existing users
(auto alias creation is turned on). For users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and LDAP account, they will be added as a user to the Enterprise account
(with the user information that is stored in the LDAP account).
or
Create a new account for every added LDAP alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in
ePortfolio, the user will have separate LDAP and Enterprise accounts.
12 Click Update.
13 Click OK to confirm your changes to the member groups.
Unmapping LDAP users and groups

Similar to mapping, it is possible to unmap users and groups using Crystal
Enterprise.
To unmap LDAP users and groups using Crystal Enterprise

2 Click the LDAP tab.
3 In the Mapped LDAP Member Groups area, select the LDAP group you would
like to remove.
4 Click Delete.
5 Click Update.
The user or group will not be able to access Crystal Enterprise.
Tip: To deny LDAP Authentication for all groups, clear the LDAP
Authentication is enabled check box and click Update.
Note: The only exceptions to this occur when a user has an alias to an
Enterprise account, or if your implementation allows users to create their
own accounts through the sign-up feature. To restrict access, disable or
delete the users Enterprise account and disable the ability for guests to add
users anonymously. For more information, see Managing Enterprise and
general accounts on page 37.
57
Viewing mapped LDAP users and groups in Crystal Enterprise

You can view your LDAP mapped groups in Crystal Enterprise by clicking the
LDAP tab (located in the Authorization management area)the Mapped LDAP
Member Groups area displays the LDAP groups that have been mapped to Crystal
Enterprise.
Changing connection parameters and member groups

On the LDAP page, you can change any of the connection parameter areas or
fields: LDAP Hosts, LDAP Server Administration Credentials, LDAP Referral
Credentials, Maximum Referral Hops, or Base LDAP Distinguished Name. You
can also modify the Mapped LDAP Member Groups area. However, if you attempt
to change a connection parameter area or field and modify the mapped group list
at the same time, a warning message will appear when you click Update. This is
because this operation may fail; you should change your connection parameter
areas or fields and modify your mapped group list separately. To do this, make
your changes in the following order:
1 Delete currently mapped groups that will no longer be accessible under the
new connection settings.
Note: Click Update after this step (and the remaining steps) to enter your
changes.
2 Change your connection settings.
3 Map your new LDAP member groups.
Managing multiple LDAP hosts

Using LDAP and Crystal Enterprise, you can map users from multiple LDAP
hosts. Administrators must specify all hosts from which users get mapped in order
for these users to be able to be authenticated.
You can add multiple LDAP Hosts in the LDAP page (in the LDAP Hosts area)
through the Crystal Management Console. Crystal Enterprise servers and clients
will bind to the first host in the list. Because of this, the first host must be
configured to refer to all of the other hosts in the list. For more information about
LDAP hosts and referrals, see your LDAP documentation.
Note: The order in which the hosts are communicated with matters, so ensure that
you add the primary host first, followed by the remaining hosts.
58
Using account aliases for LDAP

If a user has multiple accounts in Crystal Enterprise, you can link them using the
assign alias feature. This is useful when you are aware of a user who has an LDAP
account mapped to Enterprise and an Enterprise account. The user is able to use
either an LDAP user name and password or an Enterprise user name and
password to log on. Thus, an alias enables a user to log on via more than one
authentication type.
You can also reassign an alias in Crystal Enterprise. For example, when you map
your LDAP accounts to Crystal Enterprise, if an alias is auto-mapped incorrectly,
you can use the Reassign Alias feature to update the mapped account information.
This occurs when the LDAP user name is different from the Enterprise account
user name; that is, if a user has the name Test User 1 in LDAP and the name
1234 User Test in Crystal Enterprise, the auto-mapping feature (when you map
your LDAP account to Crystal Enterprise) will not assign Test User 1 the 1234
User Test alias. This scenario only occurs when you choose the Assign each
added LDAP alias to an account with the same name option when you map your
LDAP accounts to Crystal Enterprise.
This section describes how to assign an LDAP alias, reassign an LDAP alias, and
view alias information.
To assign an LDAP alias

2 Select the user you want to create an alias for.
3 Click Assign Alias.
4 Select the appropriate LDAP alias or aliases.
5 Click the > arrow.
Tip:
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the users account will be deleted.
The Properties tab appears with the new alias listed. By default, LDAP, NT, and
Enterprise authentication methods are available.
59
To reassign an LDAP alias

2 Select the user whose alias you would like to change.
3 Click Reassign Alias.
Note: If there is only one alias for the user, you will receive a message asking
you to confirm that you wish to continue.
4 Click either Assign the Alias to a new user or select an existing user.
Note:
If you choose to assign the alias to a different user, and the original user
had only one LDAP alias and does not have an Enterprise alias, the users
original favorites folder will be deleted. As a result, the user will not be able
to access any reports that used to be in the original favorites folder.
When you assign an alias, you are moving an alias to the current user;
when you reassign an alias, you are moving the alias away from the current
user.
Tip:
To select multiple users, use the SHIFT+click or CTRL+Click combination.
5 Click OK.
To view alias information

1 In the Account Management area, click Users.
2 Select the user whose alias information you would like to view.
The bottom portion of the properties page contains the alias information. A user
can have any combination of Crystal Enterprise aliases, LDAP aliases, or NT
aliases. A Crystal Enterprise alias is generated when a new account is created.
An LDAP alias is created when users are mapped from LDAP to Crystal
Enterprise. Users will have both a Crystal Enterprise alias and an LDAP alias
when their LDAP accounts have been assigned to a Crystal Enterprise user.
60
Troubleshooting LDAP accounts

Creating a new LDAP user account
If you create a new LDAP user account, and the account does not belong to a
group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see Configuring LDAP authentication and
mapping LDAP accounts on page 54.
If you create a new LDAP user account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the user list. For more
information, see Viewing mapped LDAP users and groups in Crystal
Creating a new LDAP group account

If you create a new LDAP group account, and the group account does not
belong to a group account that is mapped to Crystal Enterprise, add it to
Crystal Enterprise. For more information, see Configuring LDAP
authentication and mapping LDAP accounts on page 54.
If you create a new LDAP group account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the group list. For more
information, see Viewing mapped LDAP users and groups in Crystal
Disabling an LDAP user account

If you disable an LDAP user account, and that LDAP user account is mapped
to Crystal Enterprise, the user will not be able to log on to Crystal Enterprise,
except via Enterprise authentication.
Disabling an LDAP group account

If you disable an LDAP group account, and that LDAP group account is
mapped to Crystal Enterprise, the users who belong to that group will not be
able to log on to Crystal Enterprise, except via Enterprise authentication.
61
62
Managing Folder Objects
This chapter describes basic folder administration tasks and

shows how to add folders and how to change settings, such
as object rights and limits, for new folders. Cross-references
are provided to other sections in this guide where
particular topics are covered in greater detail.
63
Folders overview
Folders overview
Folders provide you with the ability to organize and facilitate content administration.
They are useful when there are a number of reports that a department or area
requires frequent access to, because you can set object rights and limits once, at the
folder level, rather than setting them for each report or object within the folder.
By default, new objects that you add to a folder inherit the object rights that are
specified for the folder.
Creating and deleting folders

There are several ways to create new folders in Crystal Enterprise. In the Crystal
Management Console (CMC), go to the Folders management area to create new
folders and to add subfolders to the existing hierarchy of folder objects.
Tip: When you publish local directories and subdirectories of reports with the
Crystal Publishing Wizard, you can duplicate your local directory structure on the
Crystal Enterprise system. This method provides you with an efficient way of
creating multiple folders and subfolders at the same time. For details, see
Publishing with the Crystal Publishing Wizard on page 75.
Creating a new folder

This procedure shows how to create a new folder at the top of your folder
hierarchy. Folders created in this way are, in effect, subfolders of the top-level (or
root) Crystal Enterprise folder.
1 Go to the Folders management area of the CMC.
2 Click New Folder.
3 On the Properties tab, type the name and description of the new folder.
This example creates a new Marketing folder:
64
5: Managing Folder Objects
4 Click OK.
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Reports, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
Creating a new subfolder at any level

The initial level of folders is displayed.
2 In the Title column, click the link to the folder where you want to add a
subfolder.
3 Click the Subfolders tab.
Tip: You can browse through existing subfolders to add a new folder elsewhere
in the folder hierarchy. When you have found the right parent folder, go to its
Subfolders tab.
The Subfolders tab appears.
4 Click New Folder.

5 On the Properties tab, type the name and description of the new folder.
6 Click OK.
65
Copying and moving folders
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Reports, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
Deleting folders
When you delete a folder, all subfolders, reports, and other objects contained
within it are removed entirely from the system.
To delete folders
2 Select the check box associated with the folder you want to delete.
If the folder you want to delete is not at the top level, locate its parent folder.
Then make your selection on the parent folders Subfolders tab.
Tip: Select multiple check boxes to delete several folders from their parent
folder.
3 Click Delete, and click OK to confirm.
Copying and moving folders

When you copy or move a folder, the objects contained within it are also copied or
moved. Crystal Enterprise treats the folders object rights differently, depending
upon whether you copy or move the folder:
When you copy a folder, the newly created folder does not retain the object
rights of the original. Instead, the copy inherits the object rights that are set on
its new parent folder. For instance, if you copy a private Sales folder into a
Public folder, the contents of the new Sales folder will be accessible to all users
who have rights to the Public folder.
When you move a folder, all of the folders object rights are retained. For
instance, if you move a private Sales folder into a publicly accessible folder, the
Sales folder will remain inaccessible to most users.
To copy or move a folder

2 Select the check box associated with the folder that you want to copy or move.
If the folder you want to copy or move is not at the top level, locate its parent
folder. Then make your selection on the parent folders Subfolders tab.
Tip: Select multiple check boxes to copy or move several folders from their
parent folder to a different folder.
3 Click Copy/Move.
The Copy/Move Folder page appears.
66
4 Select the action to perform:

Copy to: Makes a copy of the folder.
Move to: Moves the folder.
5 Select the Destination folder from the list.
Tip: If there are many folders on your system, use the Look for field to search,
or click Previous, Next, and Show Subfolders to browse the folder hierarchy.
6 Click OK.
The folder you selected is copied or moved, as requested, to the new destination.
Adding a report to a new folder

You can add reports individually to any folder in a number of ways. Follow this
procedure to add a report to a new folder that you have just created. For complete
information on publishing reports and other objects, see Publishing overview on
page 74.
To add a report to a new folder

1 Once youve created the new folder, click its Reports tab.
67
Specifying folder rights
2 Click New Report.

The New Report page appears.
3 In the File name field, type the full path to the report.
If you do not know the path, click Browse to perform a search.
4 If you do not want the user to see a thumbnail preview of the report in
ePortfolio, clear the Generate thumbnail for the report check box.
Tip: To display thumbnails for a report, you must save the report with data and
select the Save preview picture check box in Crystal Reports. To locate this
check box in Crystal Reports 8.x, open a report and click Summary Info on the
File menu. The Save Data with Report option is also on the File menu.
5 Ensure that the correct folder name appears in the Destination field.
Tip: If there are many folders on your system, use the Look for field to search,
or click Previous, Next, and Show Subfolders to browse the folder hierarchy.
6 Click OK.
The report is published to Crystal Enterprise.
Specifying folder rights

Follow this procedure to change the object rights for a new folder that you have
just created. By default, new objects that you add to a folder inherit the object rights
that are specified for the folder. For complete information on object rights, see
Object rights overview on page 96.
68
To specify rights for a new folder

1 Once youve created the new folder, click its Rights tab.
2 Click Add/Remove to add groups or users to this folder.
The Add/Remove page appears.
3 In the Select Operation list, select Add/Remove Groups, Add Users, or

Remove Users.
The page is refreshed and displays options that depend upon whether you are
working with users or with groups. The example above shows the options that
are available when you are working with groups.
4 Select the user/group whose rights you want to specify and click the arrows to
specify whether the user/group does or does not have access to this folder.
Tip: If you have many users and groups on your system, use the Look for
field to search for a particular account.
5 Click OK.
You are returned to the Rights tab.
6 Change the Access Level for each user or group, as required.

Note: For complete details on the predefined access levels and advanced
rights, see Object rights overview on page 96.
7 Click Update.
69
Setting limits for folders, users, and groups
Setting limits for folders, users, and groups

Limits allow you to delete report instances on a regular basis. You set limits to
automate regular clean-ups of old Crystal Enterprise content. Limits that you set
on a folder affect all objects that are contained within the folder. At the folder level,
you can limit the number of instances that remain on the system for each object or
for each user or group; you can also limit the number of days that an instance
remains on the system for a user or group.
Follow this procedure to enforce default limits on a folder that you have just
created. For more information on limits, see Setting instance limits for a report
object on page 174.
To limit instances at the folder level

1 Once youve created the new folder, click its Limits tab.
2 Modify the available settings according to the types of instance limits that you
want to implement, and click Update after each change.
The available settings are:
Delete excess instances when there are more than N instances of an object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
Delete excess instances for the following users/groups
To limit the number of instances per user or group, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
Delete instances after N days for the following users/groups
To limit the age of instances per user or group, click Add/Remove in this
area. Select from the available users and groups and click OK. Then type
the maximum age of instances in the Maximum Days column. (The default
value is 100.)
70
In this example, two settings have been combined to keep a maximum of 50

instances of any object in the folder, and to keep a maximum of 25 instances that
belong to any member of the Administrators group.
Managing User Folders

Crystal Enterprise creates a folder for each user on the system. These folders are
organized within the CMC as User Folders. By default, there are User Folders for
the Administrator and Guest accounts. When you log on to the CMC and view the
list of User Folders, you will see only those folders to which you have View access
(or greater).
Within ePortfolio, these folders are referred to as the Favorites folders. When a
user logs on to ePortfolio, he or she is redirected immediately to his or her
Favorites folder. (Users can change this default behavior my modifying their
Preferences in ePortfolio.)
To view the User Folders

2 Click the User Folders link.
3 If it is not already displayed, click the Subfolders tab.
A list of subfolders appears. Each subfolder corresponds to a user account on
the system. Unless you have View access (or greater) to a subfolder, it will not
appear in the list.
71
Managing User Folders
72
Publishing Objects to Crystal Enterprise
This chapter focuses on the publishing process: it

introduces the Crystal Publishing Wizard and tells you
how you can use it to add Crystal reports and other objects
to ePortfolio or to your custom web desktop; it also
describes alternative ways of adding objects to the Crystal
Enterprise environment.
73
Publishing overview
Publishing overview
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. The
objects that you publish may be individual reports created with Crystal Reports,
analytical applications designed with Crystal Analysis, other objects that youve
created using Crystal Enterprise plug-in components, or directories containing
multiple objects.
When you publish an object to Crystal Enterprise, an entry is made in the Automated
Process Scheduler (APS) database. The File Repository Server stores the new object
below the \Enterprise\FileStore\Input\data\ directory. When a user schedules an
instance of any object, Crystal Enterprise checks the APS database for the location of
the object file; the appropriate server component then retrieves and processes the
object file from the File Repository. The processed instance is stored by the File
Repository Server below the \Enterprise\FileStore\Output\data\ directory.
You can publish objects to Crystal Enterprise in three ways:
Use the Crystal Publishing Wizard when you:
Have access to the locally installed application.
Are adding multiple objects or an entire directory.
For details, see Publishing with the Crystal Publishing Wizard on page 75.
Use the Crystal Management Console (CMC) when you are:
Publishing a single object.
Taking care of other administrative tasks.
Performing tasks remotely.
For details, see Publishing with the Crystal Management Console on page 82.
Save directly to your Enterprise folders when you are:
Designing reports with Crystal Reports.
Creating other objects with Crystal Enterprise plug-in components such as
Crystal Analysis.
For details, see Saving objects directly to the APS on page 84.
Note: Crystal Enterprise supports reports created in versions 6 through 8.5 of
Crystal Reports. Reports will appear in version 8 format when they are launched
from Crystal Enterprise.
Publishing options
During the publishing process, you specify how often the data in the report is
updated. You can choose to force users to see specific instances based on a schedule
that you determine (recurring), or you can choose to let users set the schedule
themselves (on demand).
74
6: Publishing Objects to Crystal Enterprise
Specifying the data that users see (recurring)

This option is recommended for objects that are accessed by a large number of
people and that do not require separate database logon credentials.
Benefits
Users view the same instance of the report, reducing the number of times the
database is hit and using system resources more effectively.
The report instance is static (contains saved data) and is stored on the Cache
Server, allowing multiple users to access the report at the same time.
Drawbacks
The instance the users see is based on the selection criteria (parameters and
record selection formulas) and schedule set by the administrator.
Allowing users to update the data in the report (on demand)

This option is recommended for smaller reports that use parameters and selection
formulas, require separate database logon credentials, or have frequent data changes.
Benefits
Users are able to determine the frequency in which the data in the report is
updated.
Drawbacks
Multiple users generating reports at the same time increases the load on the
system and the number of times the database is hit.
Each unique report page is cached separately. Its possible that the Cache Server
can contain many copies of the cached report, each of them being generated by
hitting the Page Server and database.
Publishing with the Crystal Publishing Wizard

The Crystal Publishing Wizard is a locally installed, 32-bit Windows application.
The wizard is made up of a series of screens. Only the screens applicable to the
objects or folders you are publishing appear. This section of the guide features a
series of procedures to help you through the Crystal Publishing Wizard.
Note: Use this version of the Crystal Publishing Wizard to publish .rpt files only.
Once the object has been published, it will appear in the folder you specified in
ePortfolio (or other web desktop) and in the Objects management area of the CMC.
Note: Depending on the rights assigned by your Crystal Enterprise administrator,
you may not have access to the Crystal Publishing Wizard.
75
Adding objects/folders
1 From the Crystal Enterprise program group, click Crystal Publishing Wizard.
2 Click Next.
3 Enter the path for the object you want to add.
If youre not sure of the location, click Find File to search.
Adding multiple objects

1 Select the Add multiple reports check box.
2 Click either Find Directory or Find File.
Use the Find Directory button to specify a directory that contains a number of
objects you want to add.
Use the Find File button to specify a single object.
3 After selecting a directory, click Add Directory. Or, if you have already
selected a file, click Add File.
All of the objects contained in the directory you specified are added to the file
list. If you selected Include subfolders, all the objects in all the subfolders are
also added.
Note: If the directory or file you entered cannot be found by the wizard, the
Add Directory button is disabled.
4 Select the check boxes associated with the objects you want to publish.
Click the Select All button if you have a large number of files and want to add
them all.
5 Click Next.
The Select an APS dialog box appears.
76
Selecting the APS

You must log on to an APS in order to publish the objects you selected.
1 Select the authentication type associated with your account.
Enterprise authentication requires a user name and password that is
recognized by Crystal Enterprise.
Windows NT authentication requires a user name and password that is
recognized by Windows NT.
LDAP authentication requires a user name and password that is recognized
by your LDAP user database.
2 Enter the name of the APS you want to use as a storage repository for the
objects you selected.
Note: If you cannot connect by specifying the APS name, provide the APS IP
address and port (for example, 172.30.6.20:6400).
3 Enter your user name and password for the APS you selected.
4 Click Next.
The Creating Objects dialog box appears indicating the progress of the object
creation process.
If it is possible to duplicate the folder structure, the Folder Hierarchy dialog box
appears. Otherwise, the APS Folder dialog box appears when the processing is
complete.
77
Duplicating the folder structure

If you are adding multiple objects from a directory and its subdirectories, you are
asked if you want to duplicate the existing folder hierarchy on the APS.
1 Click Yes or No.
Click the Yes button to have all of the folders and subfolders recreated on the
APS as they appear on your hard drive.
Click the No button to have all of the objects placed in a single folder.
2 Click Next.
Creating and selecting a folder on the APS

To add the selected objects, you must create or select a folder on the host APS. Only
the folders that you have full control access to will appear.
1 Click the folder you want to add the objects to. Click + to the left of the folder
to view the subfolders.
To add a new folder to the APS, select a parent folder and then click the New
Folder button. The new folder appears and can be renamed.
To delete a folder, select the folder and click the Delete Folder button.
Note: You can delete only folders added manually (folders added manually
are green; those added by the wizard are yellow).
If you are adding multiple objects and want to place them in separate
directories, you can do so in the next section.
2 Click Next.
The Location Preview dialog box appears.
78
Moving objects between folders

1 Move objects to the desired folders by selecting each object and then clicking
Move Up or Move Down.
You can also add and delete folders by selecting a parent folder and clicking the
New Folder or Delete Folder buttons. You can drag-and-drop objects to place
them where you want. And you can right-click objects to rename them.
By default, objects are displayed using their titles. You can display the objects
local file names by clicking the Show file names button.
2 Click Next when you are finished.
The Schedule Interval dialog box appears.
Changing scheduling options

The data in reports added to ePortfolio or your custom web desktop can be
refreshed at intervals you select.
1 Select one of three intervals:
Run once only
Selecting the Run once only option provides two more sets of options:
when finished this wizard
This option runs the report once when youve finished publishing it. The
report is not refreshed again until you reschedule it.
at the specified date and time
This option runs the report once at a date and time you specify. The report
is not refreshed again until you reschedule it.
79
Let users update the object

This option does not schedule the report. Instead, it leaves the task of
scheduling up to the user.
Run on a recurring schedule
Once you have selected this option, click the Set Recurrence button to set
the scheduling options.
The Pick a recurrence schedule dialog box appears.
The options in this dialog box allow you to choose when and how often the
report runs. Select the appropriate options and click the OK button.
2 Click Next after the schedule has been set.
The Change Default Values dialog box appears.
Changing default values

You can choose to publish objects without changing any of the default properties,
or you can go through the remaining screens and make changes.
Note: If you use the default values, your object may not schedule properly if the
database logon information is not correct, or if the parameter values are invalid.
If you want to publish objects without making modifications:
1 Select Publish reports without modifying properties.
2 Click Next through the wizards remaining dialog boxes.
If you want to review or modify objects before publishing:
1 Select Review or modify report properties.
2 Click Next.
The Review Report Properties dialog box appears.
Changing object properties

1 Select the object you want to modify.
2 Enter a new title or description.
3 Select the Generate thumbnail image check box if you want users of
ePortfolio to see a thumbnail of the object before they open it.
Tip: The Generate thumbnail image check box is available only if the report was
saved appropriately. To display thumbnails for a report, you must save the report
with data and select the Save preview picture check box in Crystal Reports. To
locate this check box in Crystal Reports 8.x, open a report and click Summary Info
on the File menu. The Save Data with Report option is also on the File menu.
4 Click Next.
The Database Logon Information dialog box appears if it is needed.
80
Entering database logon information

Some objects use data sources that require logon information. If objects you are
adding are of this type, follow these steps.
1 Double-click the object, or click + to the left of the object to expose the database.
2 Select the database and change the logon information in the appropriate fields.
If the database does not require a user name or password, leave the fields blank.
Note: Enter user name and password information carefully. If it is entered
incorrectly, the object cannot retrieve data from the database.
3 Select the Apply this information to all reports check box if you have a
number of objects requiring logon to the same database.
4 Once you have completed the logon information for each object using a
different database, click Next.
The Set Report Parameters dialog box appears if it is needed.
Setting parameters
Some objects contain parameters for data selection. Before such an object can be
scheduled, you must set the parameters in order to determine the default prompts.
1 Select the object whose prompts you want to change.
The objects prompts and default values appear in a list on the right-hand side
of the screen.
2 Click Edit Prompt to change the value of a prompt.
Depending on the type of parameter you have chosen, different dialog boxes
appear.
81
Publishing with the Crystal Management Console
3 If you want to set the prompts to contain a null value (where possible), then
click Set Prompts to NULL.
4 Click Next after you have finished editing the prompts for each object.
Setting the schedule format

You can choose a schedule format for each report that you publish. For some of the
formats, you can customize the schedule format options.
1 Select the object whose schedule format you want to change.
2 Select a format from the list (Crystal Report, Excel, Word, and so on).
Where applicable, customize the schedule format options. For example, if you
select Paginated Text, enter the number of lines per page.
3 Click Next.
The final dialog box appears.
Finalizing the objects to be added

1 After ensuring all the objects have been added to the list, click Next.
The objects are added to the APS, scheduled, and run as specified. When the
processing is done, you are returned to the final screen of the Crystal Publishing
Wizard.
2 To view the details for an object, select it from the list.
3 Click Finish to close the wizard.
Publishing with the Crystal Management Console

If you have administrative rights to Crystal Enterprise, you can publish objects
over the Web from within the CMC.
To add an object with the CMC

1 Go to the Objects management area of the CMC.
2 Click New Report.
82
3 In the File name field, type the full path to the report.
If you do not know the path, click Browse to perform a search.
Tip: To display thumbnails for a report, you must save the report with data and
select the Save preview picture check box in Crystal Reports. To locate this
check box in Crystal Reports 8.x, open a report and click Summary Info on the
File menu. The Save Data with Report option is also on the File menu.
Tip: To expand a folder, select it and click Show Subfolders.
6 Click OK.
When the object has been added to the system, the CMC displays the Properties
screen. If necessary, you can now modify the objects properties, such as its title
and description, the database logon information, scheduling information, user
rights, and so on.
83
Saving objects directly to the APS
Saving objects directly to the APS

If you have installed one of the Crystal designer components, such as Crystal
Reports or Crystal Analysis, you can use the Save As command to add objects to
Crystal Enterprise from within the designer itself.
For instance, after designing a report in Crystal Reports, click Save As on the File
menu. In the Save As dialog box, click Enterprise Folders; then, when prompted,
log on to the Crystal Enterprise Automated Process Scheduler (APS). Specify the
folder where you want to save the report and click Save.
84
Importing Objects to Crystal Enterprise
The Crystal Import Wizard allows you to import

information from other Seagate Info or Crystal Enterprise
systems into your new Crystal Enterprise system. This
chapter provides a general overview of the Crystal Import
Wizard along with a series of procedures that lead you
through the process of importing information.
85
Crystal Import Wizard overview

The Crystal Import Wizard is a locally installed Windows application that allows
you to migrate existing user accounts, groups, folders, and reports to your new
Crystal Enterprise system. The Crystal Import Wizard runs on Windows, but you
can use it to import information to a new Crystal Enterprise system that is running
on Windows or on UNIX.
You can import information from any of these products:
Seagate Crystal Info 6 MR2
Seagate Info 7
Seagate Info 7.5
Crystal Enterprise 8
Crystal Enterprise 8.5
The functionality provided by the Crystal Import Wizard varies, depending upon
the product from which you are importing information. In general, the Crystal
Import Wizard imports settings that are specific to each object, rather than global
system settings. For instance, a global minimum number of characters password
restriction is not imported. But a user-level must change password at next log on
restriction is imported with the user account. For details, see Importing information
from Crystal Enterprise or Importing information from Seagate Info on page 88.
For procedural details, see Importing with the Crystal Import Wizard on page 89.
Importing information from Crystal Enterprise

If you have upgraded from an earlier version of Crystal Enterprise, use the Crystal
Import Wizard to import existing user accounts, groups, folders, report objects,
and report instances to Crystal Enterprise 8.5.
You can also use the Crystal Import Wizard to import information from an existing
version 8.5 installation to a new version 8.5 installation. When doing so, you have
the additional option of importing events and server groups.
The following sections describe what happens to the objects that are imported
from a Crystal Enterprise 8.x system. Generally, if the object will not overwrite an
object that is already in the Crystal Enterprise system, then the Crystal Import
Wizard imports the object.
Users and groups

The Crystal Import Wizard imports users and groups and their hierarchical
relationships. A user or group is imported only if it does not exist already by name.
If you import a group that already exists in the destination environment, the list of
group members is updated with any additional users who were members of the
group in the source environment. These additional users are added to Crystal
Enterprise if their accounts do not exist already.
86
7: Importing Objects to Crystal Enterprise
User licensing can affect the behavior of the Crystal Import Wizard. If the source
environment uses Concurrent licensing, the wizard imports all users as Concurrent
Users. However, if the source environment uses Named User licensing, the wizard
first checks the number of Named User license keys in the destination environment.
If there are enough Named User licenses in the destination environment, the wizard
imports all users as Named Users. If there are not enough Named User licenses in
the destination environment, the wizard imports all users as Concurrent Users. For
more information about licensing, see Licensing overview on page 270.
Folders
Folders are imported, whether or not they exist already in the destination
environment. However, so as not to overwrite existing folders, the Crystal Import
Wizard appends a number to the end of any duplicated folder names to indicate
the number of copies. For example, if you import a folder called Sales Reports
when a folder called Sales Reports already exists, then the imported folder is
added to Crystal Enterprise with the name Sales Reports(2).
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, or OLAP data sources. You have the choice
to import the report instances for each report object, and the scheduling patterns
that you have set up in the source environment are imported automatically.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
Rights
When you import folders and reports from one Crystal Enterprise system to another,
the associated object rights are imported for every user or group who is imported at
the same time. If the user or group is not imported at the same time, the object rights
are discarded. For instance, suppose that you import a report that explicitly grants
View On Demand rights to the Everyone group in the source environmentbut you
do not import the Everyone group. In this case, the newly imported report in the
destination environment will not grant the same explicit rights to the Everyone
group. Instead, the report inherits any rights that have been set on its parent folder.
If you do import the appropriate user or group, and it already exists by name in
the destination environment, then the corresponding object rights are imported
and applied to the existing user or group. For instance, modifying the example
above, suppose that you import the report and the Everyone group. In this case, the
Crystal Import Wizard imports the object rights along with the report. So the
newly imported report in the destination environment will explicitly grant the
View On Demand right to the Everyone group.
87
Events and server groups

When you use the Crystal Import Wizard to import information from another
Crystal Enterprise 8.5 system, you have the additional option to import events and
server groups from the source environment.
Importing information from Seagate Info

The following sections describe what happens to objects that have been imported
from Seagate Info to Crystal Enterprise. Generally, if the Seagate Info object is of a
type that is supported within Crystal Enterprise, and if the Seagate Info object will
not overwrite an object that is already in the Crystal Enterprise system, then the
Crystal Import Wizard imports the object.
Note: Users who are accessing your Seagate Info implementation when you are
importing objects to Crystal Enterprise might experience a delay.
Users and groups

The Crystal Import Wizard imports users and groups and their hierarchical
relationships as they exist in Seagate Info. A user or group is added to Crystal
Enterprise only if it does not exist already by name.
If you import a group that already exists in Crystal Enterprise, the list of group
members is updated with additional users who were members of the Seagate Info
group. These additional users are added to Crystal Enterprise if their accounts do
not exist already.
User licensing can affect the behavior of the Crystal Import Wizard. If the source
environment uses Concurrent licensing, the wizard imports all users as
Concurrent Users. However, if the source environment uses Named User
licensing, the wizard first checks the number of Named User license keys in the
destination environment. If there are enough Named User licenses in the
destination environment, the wizard imports all users as Named Users. If there are
not enough Named User licenses in the destination environment, the wizard
imports all users as Concurrent Users. For more information about licensing, see
Licensing overview on page 270.
Folders
Folders are imported, whether or not they exist already in Crystal Enterprise.
However, so as not to overwrite existing folders, the Crystal Import Wizard
appends a number to the end of any duplicated folder names to indicate the
number of copies. For example, if you import a folder called Sales Reports, when
a folder called Sales Reports already exists in Crystal Enterprise, then the imported
folder is added to Crystal Enterprise with the name Sales Reports(2).
88
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, or OLAP data sources.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
Rights
Crystal Enterprise enforces security through object rights, which differ from the
user rights used within Seagate Info. Consequently, the Crystal Import Wizard
does not import any of the folder security that is set up within the Seagate Info
environment.
If you transfer reports from Seagate Info to Crystal Enterprise, the rights associated
with the report are not transferred, only the ownership. If the owner of a report is
the Administrators group, the Administrators group will have Full Control access
to it. If the owner of the report is not an administrator, the report will be transferred
and the View On Demand access mode will be associated with the report.
Other objects
The Crystal Import Wizard cannot import Seagate Info objects that are not
supported by Crystal Enterprise. Such objects include report packages, query
objects, Info cubes, Open OLAP cubes, Holos Applications, Crystal reports based
on query files, and Crystal reports based on Info Views.
The Crystal Import Wizard does not import existing instances or existing schedule
information from Seagate Info systems. Any scheduled jobs, such as recurring
instances, will need to be rescheduled in Crystal Enterprise.
Importing with the Crystal Import Wizard

The Crystal Import Wizard is made up of a series of screens that guide you through
the process of importing user accounts, groups, folders, and reports. The screens
that appear depend upon the types of information that you choose to import.
When you import information, you first connect to the Automated Process
Scheduler (APS) of your existing installation (the source environment) and specify
the APS of your new Crystal Enterprise system (the destination environment). You
then select the information that you want to import, and the Crystal Import Wizard
copies the requested information from the source to the destination.
Before starting this procedure, ensure you have the Administrator account
credentials for both the source and the destination environment.
89
The overall process is divided into these two procedures:

Specifying the source and destination environments on page 90
Selecting information to import on page 91
Specifying the source and destination environments

This procedure shows how to specify a source environment and a destination
environment using the initial screens of the Crystal Import Wizard.
1 From the Crystal Enterprise program group, click Crystal Import Wizard.
2 Click Next.
The Specify source environment dialog box appears.
3 In the Source list, select the product from which you want to import
information. The available options are:
Seagate Crystal Info 6 (supports version MR2)
Seagate Info 7.x (supports Seagate Info 7 and 7.5)
Crystal Enterprise 8
Crystal Enterprise 8.5
4 In the APS Name field, type the name of the source environments APS
(Automated Process Scheduler).
5 Type the User Name and Password that provide you with administrative
rights to the source environment.
This example imports information from a Seagate Info 7 system, whose Info
APS is named PBROWNSEYB.
90
6 Click Next.
The Specify destination environment dialog box appears.
7 In the APS Name field, type the name of the destination environments Crystal
APS.
8 Type the User Name and Password of an Enterprise account that provides you
with administrative rights to the Crystal Enterprise system; then click Next.
The Choose objects to import dialog box appears. Proceed to Selecting

information to import on page 91.
Selecting information to import

This procedure shows how to select the users, groups, folders, and reports that you
want to import. If you have not already started the Crystal Import Wizard, see
Specifying the source and destination environments on page 90.
1 In the Choose objects to import dialog box, select the check box (or boxes)
corresponding to the information you want to import:
Import users and user groups
Import folders and objects
Tip: If the source environment is Crystal Enterprise 8.5, you can also import
events and server groups.
2 Click Next.
3 If you chose to import users and user groups, the Select Users and Groups
dialog box appears. In the Groups list, select the groups that you want to
import. In the Subgroups and Users list, select specific members of any group.
Then click Next.
91
This example imports all but one of the users in the Seagate Info Administrators
group.
4 If you chose to import folders and objects, the Select Folders and Objects
dialog box appears. Select the check boxes for the folders and reports that you
want to import. Then click Next.
Tip: If the source environment is Crystal Enterprise 8 or later, you can also
choose to Import all instances of each selected report.
This example imports the Seagate Info Samples folder and a subset of its
contents.
92
5 When the Information collection complete dialog box appears, click Finish
to begin importing the information.
The Import Progress dialog box displays status information and creates an
Import Summary while the Crystal Import Wizard completes its tasks.
6 If the Import Summary shows that some information was not imported
successfully, click View Detail Log for a description of the problem.
Otherwise, click Done.
Note: The information that appears in the Detail Log is also written to a text
file called ImportWiz.log, which you will find in the directory from which the
Crystal Import Wizard was run. By default, this directory is:
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\
93
94
Controlling Users Access to Objects
This chapter describes the ways in which object rights

enable you to secure the content that you publish to Crystal
Enterprise. Predefined access levels, advanced rights, and
inherited rights are all discussed in detail. Examples and
procedures are provided in the form of tutorials.
95
Object rights overview
Object rights overview

Object rights are the base units for controlling users access to folders, reports, and
other objects within Crystal Enterprise. When granted, each right provides a user
or group with permission to perform a particular action on an object. For any
object, you can set security levels that affect individual users or entire groups.
To set object rights within the Crystal Management Console (CMC), you first locate
the object, and then you specify the rights for different users and groups. Each
object right can be Explicitly Granted, Explicitly Denied, or Not Specified. The
Crystal Enterprise object security model is designed such that, if a right is left not
specified, the right is denied by default. Additionally, if contradictory settings
result in a right being both granted and denied to a user or group, the right is
denied by default. This denial based design assists in ensuring that users and
groups do not automatically acquire rights that are not explicitly granted.
To facilitate administration and maintenance, Crystal Enterprise includes a set of
predefined access levels that allow you to set common security levels quickly. Each
access level grants a set of rights that combine to allow users to accomplish
common tasks (such as view reports, schedule reports, and so on). It is
recommended that you use the predefined access levels whenever possible,
because they can greatly reduce the complexity of your object security model. For
more information, see Setting common access levels on page 98.
Whether or not you use access levels, you can also take advantage of the
inheritance patterns recognized by Crystal Enterprise: users can inherit rights as
the result of group membership; subgroups can inherit rights from parent groups;
and both users and groups can inherit rights from parent folders. When you need
to disable inheritance or to customize security levels for particular objects, users,
or groups, the Advanced Rights pages allow you to choose from the complete set
of available object rights. Most importantly, the advanced object rights allow you
to explicitly deny any user or group the right to perform a particular task.
Tip: For detailed tutorials that walk you through sample implementations of object
rights, see Customizing a top-down inheritance model on page 108.
Viewing object rights settings

Use the CMC to view the object rights that a user or group has to any folder, report,
or other Crystal Enterprise object. This section shows how to locate the rights for
any object and briefly explains the information displayed on the Rights tab.
You can locate any given object in several ways. Go to the Folders management
area in the CMC to browse your folder hierarchy for an object, or go to the Objects
management area in the CMC to view a list of all the objects on the system.
96
8: Controlling Users Access to Objects
Click the link that corresponds to the folder or other object whose rights you want
to see, then click the objects Rights tab. A page similar to the following appears:
This example shows the rights for the Report Samples folder. The Name column
lists all users and groups who have been given rights to the object. The Object
column shows whether the entry is a User or a Group. In this case, users have not
been specified individually; instead, users have been divided into two groups
Everyone and Administratorswhich have been granted rights to the folder
object. Click Add/Remove to add or remove a user or group to this object.
The Access Level column shows how each users or groups rights are determined.
In this example, both groups possess Inherited Rights. You can change the rights
for either group by selecting a predefined access level (or by selecting Advanced)
from the list in the Access Level column. When you change an entry in the Access
Level column, click Update to effect your changes. For more information, see
Setting common access levels on page 98.
The Net Access column displays the net effect of whatever is selected in the Access
Level column. That is, the Net Access column shows the effective rights that each
user or group has to the object. The Net Access column is particularly useful when
you are working with inheritance. In this example, the Everyone group inherits
rights from a parent folderone that is not displayed on this screen. The Net
Access column shows that the rights inherited from the parent folder are
equivalent to the View On Demand access level.
Tip: If you want to view the individual object rights that make up a users (or
groups) Net Access, click the corresponding Access Level list and select Advanced.
The Advanced Rights page displays the users full array of object rights that have
been specified explicitly and/or inherited. Click Cancel to exit without making
changes. For more information, see Setting advanced object rights on page 100.
For detailed tutorials that walk you through sample implementations of object
97
Setting common access levels
Setting common access levels

An access level is essentially a predefined set of object rights. Crystal Enterprise
provides a set of access levels that allow you to set common object security levels
quickly. The available access levels are No Access, View, Schedule, View On
Demand, and Full Control. Access levels are based on a model of increasing rights:
beginning with No Access and ending with Full Control, each access level builds
upon the rights granted by the previous level. For example, the Schedule access
level includes and adds to the rights that are granted by the View access level. For
a complete listing of the object rights that make up each access level, see Access
levels on page 275.
Tip: By default, users or groups who have rights to a folder will inherit the same
rights for any object that you subsequently publish to that folder. Consequently,
the best strategy is to set the appropriate rights for users and groups at the folder
level first. Then publish objects to that folder.
Although access levels grant predefined sets of object rights, they do not explicitly
deny any object rights. Instead, each access level grants some rights and leaves the
other rights not specified. The system then denies the not specified rights by
default. This is important, because it allows users to inherit the greatest rights
when they belong to multiple groups:
When you assign an access level to a group, each user in the group will have at
least that level of access to the object. If the user is a member of multiple groups,
then he or she inherits the combination of each groups rights. Thus, when a user
is a member of multiple groups, he or she inherits the greatest possible rights.
When you assign an access level directly to a user, you ensure that the user has
only that level of access to the object. In other words, you prevent the user
from inheriting rights that he or she may have otherwise acquired by virtue of
group membership.
This list provides a brief description of each access level:
No Access
The user or group is not able to access the object or folder. ePortfolio, the Crystal
Publishing Wizard, and the CMC enforce this right by ensuring that the object
is not visible to the user.
View
If this access level is set at the folder level, the user or group is able to view the
folder, the objects contained within the folder, and all generated instances of
each object. If this access level is set at the object level, the user can view the
object, the history of the object, and all generated instances of the object. The
user cannot, however, schedule the object or refresh it against its data source.
Schedule
The user or group is able to view the object or folder and its contents, and to
generate instances by scheduling the object to run against the specified data
source once or on a recurring basis. The user or group can view, delete, and
98
pause the scheduling of instances that they own. They can also schedule to
different formats and destinations, set parameters and database logon
information, pick servers to process jobs, add contents to the folder, and copy
the object or folder.
View On Demand
In addition to the rights provided by the Schedule access level, the user gains
the right to refresh data on demand against the data source.
Full Control
This access level grants all of the available advanced rights. It is the only access
level that allows users to delete objects (folders, objects, and instances). This
access level also allows users to modify all of the objects properties, including
the object rights that are set on the folder or object.
Basically, this access level is designed to provide a user or group with
administrative control over one or more folders or objects. Users can then log
on to the CMC and add, edit, and remove content as required, without being
members of the actual Administrators group.
Advanced
This access level does not include a predefined set of object rights. Instead, it
allows you to customize a users or groups access to an object by selecting from
the complete range of available object rights. For more information, see Setting
advanced object rights on page 100.
For a detailed listing of the object rights that make up each access level, see Object
Rights and Access Levels on page 273.
Note: In the Crystal Enterprise Web Developers Guide, access levels are referred to
as roles.
To set an access level for a user or group

1 Go to the Objects or Folders management area of the CMC.
2 Locate the object whose rights you want to modify.
3 Click the link to the object, and then click its Rights tab.
4 In the Name column, locate the user or group whose rights you want to
specify.
If the user or group is not listed, click Add/Remove. Add the appropriate user
or group and click OK. You are returned to the objects Rights tab.
5 In the Access Level column, select the access level (No Access, View, Schedule,
View On Demand, or Full Control) that is appropriate for the user or group.
6 Click Update.
99
Setting advanced object rights

To provide you with full control over object security, the CMC allows you to make
Advanced object rights settings for any user or group. These Advanced settings
enable you to choose from a complete set of granular object rights. The result is an
increased flexibility as you define security levels for objects that you have
published to Crystal Enterprise.
Use advanced rights, for instance, if you need to customize a users or groups
rights to a particular object or set of objects, or if you want to customize the default
inheritance patterns. Most importantly, use advanced rights to explicitly deny a
user or group any right that should not be permitted to change when, in the future,
you make changes to group memberships or folder security levels.
Note: Because of the relative priorities assigned by Crystal Enterprise to granted
and denied rights, you must disable inheritance entirely when you need to
explicitly grant a right that has been denied elsewhere to the user or group. For
complete details, see Priorities affecting advanced inheritance settings on
page 108.
To view or set advanced rights

4 In the Name column, locate the user or group whose rights you want to
specify.
5 The next step depends upon the entry that already appears in the Access Level
list for this user or group:
If the Access Level is not already set to Advanced, click the list and select
Advanced.
If the Access Level is already set to Advanced, click the Advanced link in
the Net Access column.
The available object rights are displayed in the Advanced Rights page. This
example shows advanced rights being applied to the Guest user for an
Employee Profile report.
100
The first two options specify which types of inheritance affect the Guest users
rights to this object. In this example, the Guest user cannot inherit rights by virtue
of group membership. But, the Guest user may inherit any rights that he or she has
been granted to this reports parent folder.
The remainder of the Advanced Rights page lists all available object rights and
shows how each right applies to the Guest user. To customize the overall security
levels, you can explicitly grant or deny any given right, or you can specify that you
want certain rights to be inherited.
The Inherited column serves as an indicator to show how inherited rights affect the
Guest users effective rights to this report object. A user or group can be granted or
denied a right by virtue of inheritance. In addition, some rights may remain not
specifiedthat is, they are neither granted nor denied. If an inherited right is
101
labelled as Not Specified, Crystal Enterprise treats it as having been denied.

(And if the right is later granted for a parent group or object, the user or group will
automatically inherit the right at this level.
In this example, the Guest user has two inherited rights (the right to Delete
instances that the user owns and to Pause and Resume instances that the user
owns). Currently, these rights are not specified, so the rights are denied by
default. However, if the Guest users rights should change on the reports parent
folder, the rights will also change for this report object. This demonstrates how
inheritance can facilitate future changes to the overall security model.
Tip: For scalability and manageability, it is recommended that you leave as many
rights as possible inherited, because the system automatically updates those rights
as you modify and update your security settings throughout the folder and group
hierarchies.
The Explicitly Granted column shows which actions the Guest user is allowed to
perform on this report. The Guest user is currently granted eight rights to this report
(the right to View objects, Schedule the document to run, and so on). Because
group inheritance is disabled, the Guest user will retain these rights, even if its
group membership is modified or changed completely. This demonstrates how you
can use explicit rights to override a groups rights for a particular group member.
The Explicitly Denied column works similarly to the Explicitly Granted column.
Regardless of any future changes to the users group membership, an explicitly
denied right always prevents a user from performing the associated action. In this
example, the Guest user has been explicitly denied seven rights (the right to Add
objects to the folder, Edit objects, and so on). Again, this demonstrates how you
can use explicit rights to override a groups rights for a particular group member.
When you have made your changes on the Advanced Rights page, click OK.
Base rights and available rights

The Crystal Enterprise system defines a set of base rights that apply to all objects in
the system. For example, the View objects right is a base right: it applies equally
well to folders, to reports, and to other Crystal Enterprise objects. In addition to
these base rights, however, each type of object provides an additional set of rights
that apply only to that object type. For example, the Refresh the reports data
right applies only to report objects.
The Automated Process Scheduler (APS) is the component that keeps track of
available rights. The list of available rights includes the base rights and all other
object-specific rights that have been provided by particular object types, such as
Crystal report objects.
102
On the Advanced Rights pages, you will find that all of the available rights are
displayed for every object on the system. For example, the rights displayed for a
folder object seem to correspond exactly to the rights displayed for a report object,
even though object-specific rights such as Refresh the reports data do not apply
to folder objects.
Available rights are displayed for every object on the system for purposes of
inheritance, so that you can set object security at the folder level (rather than
repeating the same settings for every object in the folder). Although certain objectspecific rights do not strictly apply to the folder object itself, these rights may apply
to objects that inherit rights from the folder. In other words, the Refresh the reports
data right is displayed for the folder object so that you can grant a user the right to
refresh the data in all reports for which the user inherits rights from this folder.
Note: This is only one type of object inheritance. For more information, see
Group and folder inheritance on page 103.
Using inheritance to your advantage

In regards to object rights, Crystal Enterprise recognizes two types of inheritance:
group inheritance and folder inheritance. By taking advantage of the ways in
which object rights are inherited, you can reduce the amount of time it takes to
secure the content that you have published to Crystal Enterprise. Additionally,
you can set up Crystal Enterprise such that you can integrate new users and new
content quickly and easily.
To facilitate administration, it is recommended that you enable and disable
inheritance with access levels whenever possible (instead of with advanced rights).
Additionally, it is recommended that you make your initial settings at the top-level
Crystal Enterprise folder and disable inheritance only when necessary. For
detailed tutorials that walk you through sample implementations of object rights,
see Customizing a top-down inheritance model on page 108.
Group and folder inheritance

Group inheritance allows users to inherit rights as the result of group membership.
Group inheritance proves especially powerful when you organize all of your users
into groups that coincide with your organizations current security conventions.
For example, if you create a user called Sample User, and add it to an existing
group called Sales, then Sample User will automatically inherit the appropriate
rights for each of the reports and folders that the Sales group has been added to.
103
When group inheritance is enabled for a user who belongs to more than one group,
the rights of both groups are considered when the system checks credentials. The
user is denied any right that is explicitly denied in any group, and the user is
denied any right that remains completely not specified; thus, the user is granted
only those rights that are granted in one or more groups (explicitly or through
access levels) and never explicitly denied.
Folder inheritance allows users to inherit any rights that they have been granted on
an objects parent folder. Folder inheritance proves especially powerful when you
organize Crystal Enterprise content into a folder hierarchy that reflects your
organizations current security conventions. For example, suppose that you create a
folder called Sales Reports, and you provide your Sales group with View On Demand
access to this folder. By default, every user that has rights to the Sales Reports folder
will inherit the same rights to the reports that you subsequently publish to this folder.
Consequently, the Sales group will have View On Demand access to all of the reports,
and you need only set the object rights once, at the folder level.
Note: If you need to disable or modify inheritance patterns for a particular folder
or object within your folder hierarchy, you can do so with access levels or with
advanced rights.
Enabling and disabling inheritance with access levels

With access levels, you can enable or disable group inheritance, folder inheritance,
or both. You can alternatively enable one or both types of inheritance with
Advanced rights settings. For details, see Inheritance with advanced rights on
page 105.
To enable inheritance with an access level

4 In the Name column, locate the user or group whose rights you want to specify.
5 In the Access Level column, select Inherited Rights for the user or group.
6 Click Update.
The Net Access column now displays the effective rights that the user or group
has inherited for this object.
Note: If the entry displayed in the Net Access column is Advanced, ensure that
both types of inheritance are enabled in the parent folders advanced rights
settings. For details, see Setting advanced object rights on page 100.
104
To disable inheritance with an access level

Note: This procedure disables group and folder inheritance for a user account.
When applied to a group, this procedure does not prevent group members from
inheriting rights by virtue of membership in other groups.
4 In the Name column, locate the user whose rights you want to specify.
If the user is not listed, click Add/Remove. Add the appropriate user and click
OK. You are returned to the objects Rights tab.
5 In the Access Level column, select the access level (No Access, View, Schedule,
View On Demand, or Full Control) that is appropriate for the user.
6 Click Update.
The Net Access column now displays the effective rights that the user has to the
object. Because you have disabled all inheritance, the Net Access entry equals
the Access Level entry.
Inheritance with advanced rights

When you apply an Advanced set of object rights to a user or group for a particular
object, you can enable or disable group and folder inheritance together or
individually. On the Advanced Rights pages, these Respect current security by
inheriting rights from parent groups and Respect current security by inheriting
rights from parent folders settings serve as powerful tools that allow you to
customize inheritance patterns in many ways.
Tip: When modifying inheritance patterns with Advanced rights settings, keep in
mind that you can always assign a user a specific set of rights, either by explicitly
applying a predefined access level, or by explicitly applying an Advanced setting
in which both types of inheritance are disabled.
To take full advantage of inheritance patterns and Advanced rights settings, it is
useful to understand not only the types of inheritance that are available, but also
the ways in which a users effective rights are calculated by the APS.
For more information on the two types of inheritance, see Group and folder
inheritance on page 103.
105
Calculating a users effective rights

When a user attempts to perform an action on a Crystal Enterprise object, the APS
determines the users rights to that object. If the user possesses sufficient rights, the
APS permits the user to perform the requested action.
Although the calculations performed by the APS can become quite complex, there are
several ways to keep your object security model clear, consistent, and easy to maintain.
For complete details on setting up a system that makes sense for your Crystal
Enterprise system, see Customizing a top-down inheritance model on page 108.
To calculate the users effective rights, the APS follows a complex algorithm. This
sequence of steps, and its various possible outcomes, is provided for
administrators and/or system architects who prefer to know exactly how the APS
calculates the rights a user has to any object. The algorithm is described here and
then illustrated in a different way using pseudocode:
1 The APS checks the rights that have been directly granted or denied to the
users account. The APS immediately denies any right that is explicitly denied.
Tip: If an individual users account has not been assigned any rights to the
object, then group inheritance is enabled by default. As the result, you can make
all your object rights settings at the group level to save administrative effort.
2 If folder inheritance is enabled for the user, the APS determines the rights that
the user has to the objects parent folder. The APS determines these rights by
ascending the inheritance tree to the level at which the inherited rights begin
to take effect. The APS denies any right that is explicitly denied (even if the
right had already been explicitly granted).
3 If group inheritance is enabled for the user, the APS determines the rights
specified on the object for each of the groups that the user belongs to. The APS
denies any right that is explicitly denied in any group (even if the right had
already been explicitly granted).
4 If group inheritance is enabled for the user, and folder inheritance is enabled
for a group that the user belongs to, then the APS determines the rights that
the group has to the parent folder. The APS denies any right that is explicitly
denied in any group (even if the right had already been explicitly granted).
5 The APS completes the algorithm by denying any rights that remain Not
Specified.
As the result, when both types of inheritance are enabled, the APS grants the user
only those rights that are explicitly granted in one or more locations and never
explicitly denied.
When you disable both types of inheritance for a user, you reduce this algorithm
to two steps (1 and 5). Thus, the APS grants the user only those rights that he or she
has been explicitly granted. This provides you with the least complicated way of
ensuring that a user has only those rights that you have explicitly granted to him
or her for a particular object.
106
When you disable folder inheritance for a user, you reduce this algorithm to three
steps (1, 3, and 5). When you disable group inheritance for a user, you reduce this
algorithm to three different steps (1, 2, and 5). In both cases, the APS grants the user
only those rights that are explicitly granted in one or more locations and never
explicitly denied.
This pseudocode is provided as another way to illustrate and describe the
algorithm that the APS follows in order to determine whether a user is authorized
to perform an action on a particular object:
IF {
(User granted right to object = True)
OR [
(Inherit Parent Folder Rights = True) AND (User granted right to
parent folder = True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to object =
True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to parent
folder = True)
]
}
AND {
(User denied right to object = False)
AND [
(Inherit Parent Folder Rights = False)
OR ((Inherit Parent Folder Rights = True) AND (User denied right to
parent folder = False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to object
= False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to parent
folder = False))
]
}
THEN
{
User action authorized = True
}
ELSE
{
User action authorized = False
}
107
Customizing a top-down inheritance model
Priorities affecting advanced inheritance settings

When you modify inheritance patterns with advanced rights, there are several
important considerations to keep in mind. Where relevant, these considerations
appear elsewhere in this chapter. They have been summarized here for reference.
Denied rights take precedence over granted rights. This can cause seemingly
contradictory results when inheritance is enabled. Suppose that the View objects
right is explicitly denied to a Sales group for a particular folder of reports. For the
same folder, the View objects right has been explicitly granted to a Manager
user, and the Respect current security by inheriting rights from parent groups
check box is selected. The Manager user is a member of the Sales group. In this
scenario, the Manager user is both granted and denied the See object right to the
folder. Because denied rights take precedence, the Manager user is effectively
denied the ability to see the folder, so long as the user account inherits rights from
its parent group (Sales). To remedy this situation, you could clear the Respect
current security by inheriting rights from parent groups check box on the
Advanced Rights page for the Manager user, or you could remove the Manager
user from the Sales group.
Rights that are not specified are denied by default. On the Advanced Rights page
for any object, the Inherited Rights column may label certain rights as Not
Specified. This entry denotes rights that are neither granted nor denied by
inheritance. To prevent possible security breaches, Crystal Enterprise
automatically denies rights that are not specified.

With the flexibility offered by object rights, inheritance, and advanced rights, you
can customize your object-level security environment in many ways. However, as
the complexity of any security system increases, so too can that system become
more difficult and time-consuming to maintain. This section recommends two
general ways of setting up object security such that you achieve the desired
security levels without complicating future administrative tasks. To this purpose,
this section provides two tutorials that shows how to set up object security from
the top-level folder (the root folder) down:
Setting up an open system of decreasing rights on page 112
This detailed tutorial creates an open security model. By default, all users and
groups are first granted rights to all objects on the system. As you add folders
and subfolders to the system, you decrease the rights of users and groups, as
required, in order to secure particular Crystal Enterprise content.
Setting up a closed system of increasing rights on page 131
This shorter tutorial creates the basis for closed security model. By default,
users and groups cannot access any objects on the system. As you add folders
and subfolders to the system, you increase the rights of users and groups, as
required, in order to grant access to particular Crystal Enterprise content.
108
You can use your own Enterprise, NT, or LDAP groups when following along with
these tutorials, or you can create new groups that correspond to those used in the
tutorial. For details on setting up these groups and subgroups, see Creating
groups for the tutorials on page 109.
In each tutorial, you will specify the object rights that particular groups have to
certain folders on the system. By making all of your security settings at the group
and folder levels, you reduce the administrative efforts now and later. After
finishing each tutorial, you may decide to add users to each group and to publish
objects to each folder. If you do so, each user will inherit the appropriate rights for
every folder and object on the system.
Creating groups for the tutorials

The object security tutorials make use of eight Enterprise groups. The four primary
groups are named Administrators, Everyone, Sales, and Marketing. The Sales
group has four additional subgroups: Sales USA, Sales Japan, Sales Managers, and
Sales Report Designers. The Administrators and Everyone groups are created by
default when you install Crystal Enterprise, so these two procedures show only
how to create the remaining groups for the tutorials.
Note: For the shorter tutorial entitled Setting up a closed system of increasing
rights, you need only create the Sales group and its Sales USA, Sales Japan, and
Sales Managers subgroups.
To create the Sales and Marketing groups

1 Go to Groups management area of the CMC.
2 Click New Group.
The new groups Properties tab appears.
3 In the Group Name field, type Marketing
109
4 In the Description field, type This group contains all users who work in
Marketing.
5 Click OK.
The Marketing group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
6 Repeat steps 1 to 5 to create another group called Sales. Use this description
for the group: This group contains all users who work in Sales (worldwide).
To create the Sales subgroups

2 Click New Group.

3 In the Group Name field, type Sales USA
4 In the Description field, type This group contains all users who work in
Sales in the USA.
5 Click OK.
The Sales USA group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
110
6 Click the Member of tab; then click the Member of button.

The Modify Member of page appears.
7 In the Available groups list, select Sales; then click the > arrow.
The Sales group is added to the Sales USA is a member of list, as displayed
here:
8 Click OK.
You are returned to the Member of tab. The Sales USA group is now a
member (or subgroup) of the Sales group.
9 Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials.
Use the following values for the Group Name and Description fields:
Group Name
Description
Sales Japan
This group contains all users who work in Sales in Japan.
Sales Managers
This group contains all users who manage a Sales team.
Sales Report
Designers
This group contains all users who design and publish

reports for the Sales teams.
111
If you now return to the Groups management area of the CMC, all of the new
groups are displayed as follows:
You are now ready to proceed to either of the object security tutorials:
Setting up an open system of decreasing rights.
Setting up a closed system of increasing rights on page 131.
Setting up an open system of decreasing rights

This tutorial shows how to create an open security model, wherein groups of users
are first granted rights to all objects on the system by default. As you add folders
and subfolders to the system, you decrease the rights of users and groups, as
required, in order to secure particular Crystal Enterprise content.
In this scenario, you are creating folders for several groups within your organization.
You have some reports that you want to add to the system immediately. Because
some groups plan to add their own reports later, you also need to give some users
the ability to add subfolders and to publish reports. These are your security
requirements for each folder:
Everyone must be able to view the majority of your reports.
Administrators require Full Control access to all folders and objects on the system.
Sales Managers are allowed to refresh most reports against the database to
view the most recent data.
The Marketing group needs Full Control access to its own set of folders that no
other user can access (other than Administrators).
112
The Sales groups need a hierarchy of folders containing worldwide reports,

regional reports, and management reports:
All Sales staff can view worldwide reports.
Sales staff can also view reports for their own regions. If the staff member is
also a Manager, he or she can view and refresh reports from all regions.
Sales Managers require Full Control access to the management reports.
Sales Report Designers require custom administrative privileges to all Sales
folders.
For a shorter, less detailed tutorial, see Setting up a closed system of increasing
rights on page 131.
Changing default rights on the top-level folder

The first step is to set object rights on the top-level Crystal Enterprise folder. This
folder serves as the root for all other folders and objects that you add to the system.
Each subfolder, report, or other object that you add to this top-level folder will by
default inherit rights from this folder. So, by setting rights here first, you minimize
the need to repeatedly customize object rights throughout your folder hierarchy.
With this procedure, you set security on the top-level folder in order to meet your
first three security requirements:
Everyone must be able to view the majority of your reports.
Administrators require Full Control access to all folders and objects on the system.
Sales Managers are allowed to refresh most reports against the database to
view the most recent data.
To change the rights on the top-level folder

By default, the Everyone and the Administrators groups are granted access to
this folder. You now need to reduce the rights of the Everyone group and to
increase the rights of the Sales Managers.
113
3 Click the Access Level list that corresponds to the Everyone group, and select
View.
4 Click Update.
The rights for the Everyone group are reduced and the View access level is now
displayed in the Net Access column.
Now you will customize the top-level rights for the Sales Managers group.
5 Click Add/Remove.
6 In the Select Operation list, click Add/Remove Groups.

7 In the Available groups list, select Sales Managers.
8 Click the > arrow; then click OK.
You are returned to the Rights tab on the Settings page. Ensure that you grant
the Sales Managers group View On Demand access. If necessary, change the
Access Level list and click Update. This provides the Sales Managers group
with sufficient rights to refresh reports.
114
Now, your system meets your first three security requirements. The Everyone,
Administrators, and Sales Managers groups will initially inherit these rights for any
folders, subfolders, or reports that you subsequently publish to Crystal Enterprise.
You might, for instance, create folders for all of your generally accessible inventory
reports, customer list reports, purchasing order reports, and so on.
Now that you have created an open basis for your object security model, you will
proceed to restricting access to certain folders within the system.
Decreasing rights to a private folder

Another security requirement for this tutorial is that the Marketing group needs
Full Control access to their own set of folders that no other user can access. To
accomplish this, you will create a private folder called Marketing Only and ensure
that only the appropriate group of users has access to its contents.
To decrease rights to a private folder

2 Click New Folder.
3 On the Properties tab, in the Folder Name field, type Marketing Only
4 In the Description field, type This folder is accessible only to Marketing.
5 Click OK.
115
7 In the Access Level column, select the following rights for each group:
Administrators: (Inherited Rights)
Everyone: No Access
Sales Managers: No Access
8 Click Update.
The Net Access column shows that you have secured this folder from all users
other than Administrators.
Next, you will grant the Marketing group Full Control access to this folder.
9 Click Add/Remove.

11 In the Available groups list, select Marketing.
116
The Marketing group is granted access to the folder. You need to change the
default setting to grant them Full Control access.
13 Click the Access Level list that corresponds to the Marketing group, and select
Full Control.
14 Click Update.
The Net Access column shows that you have granted the Marketing group Full
Control access to this folder.
Members of this group now have the ability to perform all tasks in this folder. They
can add and delete reports, folders, and subfolders, and they can view, schedule,
and export reports to all available destinations and formats.
To complete this tutorial, you need to customize the rights that various Sales
groups have to a hierarchical set of Sales folders. Before setting the rights for each
group, you will see how to create multiple folders quickly when you publish a set
of reports to Crystal Enterprise.
117
Publishing a set of folders and reports

The final security requirements for this tutorial are related to the Sales group and
its subgroups. They require a hierarchy of folders containing worldwide reports,
regional reports, and management reports.
Because this tutorial sets up a system of decreasing rights, you will first create a set
of folders that places the most general content at the top of the directory tree. In
this case, all Sales staff can view the worldwide reports, so the folder for those
reports requires the lowest level of security. The regional reports will go in
subfolders that are accessible only to users who belong to the appropriate regional
Sales group. The management reports will be located in subfolders of each of the
regional folders.
You could create this set of folders using the CMC, as in the earlier sections of this
tutorial. However, if you already have a set of reports, the Crystal Publishing Wizard
provides the quickest way to add content and create folders at the same time.
To create a set of folders while publishing reports

1 On your local hard drive, create a set of folders that correspond to the folders
you want to add to Crystal Enterprise.
For this tutorial, the Sales folders are named and arranged hierarchically as
follows:
2 Arrange your reports (.rpt files) in the new folders on your local hard drive.
If you do not have any of your own reports, use some of the sample reports
included with Crystal Enterprise. The sample reports are typically installed to
C:\Program Files\Crystal Decisions\Enterprise\Samples\<language>\Reports
(replace <language> with en, de, fr, or jp, depending upon your version of
Crystal Enterprise).
Note: To complete this procedure, you must place at least one report file in
each of the folders that you have created on your local hard drive. Otherwise,
the Crystal Publishing Wizard will not create the appropriate directories on
the Crystal Enterprise system.
118
3 From the Crystal Enterprise Programs group, start the Crystal Publishing
Wizard and, when it appears, click Next.
4 In the Select A File dialog box, select the Add multiple reports check box to
view the entire set of options.
5 Click Find Directory to access the Browse for Folder dialog box.
6 Select the top level Worldwide Sales folder that you created on your local
hard drive, and click OK.
You are returned to the Select A File dialog box.
119
7 Select the Include subfolders check box, and then click Add Directory.
All of the reports are added to the list.
8 Click Select All and then click Next.

The Select an APS dialog box appears.
9 Log on to the appropriate Crystal Enterprise APS with your administrative

credentials; then click Next.
120
The Folder Hierarchy dialog box appears.
10 Select Yes to duplicate the local folder hierarchy on the Crystal Enterprise
system; then click Next.
11 In the APS folder dialog box, click New Folder.
12 Name the folder Worldwide Sales and ensure that it is located at the top of the
directory tree, as shown here:
13 Click Next.
The Location Preview dialog box appears. You can see here that the Regional
Sales folders will be created below the Worldwide Sales folder, and the
121
Managers Only folders will be created as additional subfolders. The actual

report files are arranged in the appropriate folders.
14 Click Next.
15 Proceed through the rest of the Crystal Publishing Wizard and make any
desired changes to your reports.
Tip: If you are publishing sample reports for the purpose of this tutorial, click
Next to accept all the default values. For more information on the rest of the
Crystal Publishing Wizard, see Publishing with the Crystal Publishing
Wizard on page 75.
When the Crystal Publishing Wizard has added the reports and folders to the
system, it displays a summary:
122
16 Click Finish to close the Crystal Publishing Wizard.

You are now ready to set each Sales groups object rights for the new set of Sales
folders.
Setting the base rights on the Sales folders

Now that you have used the Crystal Publishing Wizard to add reports and create
the appropriate folders and subfolders, you are ready to set the object rights for
each level of reporting content.
The security requirements are as follows:
All Sales staff can view worldwide reports.
Sales staff can also view reports for their own regions. If the staff member is
also a Manager, he or she can view and refresh reports from all regions.
Sales Managers require Full Control access to the management reports.
Sales Report Designers require custom administrative privileges to all Sales
folders.
To set the base rights on the Worldwide Sales folder

2 Click the link to the Worldwide Sales folder.

3 On the folders Rights tab, click Add/Remove.
5 In the Available groups list, select Sales and Sales Report Designers.
Tip: Use CTRL+click to select multiple groups.
123
Administrators: Inherited Rights
Everyone: No Access
Sales: View
Sales Managers: Inherited Rights
Sales Report Designers: This group requires additional rights to publish
content to this folder. You will use advanced rights to make these changes
in the next procedure. For now, leave the Access Level list with the default
settings.
8 Click Update.
The Net Access column is updated to show your new security settings.
You now need to grant the Sales Report Designers group a set of advanced rights,
so group members can administer all the Sales folders.
124
Creating a group of folder administrators

This section of the tutorial shows how to provide a particular group of users with
a customized level of administrative control over a set of folders. In general, you
can accomplish this with the Full Control access level. This example, however, uses
advanced rights to grant the Sales Report Designers group a particular set of
administrative privileges to all Sales folders.
To create a group of Sales folder administrators

1 If you are not already there, go to the Rights tab of the Worldwide Sales folder.
2 In the Access Level list for the Sales Report Designers group, select Advanced.
The Advanced Rights page appears.
You will use this page to grant group members a high level of control over the
folder and its contents. However, you will not let any group member delete
objects that have been added to a Sales folder.
3 To ensure that you completely break all inheritance patterns, clear these two
check boxes:
Respect current security by inheriting rights from parent groups
Respect current security by inheriting rights from parent folders
4 Click Apply.
Now that you have disabled all rights inheritance, the advanced rights that you
specify will be the only rights that group members have to the folder.
125
5 In the Explicitly Denied column, select the following rights:

Modify the rights users have to objects
Delete objects
Tip: You may choose to explicitly deny additional rights to suit your needs. For
instance, to prevent these folder administrators from copying confidential
reports to public folders, you could deny the Copy objects to another folder
right. Or, if you prefer to retain all administrative control over report-processing
servers, you could deny the Define server groups to process jobs right.
6 In the Explicitly Granted column, select all remaining rights.
Given the rights suggested here, the Advanced Rights page looks like this:
7 Click OK.
You are returned to the Rights tab for the Worldwide Sales folder. The Net
Access column now shows that the Sales Report Designers group has
Advanced rights to this folder.
126
Tip: Click the Advanced link in the Net Access column when you need to review or
modify a set of advanced rights that have already been applied to a user or group.
Now that you have set object rights on the uppermost Sales folder, you will
proceed to decrease rights as you descend the folder hierarchy.
Decreasing rights to the Sales subfolders

Recall that the security requirements for the regional sales reports are as follows:
Sales staff can view reports for their own region and can refresh these reports
against the database to view the most recent data.
If the staff member is also a Manager, he or she can view and refresh reports
from all regions.
You will use the various Sales groups to decrease rights appropriately for each
Regional Sales folder.
To decrease rights to the regional Sales folders

1 Go to the Regional Sales - JP folder and click its Rights tab.
2 Click Add/Remove.
127

4 In the Available groups list, select Sales Japan.

You are returned to the Rights tab of the Regional Sales - JP folder.
Everyone: Inherited Rights
Sales: No Access
Sales Japan: View On Demand
Sales Managers: Inherited Rights
Sales Report Designers: Inherited Rights
7 Click Update.
The Net Access column shows your new security settings.
128
As required, the Sales Japan and the Sales Managers groups have View On
Demand access, which allows them to refresh reports against the database to view
the latest data. The Sales Report Designers retain their advanced rights, and all
other users are prevented from accessing the folder (except for Administrators).
8 Repeat steps 1 to 6 for the Regional Sales - USA folder, but grant View On
Demand access to the Sales USA group (instead of to the Sales Japan group).
When you have finished, the Rights tab of the Regional Sales - USA folder
should look like this:
You are now ready to complete the tutorial by customizing security for the final
level of Sales foldersthe Managers Only folders.
To decrease rights to the Managers Only folders

1 Go to the Regional Sales - JP folder and click its Subfolders tab.
2 Click the link to the Managers Only folder and click its Rights tab.
Sales: Inherited Rights
Sales Japan: No Access
Sales Managers: Full Control
4 Click Update.
The Rights tab of this Managers Only folder now shows that the Administrators,
Sales Managers, and Sales Report Designers groups all have Full Control access
to the folder. Members who do not belong to one of these groups are completely
restricted from the folder.
129
5 Go to the Regional Sales - USA folder and click its Subfolders tab.
6 Click the link to the Managers Only folder and click its Rights tab.
Sales: Inherited Rights
Sales Managers: Full Control
Sales USA: No Access
8 Click Update. The Rights tab of this Managers Only folder shows again that
the Administrators, Sales Managers, and Sales Report Designers groups all
have Full Control access to the folder. Members who do not belong to one of
these groups are completely restricted from the folder.
You have now reached the end of this tutorial.
130
Setting up a closed system of increasing rights

This tutorial shows how to set up the basis for a closed security model, wherein
groups of users are first denied rights to all objects on the system by default. As
you add folders and subfolders to the system, you increase the rights of users and
groups, as required, so they can access their Crystal Enterprise content.
In this scenario, you are creating folders for several groups within your
organization. These are your security requirements for each folder:
The majority of your reports should be inaccessible to most users.
Administrators require Full Control access to all folders and objects on the
system.
The Sales groups need a hierarchy of folders containing management reports
and regional reports:
Only the Sales Managers can view the management reports and all regional
reports.
Sales staff can only view reports for their own region.
For a lengthier, more detailed tutorial, see Setting up an open system of
decreasing rights on page 112.
Restricting access from the top-level folder

The first step is to set object rights on the top-level Crystal Enterprise folder. This
folder serves as the root for all other folders and objects that you add to the system.
Each subfolder, report, or other object that you add to this top-level folder will inherit
rights from this folder by default. So, by setting rights here first, you minimize the
need to repeatedly customize object rights throughout your folder hierarchy.
With this procedure, you set security on the top-level folder in order to meet your
first two security requirements:
The majority of your reports should be inaccessible to most users.
Administrators require Full Control access to all folders and objects on the
system.
Note: This procedure gives the Everyone group No Access to all published
content. This is how you set the basis for a closed security model. Do not use
advanced rights to explicitly deny rights to the Everyone group (or any other
group) at the top-level folder of your Crystal Enterprise system, because once a
right has been explicitly denied, you have to break all inheritance patterns in
order to grant the same right further down the folder hierarchy.
131
To change the rights on the top-level folder

You need only reduce the rights of the Everyone group.

3 Click the Access Level list that corresponds to the Everyone group, and select
No Access.
4 Click Update.
The rights for the Everyone group are reduced and No Access is displayed in
the Net Access column.
Now, your system meets your first two security requirements. The Everyone
group is prevented from seeing all subsequently published content, and the
Administrators group retains Full Control in order to maintain the system.
Now that you have created a closed basis for your object security model, you will
increase access to certain folders within the system.
132
Increasing access by descending the folder hierarchy

The remaining security requirements for this tutorial are related to the Sales group
and its subgroups. They require a hierarchy of folders containing management
reports and regional reports. Because this tutorial sets up a system of increasing
rights, the most secure content will be stored at the top of the directory tree.
With these procedures, you create the folder hierarchy and set access levels in
order to meet the remaining security requirements:
Only the Sales Managers can view the management reports and all regional
reports.
Sales staff can only view reports for their own region.
To provide minimal access to the management reports

2 Click New Folder.
3 On the Properties tab, in the Folder Name field, type Management Reports
4 Click OK.
The new folder is created and the page is refreshed.
5 On the Rights tab, click Add/Remove.

7 In the Available Groups list, select Sales Managers.
133

You are returned to the Rights tab of the Management Reports folder.
9 Click the Access Level list for the Sales Managers group, and select View.
10 Click Update.
The Rights tab now shows that the Sales Managers group has View access to
this folder and to any objects that you subsequently publish to it. As required,
the Everyone and Administrators groups have inherited the rights that you set
on the top-level Crystal Enterprise folder.
Now you need only create folders for the regional reports and grant access to the
appropriate regional Sales groups.
To provide selective access to the regional reports

1 If you are not already there, go to the Management Reports folder.
2 On the Subfolders tab, click New Folder.
3 On the Properties tab, in the Folder Name field, type Regional Reports - JP
4 Click OK.
The new folder is created and the page is refreshed.
5 On the Rights tab, click Add/Remove.
7 In the Available Groups list, select Sales Japan.
You are returned to the Rights tab of the Management Reports folder.
9 In the Access Level list for the Sales Japan group, select View.
134
10 Click Update.
The Rights tab now shows that the Sales Japan group has View access to this
folder and to any objects that you subsequently publish to it. The
Administrators, Everyone, and Sales Managers groups automatically inherit
the appropriate rights for this folder.
11 Repeat this procedure to create a subfolder called Regional Reports - USA and
to provide the Sales USA group with View access to the folder.
When you finish, the Rights tab of the Regional Reports - USA folder shows that
you have set the rights as required for this tutorial.
You have now reached the end of this tutorial.
135
136
Managing Report Objects and Instances
This chapter describes the management of report objects

and instances using the Crystal Management Console. It
includes information on scheduling and choosing the
settings for a report object, such as the format, the intended
destination, the rights settings, and so on.
137
Report objects and instances overview
Report objects and instances overview

This chapter explains how to manage report objects and schedule report instances
through the Crystal Management Console (CMC).
This chapter contains two parts:
Report object management
This section describes managing report objects at the general level. It describes
general object management concepts that apply to all objects, such as moving,
copying, deleting objects, and so on.
For details, see Report object management on page 139.
Managing a report object and its instances
This section outlines the steps involved for managing a selected report object
and its instances. This section provides information on scheduling a report,
selecting the output format and destination, setting the object rights, and so on.
There is also information on scheduling a report with events in this section.
For details, see Managing a report object and its instances on page 146.
Note: When you update a report object from the CMC, your changes affect users
who schedule and view reports through Crystal Enterprise; for instance, if you
change the parameter settings for a report object, when users schedule and view
reports through a web-based client such as ePortfolio or a custom web application,
the parameter information will be changed for them as well. As such, if you dont
want to change the settings of a report object and its instances permanently, then
schedule reports through ePortfolio or a custom web application. For information
on ePortfolio, see the Crystal Enterprise ePortfolio Users Guide.
What are report objects and instances?

A report object is an object that is created using a Crystal designer component
(such as Crystal Reports or Crystal Analysis). Report objects contain report
information (such as database fields). When you schedule a report, Crystal
Enterprise generates an instance or instances of the object. A report object can be
made available to everyone or to individuals in selected user groups.
Note: When you publish a report object to Crystal Enterprise, only the structure of
the report (the template information) is saved; that is, the published report object
contains no saved data.
Crystal Enterprise creates report instances from report objectsthat is, an instance
is created when a report object is processed by the Job Server. Essentially, an
instance is a report object that contains report data that is retrieved from one or
more databases. Each instance contains data that is current at the time the report,
query, or program is processed.
138
9: Managing Report Objects and Instances
Typically, report objects are designed such that you can create several instances
with varying characteristics. You can schedule a report object to have several
instances. For example, if you run a report object with parameters, you can
schedule one instance that contains report data that is specific to one department
and schedule another instance that contains information that is specific to another
department, even though both instances originate from the same report object.
Changes that are made to the report object affect the scheduled instances. These
changes also affect instances that users schedule through a Crystal Enterprise
application, such as ePortfolio or a custom web application.
The sections that follow explain how to manage either a report object or an instance
of a report object.

After publishing report objects to Crystal Enterprise, you can copy, move, or create
a shortcut for a report, use processing extensions, delete a report object, or search
for a report. You manage report objects through the Crystal Management Console
(CMC) from going to the Objects management area. Use folders to organize and
facilitate report object administration for you and your users. For more
information, see Managing User Folders on page 71.
Publishing a new report object

In addition to using the CMC to publish a report object, you can use the Crystal
Publishing Wizard or a Crystal designer (such as Crystal Reports or Crystal
Analysis) to save your report directly to your Enterprise folders. For detailed
information on publishing, see Publishing overview on page 74. After
publishing a report, you can schedule an instance of the report.
Note: When you publish a report object to Crystal Enterprise, only the structure
of the report (the template information) is saved; that is, the published report
object contains no saved data.
To publish a new report object

2 Click New Report.
139
3 In the File name field, type the full path of the report.
To search for a path, click Browse.
Tip: To display thumbnails for a report, you must save the report with data
and select the Save preview picture check box in Crystal Reports. To locate
this check box in Crystal Reports 8.x, open a report and click Summary Info on
the File menu. The Save Data with Report option is also available on the File
menu.
Tip:
To expand a folder, select it and click Show Subfolders.
To search for a specific folder, use the Look For field.
If there are many folders on your system, click the Previous and Next
buttons to navigate through the list of folders.
6 Click OK.
Note: When the object has been added to the system, the CMC displays the
Properties screen. You can now modify the objects properties, such as its title
and description, the database logon information, scheduling information, user
rights, and so on. For more information, see Managing a report object and its
instances on page 146.
140
Copying, moving, or creating a shortcut for a report

Use this procedure to copy, move, or create a shortcut to a report object within
Crystal Enterprise:
Copy creates another copy of the report object in a different location. The
new copy of the report inherits all object rights from its new parent folder.
Move changes the location of the report object from one folder to another.
The report object retains its original set of object rights.
Create shortcut enables you to give users access to the report when you
dont want them to access the folder that the actual report object is located in.
The shortcut inherits object rights from its parent folder, and these rights
override the object rights set on the report itself.
To copy, move, or create a shortcut for a report object

2 Select the check boxes associated with the report objects you want to copy,
move, or create a shortcut for.
3 Click Copy/Move/Shortcut.
The Copy/Move/Create Shortcut page appears.
4 Select one of the three following options:

Copy to
Move to
Create shortcut in
141
Tip: You may want to create a shortcut if you want to give someone access to a
report object without giving them access to the entire folder that the report
object is located in. After you create the shortcut, users who have access to the
folder where the shortcut is located can now be able to access this report object
and its instances. For more information on folder rights, see Specifying folder
rights on page 68.
5 Select the appropriate destination folder; then click OK.
Tip:
To expand a folder, select it and click Show Subfolders.
To search for a specific folder, use the Look For field.
If there are many folders on your system, click the Previous and Next
buttons to navigate through the list of folders.
Applying processing extensions to reports

Crystal Enterprise supports the use of customized processing extensions. A
processing extension is a dynamically loaded library of code that applies your
business logic to particular Crystal Enterprise view or schedule requests before
they are processed by the system. This section shows how to register your
processing extension with Crystal Enterprise, and how to apply an available
processing extension to a particular report object.
For general information about processing extensions and how you can use them to
customize report processing and security, see Processing extensions on page 24.
For information on writing your own processing extensions with the Processing
Extension API, see the reference section of the Crystal Enterprise Web Developers
Guide.
Note: On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded
libraries are often referred to as shared libraries (.so file extension). You must
include the .dll or .so file extension when you name your processing extensions.
Also, file names cannot include the \ or / characters.
Registering processing extensions with the system

Before you can apply your processing extensions to particular objects, you must
make your library of code available to each machine that will process the relevant
schedule or view requests. The Crystal Enterprise installation creates a default
directory for your processing extensions on each Job Server and Page Server. It is
recommended that you copy your processing extensions to the default directory
on each server. On Windows, the default directory is C:\Program Files\Crystal
Decisions\WCS\ProcessExt; on UNIX, it is the crystal/processext directory.
Tip: It is possible to share a processing extension file. For details, see Sharing
processing extensions between multiple servers on page 145.
142
Depending upon the functionality that you have written into the extension, copy
the library onto the following machines:
If your processing extension intercepts schedule requests only, copy your
library onto each machine that is running as a Job Server.
If your processing extension intercepts view requests only, copy your library
onto each machine that is running as a Page Server.
If your processing extension intercepts schedule and view requests, copy your
library onto each machine that is running as a Job Server and/or as a Page
Server.
Note: If the processing extension is required only for schedule/view requests
made to a particular Server Group, you need only copy the library onto each Job
Server/Page Server in the group.
To register a processing extension with the system

2 Click Extensions.
3 In the Name field, type a display name for your processing extension.
4 In the Location field, type the file name of your processing extension along
with any additional path information:
If you copied your processing extension into the default directory on each of
the appropriate machines, just type the file name (but not the file extension).
If you copied your processing extension to a subfolder below the default
directory, type the location as: subfolder/filename
Note: Although the actual file name must include the .dll or .so extension (as
appropriate to the servers operating system), you must not include the file
extension in the Location field.
5 Use the Description field to add information about your processing extension.
6 Click Add.
Tip: You can now select this processing extension to apply its logic to particular
objects.To delete a processing extension, select its check box and click Delete.
143
Selecting a processing extension for a report

2 Click the link to the report object that you want to apply your processing
extension to.
3 Click the objects Filters tab.
4 Select your processing extension in the Available Processing Extensions list.

Note: Your processing extensions appear in this list only after you have
registered them with the system.
5 Click Add.
Tip: You may apply more than one processing extension to a report object.
Repeat steps 4 and 5 for each processing extension; then use the up and down
arrows to specify the order in which the processing extensions should be used.
6 Click Update.
Your processing extension is now enabled for this report object.
144
Sharing processing extensions between multiple servers

If you want to put all processing extensions in a single location, you can override
the default processing extensions directory for each Job Server and Page Server.
First, copy your processing extensions to a shared directory on a network drive
that is accessible to all of the Job Servers and Page Servers. Map (or mount) the
network drive from each Job Server and Page Server machine.
Note: Mapped drives on Windows are valid only until you reboot the machine.
For details, see Server resources must be available on local drives on page 319.
If you are running servers on both Windows and on UNIX, you must copy a .dll
and an .so version of every processing extension into the shared directory. In
addition, the shared network drive must be visible to Windows and to UNIX
machines (through Samba or some other file-sharing system).
Finally, change each servers command line to modify the default processing
extensions directory. Do this by adding -report_ProcessExtPath <absolute
path> to the command line. Replace <absolute path> with the path to the new
folder, using whichever path convention is appropriate for the operating system
that the server is running on (for example, M:\code\extensions, /home/shared/code/
extensions, and so on).
The procedure for making this modification depends upon your operating system:
On Windows, use the CCM to stop the Job Server/Page Server. Then open the
servers Properties to modify the command line. Start the server again when
you have finished.
On UNIX, run ccm.sh to the Job Server/Page Server. Then edit ccm.config to
modify the servers command line. Start the server again when you have
finished. For reference, see ccm.sh on page 280.
Deleting a report object

You can delete either a single report object or multiple report objects. You can also
delete a folder (by selecting a folder and clicking Delete in the Folders management
area), which results in all of the objects and instances that are stored in the folder
to be deleted as well. As well, you also have the option of deleting report instances,
rather than the report object. For more information, see Managing the history of
report instances on page 149.
Note: When you delete a report object, all of its existing instances and scheduled
instances will be deleted.
To delete a report
The Objects page appears.
2 Select the check boxes associated with the report object.
3 Click Delete.
4 Click OK.
145
Searching for a report

The search feature enables you to search for specific text within report objects.
To search for a report or reports

2 Click Search.
3 Select your search criteria in the Field Name list and Matching method list.
4 Complete the Text to search for field; then click Search.

To change the settings of a report object and its instances, in the Crystal Management
Console (CMC), go to the Objects management area and then select a report by
clicking its link, which is located in the Object Title column. Once you have selected
your report, click the appropriate tab to change the report object and instances settings.
Tip: You can also manage a report by going to the Folders management area in the
CMC, selecting a folder (and any subfolders) by clicking the appropriate link(s),
and selecting the report object that is located under the Report Title column.
This section details the following procedures:
Changing properties of a report and specifying servers for scheduling on
page 147
Managing the history of report instances on page 149
Changing database information on page 150
Updating parameters on page 151
Using filters on page 152
Scheduling a report instance on page 153
Selecting a destination on page 166
Choosing a format on page 173
Setting instance limits for a report object on page 174
Setting object rights for users and groups on page 176
146
Changing properties of a report and specifying servers for scheduling

In the Properties page of a report object, you can change the report title, view the
file name and location of the report object, view and modify the description of the
report object, and select the default servers to use for scheduling.
The Preview button enables you to view a report on demand with all of your
current report settings. The report will be generated from saved data; if there is no
saved data available (for example, if there are no instances of the report), Crystal
Enterprise will connect to the specified database to obtain the necessary data
required for generating the report. In order to use the Preview function, the user
will need to have rights at the Schedule level or higher. (To preview a report with
147
saved data, the user will need to have rights at the View level or higher.) By
default, administrators have rights at the Full Control level (the highest rights
setting) for all report objects.
When you click the Refresh button, the page will be updated with the latest
information. The Show thumbnail check box is selected by default. If you do not
want a thumbnail preview of this report to be available in ePortfolio or another
web application, clear the Show thumbnail check box.
Note: A thumbnail is a graphical representation of the first page of a report. If the
original report does not contain a thumbnail, then a thumbnail will not be stored
on Crystal Enterprise.
In the Properties page, you have the option of specifying the default job servers
that Crystal Enterprise will use when scheduling and processing report instances.
You can also specify the default job servers for Crystal Enterprise to use when you
view a report. You can choose your settings so that Crystal Enterprise will use the
first available server, attempt to use the servers belonging to a selected group first
(and, if the servers from that group arent available, use any available server), or
use only servers that belong to a specific group.
By selecting a particular server or server group, you can balance the load of your
scheduling or viewing, as specific reports can be processed using specific job servers.
You must first create server groups by going to the Server Groups management area
in the CMC before you are able to select servers that belong to a selected group. You
can also set the maximum number of jobs a job server will accept. For more
information, see Modifying the number of jobs per Job Server on page 222.
Note: If you choose the Use the first available server option, the Automated
Process Scheduler (APS) will check the job servers to see which one has the lowest
load. The APS does this by checking the percentage of the maximum load on each
job server. If all of the job servers have the same load percentage, then the APS
will randomly pick a job server.
To specify the server group for an object

1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Properties tab.
3 In the Default Servers To Use For Scheduling area, choose from one of the
three options:
Use the first available server
Crystal Enterprise will use the server that has the most resources free at the
time of scheduling.
Give preference to servers belonging to the selected group
Select a server group from the list. This option will attempt to process the
report from the servers that are found within your server group. If the
specified servers are not available, then the report will be processed on the
next available server.
148
Only use servers belonging to the selected group

This option ensures that Crystal Enterprise will only use the specified
servers that are found within the selected server group. If all of the servers
in the server group are unavailable, then the report will not be processed.
4 Click Update.
Managing the history of report instances

The History page displays all of the report instances for a selected report object.
The Instance Time column displays the title of the report instances and the date of
the last update for each instance. The Status column displays the status of each
report instance. The Format column displays which format the report is, or will be
stored in. Information about who ran the report instances and what parameters are
found in the report instances are listed in the Run By and the Parameters columns.
You can manage report instances in the History page. You can also view a specific
report instance (with its saved data).
To manage report instances

its link.
2 Click the History tab.
The History tab appears.
3 Select a report instance or instances by selecting the appropriate check boxes.

4 Click either Run Now, Pause, Resume, Delete, Select All, Clear All, or Refresh.
Note: If you click Run Now, a new report instance will be generated (which
uses the current settings of the report object).
To view a report instance

1 Select a report object in the Objects management area of the CMC.
2 Click the History tab.
The History page appears.
3 Click an instance in the Instance Time column to view the specific report instance.
149
Changing database information

You can set the default database logon information on the Database page for a
report. The Database page displays the data source or data sources for your report
object and its instances. You can change the logon name and password of the
database and choose to prompt the user for a new logon name and password when
he or she views a report instance.
To change database settings

its link.
2 Click the Database tab.
The Database tab appears.
3 In Data Source(s) list, select the data source.

4 Update the Logon Name and Password fields as necessary.
5 Select the Prompt the user for new value(s) when viewing check box if you
want users to be prompted for a password when they refresh a report after
viewing it once.
Note: This option has no effect on a scheduled instance. Also, Crystal
Enterprise only prompts users when they first refresh a report; that is, if they
refresh the report a second time, they will not be prompted.
6 Click Update.
150
Updating parameters
Parameter fields (with preset values) enable users to view and to specify the data
that they want to see. If a report contains parameters, you can set the default
parameter value for each field or fields (which is used whenever a report instance
is generated). Through a Crystal Enterprise application such as ePortfolio, your
users are either able to use the report with the preset default value(s) or choose
another value or values. If you do not enter a default value, users will have to
choose a value when they schedule the report.
Note: The Parameters tab is available only if the report object contains parameters.
To view parameter settings

its link.
2 Click the Parameters tab.
3 Under the Value column, select the value associated with the parameter you
want to change.
Depending on the parameter value type, you either enter a value in the field or
choose a value from a list. If there is a list, you can also click Edit to enter a new
value.
4 Select the Clear the current parameter value(s) check box if you want to clear
the current value that is set for the specified parameter.
5 Select the Prompt the user for new value(s) when viewing check box if you
want your users to be prompted when they view a report instance through a
Crystal Enterprise application such as ePortfolio.
6 Click OK.
7 Click Update.
151
Using filters
In the Filters page, you set the default selection formulas for the report. Selection
formulas are similar to parameter fields in that they are used to filter results so that
only the required information is displayed. Unlike parameters, end users will not
be prompted for selection formula values when they view or refresh the report.
When users schedule reports through a web-based client such as ePortfolio, they
can choose to modify the selection formulas for the reports. By default, if any
formulas are set in the CMC, they will be used by the web-based client. For more
information on selection formulas, see the Crystal Reports Users Guide.
In addition to changing selection formulas, if you have developed your own
processing extensions, you can select the processing extensions that you want to
apply to your report. For more information, see Applying processing extensions
to reports on page 142. When you use filters in conjunction with processing
extensions, a subset of the processed data is returned. Selection formulas and
processing extensions act as filters for the report.
To use filters
its link.
2 Click the Filters tab.
The Filters tab appears.
152
3 Update or add new selection formulas.

Record Selection Formula
Use the Record Selection Formula to create or edit a record selection
formula or formulas that limit the records used when you or a user
schedules a report.
Group Selection Formula
Use the Group Selection Formulas to create or edit a group selection
formula or formulas that limit the groups used when you or a user
schedules a report.
4 In the processing extensions area, where appropriate, select a processing
extension from the Available Processing Extensions list and then click Add.
5 Click Update.
Scheduling a report instance

When you schedule a report, Crystal Enterprise generates a report instance which
contains the relevant information from the database (or databases) at the time the
report is run. Your report instance uses all of the settings that you have set in the
CMC for the report object. The following sections provide information on
scheduling reports in various ways, such as scheduling a daily or monthly report.
Note:
Your end users, when using Crystal Enterprise to schedule and run reports,
should use a web-based client such as ePortfolio or a custom web application.
ePortfolio is designed primarily for report scheduling and viewing (whereas
the CMC enables you to manage and administer report properties and settings
in addition to scheduling and viewing reports).
For many of the scheduling options, you can choose to schedule a report
instance with events. For information on events, see Scheduling a report with
events on page 163.
Scheduling on demand
When you select the schedule On Demand option, a report instance runs only
when users schedule a report through their web application (ePortfolio or a
custom web application). For more information on ePortfolio, see the Crystal
Enterprise ePortfolio Users Guide.
To set a report to be scheduled on demand

its link.
2 Click the Schedule tab.
The Schedule tab appears.
153
3 Select the On Demand option.
4 Complete the following fields:

Number of retries allowed
This number indicates the number of times a job server will attempt to process
a report if the first attempt is not successful. By default, the number is zero.
Retry interval in seconds
Crystal Enterprise will wait for the specified number of seconds to pass
before attempting to process a report again (if the first attempt failed). The
default setting is 1800 seconds.
5 Click Update.
Scheduling a report to run once

This option enables you to schedule a report to run once, whether it is run
immediately, or at a specific time. You can also schedule a report with events. For
detailed information on applying events, see Scheduling a report with events on
page 163.
To schedule a report to run once

its link.
3 Select the Once option.
154
The page refreshes.
4 In the Run list, select from the following:

Now
If you select this option, the report will be run immediately.
Now, with events
Choose this option to use the event or events that you have already defined.
At a specific time
Select a start date in the Start Date area and an optional end date in the End
Date area. To select a date, you can either enter a date in the date field, or
click the Popup Calendar button to select a date from the calendar that
appears in a separate window.
At a specific time, with events
Choose this option to use the event or events that you have already
defined. Select a start date in the Start Date area and an optional end date in
the End Date area. To select a date, you can either enter a date in the date
field, or click the Popup Calendar button to select a date from the calendar
that appears in a separate window.
5 Regardless of which option you select from the Run list, complete the
following fields:
This number indicates the number of times a job server will attempt to
process a report if the first attempt is not successful. By default, the number
is zero.
6 Click Schedule to schedule the report; click Update to update the schedule
information.
155
Scheduling a daily report

When you schedule a daily report, you can choose to have a report run every day
at a specified time, every set number of hours and minutes, or every specified
number of days. A separate report instance is created each time a report is run. You
can also schedule a report with events. For more information on events, see
Scheduling a report with events on page 163.
To schedule a daily report

its link.
3 Select the Daily option.
The page refreshes.

Once each day
The report will be run once a day, and will begin on the day and time that
you specify in the Start Date area. You can also select an optional end date
for the report in the End Date area. To select a date, you can either enter a
date in the date field, or click the Popup Calendar button to select a date
from the calendar that appears in a separate window.
Daily, with events
defined. The report will be run once a day, and will begin on the day and
time that you specify in the Start Date area. You can also select an optional
end date for the report in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
156
Every X hour(s), N minute(s)

For this option, the report will be run every X hour(s) and N minute(s), and
will start on the day and time that you enter in the Start Date area. You can
also select an optional end date for the report in the End Date area. To select a
date, you can either enter a date in the date field, or click the Popup Calendar
button to select a date from the calendar that appears in a separate window.
To specify the hour and minute values, enter numeric values in the Where X
is field and the Where N is field. By default, X equals 1 and N equals 0.
Every X hour(s), N minute(s), with events
For this option, the report will be run every X hour(s) and N minute(s), and
will start on the day and time that you enter in the Start Date area. You can
also select an optional end date for the report in the End Date area. To select a
date, you can either enter a date in the date field, or click the Popup Calendar
To specify the hour and minute values, enter numeric values in the Where X
is field and the Where N is field. By default, X equals 1 and N equals 0.
Every X day(s)
For this option, the report will be run every X day(s) and will start from the
start date and time that you enter in the Start Date area. You can also select
an optional end date for the report in the End Date area. To select a date,
you can either enter a date in the date field, or click the Popup Calendar
To specify the day value, enter a numeric value in the Where X is field.
By default, X has a value of 1.
Every X day(s), with events
For this option, the report will be run every X day(s) and will start from the
start date and time that you enter in the Start Date area. You can also select
To specify the day value, enter a numeric value in the Where X is field. By
default, X has a value of 1.
following fields:
157
information.
Scheduling a weekly report

When you schedule a weekly report, your report will be run on a weekly basis. You
can also schedule a report with events. For more information on events, see
To schedule a weekly report

its link.
3 Select the Weekly option.
The page refreshes.
158

Every week on
When you select this option, the report will be run once a week, on the day
that you select from the days of the week check boxes. You also specify a
start date in the Start Date area and an optional end date for the report in
the End Date area. To select a date, you can either enter a date in the date
field, or click the Popup Calendar button to select a date from the calendar
that appears in a separate window.
Weekly, with events
defined. When you select this option, the report will be run once a week
(along with events), on the day that you select from the days of the week
check boxes. You also specify a start date in the Start Date area and an
optional end date for the report in the End Date area. To select a date, you
can either enter a date in the date field, or click the Popup Calendar button
to select a date from the calendar that appears in a separate window.
following fields:
information.
Scheduling a monthly report

You can schedule a report so that it runs on a monthly basis, on a certain day of the
month or specified day of the week, on every set number of months, on the first
Monday of the month, or on the last day of the month. You can also schedule a
report with events. For detailed information on applying events, see Scheduling
a report with events on page 163.
159
To schedule a monthly report

its link.
3 Select the Monthly option.
The page refreshes.

On the Nth day of the month
When you select this option, the report will be run once a month, on the
day that you select from the Where N is list (by default, N equals 15, so
reports will be run on the 15th of every month). If you use 31 as your value
for N, then the report will run only on months that have 31 days, and skip
the months that dont have 31 days. Similarly, if you choose either 29, 30, or
31 for N, the report will skip February (on non-leap years). If you wish to
have a report run on the last day of every month, select On the last day of
the month in the Run list.
You specify a start date in the Start Date area and an optional end date for
the report in the End Date area. To select a date, you can either enter a date
in the date field, or click the Popup Calendar button to select a date from
the calendar that appears in a separate window.
On the Nth day of the month, with events
When you select this option, the report will be run once a month, on the day
that you select from the Where N is list (by default, N equals 15, so reports
160
will be run on the 15th of every month). If you use 31 as your value for N,
then the report will run only on months that have 31 days, and skip the
months that dont have 31 days. Similarly, if you choose either 29, 30, or 31
for N, the report will skip February (on non-leap years). If you wish to have
a report run on the last day of every month, select On the last day of the
month, with events in the Run list.
You specify a start date in the Start Date area and an optional end date for
the report in the End Date area. To select a date, you can either enter a date
in the date field, or click the Popup Calendar button to select a date from
the calendar that appears in a separate window.
On the X of the Nth week of the month
When you select this option, the report will be run once a month. You select
the day of the week and which week the report will be run. Select a day of
the week from the Where X list and the particular week of the month from
the Where N list. By default, reports will be run on Monday (X) of the first
(N) week of the month. You also specify a start date in the Start Date area
and an optional end date for the report in the End Date area. To select a date,
On the X of the Nth week of the month, with events
When you select this option, the report will be run once a month. You select
the day of the week and which week the report will be run. Select a day of
the week from the Where X list and the particular week of the month from
the Where N list. By default, reports will be run on Monday (X) of the first
(N) week of the month. You also specify a start date in the Start Date area
and an optional end date for the report in the End Date area. To select a date,
Every N months
For this option, a report will be run every set number of months. By default,
the Where N is field has a value of one, so a report will be run every
month. You specify a start date in the Start Date area and an optional end
date for the report in the End Date area. To select a date, you can either
Every N months, with events
For this option, a report will be run every set number of months. By default,
the Where N is field has a value of one, so a report will be run every
161
On the first Monday of the month

When you select this option, a report will be run on the first Monday of
every month. You specify a start date in the Start Date area and an optional
On the first Monday of the month, with events
defined. When you select this option, a report will be run on the first
Monday of every month. You specify a start date in the Start Date area and
On the last day of the month
When you select this option, a report will be run on the last day of every
On the last day of the month, with events
defined. When you select this option, a report will be run on the last day of
every month. You specify a start date in the Start Date area and an optional
following fields:
information.
162
Scheduling a report with events

When you schedule a report with events, the report will be run only when the
additional condition (that is, the event) occurs. You can tell a report to wait for any,
or all of the three event types: file-based, custom-based, and schedule-based. If you
want a scheduled report to trigger an event, you must choose a schedule-based event.
Note: A file-based event is triggered upon the existence of a specified file. A
custom-based event is triggered manually. A schedule-based event is triggered by
another report being run.
When you schedule a report that waits for a specified event, the report will run
only when the event is triggered, and only when the rest of the schedule conditions
are met. If the event is triggered before the start date of the report, the report will
not run. If you have specified an end date for this report, and if the event is not
triggered before the end date occurs, the report will not run, as not all of the
conditions will have been met. Also, if you schedule a weekly or monthly report,
the report will have a specified time frame in which the report can be processed.
The event must be triggered within this specified time for the report to run. For
example, if you schedule a weekly report that runs every Monday, the event must
be triggered within the 24-hour period on Monday; if the event is triggered outside
of the 24-hour period, then the report will not run.
You can also schedule a report which triggers a schedule-based event upon
completion of the report being run. When the report is run, Crystal Enterprise will
trigger the specified event. For a schedule-based event, if the event is based on the
report instance being run successfully, the event wont be triggered if the report
instance fails (and vice versa). If you select the Both option, then the schedule-based
event will be triggered once the report is run, regardless of whether the report
instance has been successfully generated or not. For a sample scenario on when you
would use a schedule-based event, see Schedule-based events on page 182.
When you schedule a report through the Objects management area, you can
specify in the Run list in the Schedule page whether you want to schedule a report
with events or not. For detailed information on scheduling reports without events,
see Scheduling a report instance on page 153.
To schedule a report with events, first ensure that you have created an event in the
Events management area. When you schedule a report, select any Run option
which includes the phrase, with events. For more information on creating events
(and sample scenarios for each type of event), see Managing events overview on
page 180.
163
To select an event or events to wait for

its link.
3 Select and complete the schedule parameters for your report (scheduling
option, Start Date, End Date, and so on).
4 In the Run list, select a run option that contains the words, with events.
5 In the Available Events area, select from the list of events and click Add.
For example, the report above is set to wait for a Custom-based event to occur
before the report is processed.
information.
164
To trigger a schedule-based event or events upon completion

its link.
3 Select and complete the schedule parameters for your report (scheduling
option, Start Date, End Date, and so on).
4 In the Run list, select a run option that contains the words, with events.
5 In the Available Schedule Events area, select from the list of events and click
Add.
For example, the report above is set to trigger a Schedule-based event only if the
report is successfully processed.
Note: You can only select schedule-based events in this list.
information.
165
Selecting a destination
Using Crystal Enterprise, you can specify the output destination of a scheduled
report. By default, when you schedule a report, the report instances will be saved
on the File Repository Server (FRS). The option to choose a destination provides
you with the flexibility to deliver reports across your enterprise solution in
different and applicable ways. For example, you are able to schedule reports that
will be sent via email to other users. You can also schedule reports that, upon
generation, will be printed.
When users schedule objects to specific destinations (other than the default FRS
location), Crystal Enterprise generates a unique name for each output file. To
generate a file name, users can use a combination of ID, name or title of the object,
owner information, or the date and time information.
The following destination support locations are available:
Default destination support on page 166
Unmanaged disk destination support on page 167
FTP support on page 168
Email (SMTP) support on page 170
Printer support on page 172
Note: You can change your destination settings either in the Crystal Management
Console (CMC) or in ePortfolio. When you specify the destination settings through
the CMC, these settings are also reflected in the default scheduling settings for
ePortfolio; that is, if a user selects the Default destination setting in ePortfolio, the
report will be delivered to the specified destination (set by the CMC).
Default destination support

By default, scheduled reports are saved to the File Repository Server (FRS). If you
want to save report instances to the FRS, select this option.
To set your destination to default

its link.
2 Click the Destination tab.
The Destination tab appears.
3 Select Default from the Destination list.
4 Click Update.
166
Unmanaged disk destination support

You can specify the location where a report instance will be saved when it is
scheduled by you or another user.
Note:
The location must be a local or mapped directory on the processing server, or
the location must be a Universal Naming Convention (UNC) path.
The processing server must have sufficient rights to the specified location.
You must have this destination feature enabled in the Job Server in order to use
unmanaged disk destination support. For more information on the Job Server,
see Setting default scheduling destinations for Job Servers on page 223.
To set your destination to unmanaged disk

its link.
3 Select Unmanaged Disk from the Destination list.
167
4 Select either Use the Crystal Job Servers defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule a report using the
Job Servers default settings. You can change these settings in the Servers
management area. For more information, see Setting default scheduling
destinations for Job Servers on page 223.
If you select the second option, you can set the file name properties and enter
user information:
Destination Directory
Enter a local location, mapped location, or a UNC path.
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
Specified File Name
Select this option if you want to specify a file nameyou can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add. When the instance is run, the
variable will be replaced with the specified information from the instance.
For example, if you add the variable Owner, when you schedule the
report, the file name of report will include the report owners name.
User Name
Specify a user who has permission to write files to the destination directory.
Password
Type the password for the user.
5 Click Update.
FTP support
Crystal Enterprise enables you and your users to schedule a report to a File
Transfer Protocol (FTP) server. To connect to the FTP server, you must specify a
user who has the necessary rights to upload files to the server.
Note: You must have this destination feature enabled in the Job Server in order to
schedule a report to an FTP server.
To set an FTP server as the destination

its link.
168
3 Select FTP from the Destination list.
management area. For more information see Setting default scheduling
If you select the second option, you can set the FTP and file name properties:
Host
Enter the FTP host information.
Port
Enter the FTP port number (the default is 21).
FTP User Name
Specify a user who has the necessary rights to upload a report to the FTP
server.
169
FTP Password
Enter the users password.
Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
Enter the FTP directory that you want the report to be saved to.
name.
Specified File Name
Select this option if you want to enter a file nameyou can also add a
variable property from the list and click Add.
5 Click Update.
Email (SMTP) support

With Simple Mail Transfer Protocol (SMTP) mail support, you and your users can
do the following:
Send an object as an attachment in the email.
Specify the To, Cc, and From in the email.
Add subject information.
Include additional information in the body message, which will accompany
the object that is being delivered.
Crystal Enterprise supports Multipurpose Internet Mail Extensions (MIME)
encoding.
Note: You must have this destination feature enabled in the Job Server in order to
schedule a report to be sent via email.
To send a report via email

its link.
170
3 Select Email (SMTP) from the Destination list.
management area. For more information, see Setting default scheduling
171
If you select the second option, you can specify the email settings and the file
name properties:
From
Enter a return address.
To
Enter an address or addresses that you wish to send the report to.
Cc
Enter an address or addresses that you wish to send a carbon copy of the
report to.
Subject
Complete the subject field.
Message
Type a short message, if required.
name.
Specified File Name
5 Click Update.
Printer support
You can specify printers that are referenced from within Crystal Enterprise as your
report destination. Enter the name of your printer (and the path) when you specify
the destination for your report. By selecting the Printer destination, Crystal
Enterprise prints your report after it is processed.
Note: If you select Printer as your destination, the report must be scheduled using
the Crystal Reports format. For information on formats, see Choosing a format
on page 173.
To assign a printer name

its link.
172
3 Select Printer from the Destination list.
4 Complete the Printer Name field (with the path/name of your printer), select
the number of copies, and choose the print page range.
If your Job Server is using Windows, in the Printer Name field, type:
\\printserver\printername
Where printserver is the name of your printer server, and printername is the
name of your printer.
If your Job Server is running on UNIX, in the Printer Name field, type the print
command that you normally use. For instance, type:
lp -d printername
Note: Ensure that the printer you are using (on UNIX) is shown and not
hidden.
5 Click Update.
Choosing a format
You can select the format that a report will be saved in when it is generated by
Crystal Enterprise. This format will be saved to the destination you have selected
for the report object and its instances. For more information on destinations, see
Selecting a destination on page 166. You can select from the following formats:
Crystal Report
Excel
Word
Acrobat
Rich Text
Plain Text
173
Paginated Text
Tab-separated Values
Character-separated Values
For Excel, Paginated Text, Tab-separated Values, and Character-separated Values,
you specify certain formatting properties for the report. For example, if you select
Character-separated Values, you can enter characters for the separator and
delimiter; you can also select the two check boxes: Same number formats as in
report and Same date formats as in report.
Note: If you select Printer as your destination, the report must be scheduled using
the Crystal Report format.
To select a format for the report

its link.
2 Click the Format tab.
The Format tab appears.
3 Select a format from the Format list.

4 Complete any fields that appear below the list and select (where appropriate)
the check boxes that appear.
5 Click Update.
Setting instance limits for a report object

In the Limits page, you can set the limits for the selected report object and its
instances. You set limits to automate regular clean-ups of old Crystal Enterprise
content. At the report object level, you can limit the number of instances that
remain on the system for the report object or for each user or group; you can also
limit the number of days that an instance remains on the system for a user or group.
In addition to setting the limits for the report objects from the Objects management
area, you can also set limits at the folder level. When you set limits at the folder
level, these limits will be in effect for all objects that reside within the folder
174
(including any objects found within the subfolders). For information on setting
folder limits, see Setting limits for folders, users, and groups on page 70.
Note: When you set the limits at the report object level, the report object will
override the limits set for the folder; that is, the report object will not inherit the
limits of the folder.
To set limits for report instances

its link.
2 Click the folders Limits tab.
The Limits tab appears.
3 Make your settings according to the types of limits you want to set for your
report instances. The options are as follows:
Delete excess instances when there are more than N instances of an object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
Delete excess instances for the following users/groups
To limit the number of instances for users or groups, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
Delete instances after N days for the following users/groups
To limit the number of days that instances are saved for users or groups,
click Add/Remove in this area. Select from the available users and groups
and click OK. Then type the maximum age of instances in the Maximum
Days column. (The default value is 100.)
4 Click Update.
175
Setting object rights for users and groups

Object rights enable you to set access levels for your users and groups. You control
which folders, reports, and other objects users and groups can access using Crystal
Enterprise. You set security settings at the report object levelthese settings are
reflected in the instances for the report object.
To facilitate administration, Crystal Enterprise includes a set of predefined rights
(access modes) that allow you to set common security levels quickly. These
include the following:
Inherited Rights
No Access
View
Schedule
View On Demand
Full Control
Advanced
In addition to setting user and group rights for report objects from the Objects
management area, you can also set user and group rights at the folder level. When
you set rights at the folder level, these limits will be in effect for all objects that
inherit rights from the folder (including any objects found within the subfolders).
For detailed information on the different access modes for object rights and
information on inherited rights, see Object rights overview on page 96.
To add groups or users to an objects rights settings

its link.
The Rights tab appears.
3 Click Add/Remove.
176
4 Select an option in the Select Operation list.

5 Select the group(s) or user(s) you would like to add or remove.
6 Click the > arrow to add the group(s) or user(s); click the < arrow to remove
the group(s) or user(s).
Tip:
To search for a specific user or group, use the Look For field.
If there are many users or groups on your system, click the Previous and
Next buttons to navigate through the list of folders.
7 Click OK.
To change a group or users report rights

its link.
The Rights tab appears.
3 Change the access level for a group or user by selecting a right from the
appropriate list in the Access Level column; then click Update.
If you select Advanced from the list, you grant or deny granular rights from the
Advanced Rights page. If this page doesnt appear automatically after you click
Update, click the Advanced link (in the Net Access column). For more
information, see Setting advanced object rights on page 100.
177
178
Managing Events
10
This chapter provides information on creating and

managing events. It describes file-based events, custom
events, and schedule-based events.
179
Managing events overview
Managing events overview

Event-based scheduling provides you with additional control over scheduling
reports: you can set up events so that reports are processed only after a specified
event occurs. Working with events consists of two steps: creating an event and
scheduling a report with events. That is, once you create an event, you can select it
as a dependency when you schedule a report. The scheduled job is then processed
only when the event occurs. This chapter shows how to create events in the Events
management area of the Crystal Management Console (CMC).
You can create three kinds of events:
File events
When you define a file-based event, you specify a filename that the Event
Server should monitor for a particular file. When the file appears, the Event
Server triggers the event. For instance, you might want to make some reports
dependent upon the regular file output of other programs or scripts.
For details, see File-based events on page 181.
Schedule events
When you define a schedule-based event, you select a report whose existing
recurrence schedule will serve as the trigger for your event. In this way,
schedule-based events allow you to set up contingencies or conditions between
scheduled reports. For instance, you might want certain large reports to run
sequentially, or you might want a particular sales summary report to run only
when a detailed sales report is run successfully.
For details, see Schedule-based events on page 182.
Custom events
When you create a custom event, you create a shortcut for triggering an event
manually. Basically, your custom event occurs only when you or another
administrator clicks the corresponding Trigger this event button in the CMC.
For details, see Custom events on page 184.
When working with events, keep in mind that an objects recurrence schedule still
determines how frequently the report runs. For instance, a daily report that is
dependent upon a file-based event will run, at most, once a day (so long as the file
that you specify appears every day). In addition, the event must occur within the
time frame established when you actually schedule the event-based report.
Note: For information on scheduling an event-based report in the Objects
management area of the CMC, see Scheduling a report with events on page 163.
180
10: Managing Events
File-based events
File-based events wait for a particular file (the trigger) to appear before the event
occurs. Before scheduling a report that waits for a file-based event to occur, you
must first create the file-based event in the Events management area of the CMC.
Then you can schedule the report and select this event. For more information on
scheduling a report with events, see Scheduling a report with events on page 163.
File-based events are monitored by the Event Server. When the file that you specify
appears, the Event Server triggers the event. The Automated Process Scheduler
(APS) then releases any schedule requests that are dependent on the event.
For instance, suppose that you want your daily reports to run after your database
analysis program has finished and written its automatic log file. To do this, you
specify the log file in your file-based event, and then schedule your daily reports
with this event as a dependency. When the log file appears, the event is triggered
and the reports are processed.
Note: If the file already exists prior to the creation of the event, the event is not
triggered. In this case, the event is triggered only when the file is removed and
then recreated. If you want an event to be triggered multiple times, you must
remove and recreate the file each time.
To create a file-based event

1 Go to the Events management area of the CMC.
2 Click New Event.
The New Event page appears.
181
Schedule-based events
3 In the Type list, select File.

4 Type a name for the event in the Event Name field.
5 Complete the Description field.
6 In the Server list, select the Event Server that will monitor the specified file.
7 Type a filename in the Filename field.
Note: Type the absolute path to the file that the Event Server should look for
(for example, C:\folder\filename, or /home/folder/filename). The drive and
directory that you specify must be visible to the Event Server. Ideally, the
directory should be on a local drive.
8 Click OK.
Schedule-based events
Schedule-based events are dependent upon scheduled reports. That is, a schedulebased event is triggered when a particular report has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
report, or it can be based simply on the completion of the job.
Most importantly, you must associate your schedule-based event with at least two
scheduled reports. The first report serves as the trigger for the event: when the
report is processed, the event occurs. The second report is dependent upon the
event: when the event occurs, this second report runs. For more information on
scheduling reports with events, see Scheduling a report with events on page 163.
For instance, suppose that you want reports A and B to run only after report C has
run. To do this, you create a schedule-based event in the Events management area.
You specify the Success option for the event, which means that the event is
triggered only when report C runs successfully. Then, you schedule reports A and
B with events, and select your new schedule-based event as the dependency.
Schedule report C with events, and set report C to trigger the schedule-based event
upon successful completion. Now, when report C runs successfully, the schedulebased event is triggered, and reports A and B are subsequently processed.
182
10: Managing Events
To create a schedule-based event

2 Click New Event.
The New Event page appears.
3 In the Type list, select Schedule.

6 In the Event based on area, select from three options:
Success
The event is triggered only upon successful completion of a specified report.
Failure
The event is triggered only upon non-successful completion of a specified
report.
Success or Failure
The event is triggered upon completion of a specified report, regardless of
whether that report was processed successfully or not.
7 Click OK.
183
Custom events
Custom events
A custom event occurs only when you explicitly click its Trigger this event
button. As with all other events, a report based on a custom event runs only when
the event is triggered within the time frame established by the reports schedule
parameters. Custom events are useful because they allow you to set up a shortcut
that, when clicked, triggers any dependent schedule requests.
Tip: When developing your own web applications, you can trigger Custom events
from within your own code, as required. For details, see the Crystal Enterprise Web
Developers Guide.
For instance, you may have a scenario where you want to schedule a number of
reports, but you want to run them after you have updated information in your
database. To do this, create a new custom event, and schedule the reports with that
event. When you update the data in the database and you need to run the reports,
return to the event in the CMC and trigger it manually. Crystal Enterprise then
runs the reports. For more information on event-based scheduling, see
Note: You can trigger a custom event multiple times. For example, you might
schedule two sets of event-based reports to run dailyone set runs in the morning,
and one set runs in the afternoon. When you first trigger the related custom event in
the morning, one set of reports is run; when you trigger the event again in the
afternoon, the remaining set of reports is run. If you neglect to trigger the event in
the morning and trigger it only in the afternoon, both sets of reports run at that time.
To create a custom event

2 Click New Event.
3 In the Type list, select Custom.
6 Click OK.
Note: Before you trigger this custom event, schedule a report that is dependent
upon this event.
To trigger a custom event

2 In the Event Name column, select a custom event by clicking its link.
3 Click Trigger this event.
A message appears: This event has been triggered.
184
Crystal Enterprise Architecture
11
This chapter provides an overview of the Crystal Enterprise

architecture, describes the different components, and
identifies how they work together to distribute reports over
the web.
185
Architecture overview and diagram
Architecture overview and diagram

Crystal Enterprise is a multi-tier system. Although the components are responsible
for different tasks, they can be logically grouped based on the type of work they
perform. If you are new to Crystal Enterprise, use this chapter to gain familiarity
with the Crystal Enterprise framework, its components, and the general tasks that
each component performs.
In Crystal Enterprise, there are four tiers: the client tier, the intelligence tier, the
processing tier, and the data tier. To provide flexibility, the components that make
up each of these tiers can be installed on one machine, or spread across many.
The following diagram illustrates how each of the components fits within the
multi-tier system. Other Crystal products, such as Crystal Analysis and Smart
Reporting Technology, plug in to the Crystal Enterprise framework in various
ways. This chapter describes the framework itself. Consult each products
installation or administration guides for details about how it integrates with the
Crystal Enterprise framework.
The servers are services that run on Windows machines and daemons that run
on UNIX machines. These services can be vertically scaled to take full advantage
of the hardware that they are running on, and they can be horizontally scaled to
186
11: Crystal Enterprise Architecture
take advantage of multiple computers over a network environment. This means

that the services can all run on the same machine, or they can run on separate
machines. The same service can also run in multiple instances on a single machine.
For example, you can run the Web Connector and the Web Component Server on
one machine, while you run the Job Server on a separate machine. This is called
horizontal scaling. If the Job Server is running on a multi-processor computer, then
you may choose to run multiple Job Servers on it. This is called vertical scaling. The
important thing to understand is that, even though these are called servers, they are
actually services and daemons that do not need to run on separate computers.
The remainder of this chapter describes each tier, the key Crystal Enterprise
components, and their primary responsibilities.
Tip: When you are familiar with the architecture and want to customize your
system configuration, see Managing and Configuring Servers on page 195 and
Scaling Your System on page 241.
Client tier
The client tier is the only part of the Crystal Enterprise system that administrators
and end users interact with directly. This tier is made up of the applications that
enable people to administer, publish, and view reports and other objects.
ePortfolio
ePortfolio is the web-based interface that end users access to view, schedule, and
keep track of published reports. Each Crystal Enterprise request that a user makes
in ePortfolio is directed by the web server to the Web Connector, which then
forwards the request to the Web Component Server.
ePortfolio also serves as a demonstration of the ways in which you can use the
Crystal Enterprise Software Development Kit (SDK) to create a custom web desktop
for end users. For more information about the SDK, see the Crystal Enterprise Web
Developers Guide. You can access the guide by clicking its link on the Crystal
Enterprise Launchpad.
Note: Crystal Enterprise supports reports created in versions 6 through 8.5 of
Crystal Reports. Reports created using version 6 and 7 of Crystal Reports appear
in version 8 format when they are launched from ePortfolio.
187
Client tier
Crystal Management Console

The Crystal Management Console (CMC) allows you to perform user management
tasks such as setting up authentication and adding users and groups. It also allows
you to publish, organize, and set security levels for all of your Crystal Enterprise
content. Additionally, the CMC enables you to manage servers and create server
groups. Because the CMC is a web-based application, you can perform all of these
administrative tasks remotely. For more information, see Working with the
Crystal Management Console on page 8.
The CMC also serves as a demonstration of the ways in which you can use the new
administrative objects and libraries in the Crystal Enterprise SDK to create custom
web applications for administering Crystal Enterprise. For more information
about the SDK, see the Crystal Enterprise Web Developers Guide. You can access the
guide by clicking its link on the Crystal Enterprise Launchpad.
Crystal Configuration Manager

The Crystal Configuration Manager (CCM) is a server-management tool that allows
you to configure each of your Crystal Enterprise server components. This tool allows
you to start, stop, enable, and disable servers, and it allows you to view and to
configure advanced server settings such as default port numbers, APS database and
clustering details, SOCKS server connections, and more. In addition, the CCM
allows you to add or remove servers from your Crystal Enterprise system. For more
information, see Working with the Crystal Configuration Manager on page 11.

The Crystal Publishing Wizard is a locally installed Windows application that
enables both administrators and end users to add reports to Crystal Enterprise. By
assigning object rights to Crystal Enterprise folders, you control who can publish
reports and where they can publish them to. For more information, see
Publishing overview on page 74 and Object rights overview on page 96.
The Crystal Publishing Wizard publishes reports from a Windows machine to
Crystal Enterprise servers running on Windows or on UNIX.
Crystal Import Wizard

The Crystal Import Wizard is a locally installed Windows application that guides
administrators through the process of importing users, groups, reports, and
folders from an existing Seagate Info or Crystal Enterprise implementation to
Crystal Enterprise. For more information, see Crystal Import Wizard overview
on page 86.
The Crystal Import Wizard runs on Windows, but you can use it to import
information into a new Crystal Enterprise system running on Windows or on UNIX.
188
Crystal Web Wizard

This Windows application is designed to assist new developers in building and
installing web applications. The wizard lets you create a custom web application
or install a sample project. You can use this wizard as a stand-alone application or
as a Microsoft FrontPage web creation tool. For details, see the wizards online help
and the Crystal Enterprise Web Developers Guide.
Intelligence tier
The intelligence tier manages the Crystal Enterprise system. It maintains all of the
security information, sends requests to the appropriate servers, and stores report
instances.

The Web Component Server (WCS) is the gateway between the Web Connector on
the web server and the rest of the components in Crystal Enterprise. The WCS is
responsible for processing requests from your browser, including Crystal Server
Pages (.csp files), which are used to customize your access to Crystal Enterprise.
As a result, this server also acts as an application server. For further information
on CSP, see Using CSP Scripting in the Crystal Enterprise Web Developers Guide.
Note: In addition to processing CSP requests, the WCS also handles other types of
requests. These include requests from the CMC and the handling of prompts and
database logon requests. When users view reports in HTML format, the WCS is
responsible for converting the report pages (.epf files) to HTML format.
If you are running multiple Cache Servers, the WCS automatically load-balances
reporting requests across the available servers.
189
Intelligence tier
Web Connectors
To communicate with the different types of web servers, the WCS uses a Web
Connector. Crystal Enterprise includes different Web Connectors for different
operating systems and web servers.
If you are running multiple WCS machines, the Web Connector automatically
balances the load across the available servers. Each subsequent Crystal Enterprise
request is sent to the least used WCS. For details about fault-tolerance as it
relates to security, see Ticket mechanism for distributed security on page 26.
For details on installing and configuring Web connectors, see the Crystal Enterprise
Installation Guide. For additional troubleshooting steps, see Troubleshooting path
mappings on page 297.

The Automated Process Scheduler (APS) is responsible for maintaining a database
of information about your Crystal Enterprise system; the other components can
therefore access that data as required. The data stored by the APS includes
information about users and groups, security levels, Crystal Enterprise content,
and servers. This data allows the APS to perform its three main tasks:
Maintaining security
By maintaining a database of users and their associated object rights, the APS
enforces who has access to Crystal Enterprise and the types of tasks they are
able to perform. This also includes enforcing and maintaining the licensing
policy of your Crystal Enterprise system.
Managing objects
The APS keeps track of the location of reports and maintains the folder
hierarchy. By communicating with the Job Server, the APS is able to ensure that
scheduled jobs run at the appropriate times.
Managing servers
By staying in frequent contact with each of the servers in the system, the APS is
able to maintain a list of server status. The WCS accesses this list, for instance,
to identify which Cache Server is free to use for a report viewing request.
Typically, you provide the APS with database connectivity and credentials when
you install Crystal Enterprise, so the APS can create its own database using your
organizations preferred database server. For details about setting up the APS
database, see the Crystal Enterprise Installation Guide. See the Platforms.txt file
included with your product distribution for a complete list of tested database
software and version requirements.
Note:
It is strongly recommended that you back up the APS database frequently. The
backup procedure depends upon your database software. If you are unsure of
the procedure, consult with your database administrator.
190
The APS database should not be accessed directly. System information should
only be retrieved using the API calls that are provided in the Crystal Enterprise
Software Development Kit (SDK). See the Crystal Enterprise Web Developers
Guide for details.
On Windows, the Setup program can install and configure its own Microsoft Data
Engine (MSDE) database if necessary. APS clustering is automatically supported
by the default MSDE database. MSDE is a client/server data engine that provides
local data storage and is compatible with Microsoft SQL Server. If you already
have the MSDE or SQL Server installed, the installation program uses it to create
the APS database. You can migrate your default APS database to a supported
database server later.
For details about configuring the APS, its database, and APS clusters, see
Configuring the intelligence tier on page 204.
File Repository Servers

There is one Input and one Output File Repository Server in every Crystal Enterprise
implementation. The Input File Repository Server contains all of the report objects
that have been published to the system by administrators or end users (using the
Crystal Publishing Wizard, the Crystal Management Console, the Crystal Import
Wizard, or a Crystal designer component such as Crystal Reports). The Output File
Repository Server contains all of the report instances generated by the Job Server(s).
Tip: If you use the Crystal Enterprise SDK, you can also publish reports from
within your own code.
The File Repository Servers are responsible for listing files on the server, querying
for the size of a file, querying for the size of the entire file repository, adding files
to the repository, and removing files from the repository.
Note: The Input and Output File Repository Servers cannot share the same
directories. This is because one of the File Repository Servers could then delete
files and directories belonging to the other.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the APS that
the file-based event has occurred. The APS then starts any jobs that are dependent
upon your file-based event.
After notifying the APS of the event, the Event Server resets itself and again
monitors the directory for the appropriate file. When the file is newly created in the
monitored directory, the Event Server again triggers your file-based event.
191
Processing tier
Cache Server
The Cache Server is responsible for handling all viewing requests from the WCS.
The Cache Server checks whether or not it can fulfill the request with a cached
report page. If it cannot, it passes the request along to the Page Server. The Page
Server runs the report and returns the results to the Cache Server. The Cache
Server then caches the information and returns the data to the WCS. By storing
report pages in a cache, Crystal Enterprise avoids accessing the database each and
every time a report is requested.
If you are running multiple Page Servers for a single Cache Server, the Cache
Server automatically balances the processing load across Page Servers. For more
information, see Modifying Cache Server performance settings on page 216.
Processing tier
The processing tier accesses the data and generates the reports. It is the only tier
that interacts directly with the databases that contain the report data.
Note: If you install Crystal Analysis, your OLAP data is accessed from the WCS in
the intelligence tier.
Job Server
The Job Server processes scheduled reports, as requested by the APS, and
generates report instances (instances are versions of a report object that contain
saved data). To generate a report instance, the Job Server communicates with the
database to retrieve the current data.
Page Server
The Page Servers primary responsibility is to receive page requests from the
Cache Server and to generate Encapsulated Page Format (EPF) pages. The Page
Server then returns the EPF pages to the Cache Server. The EPF pages contain
formatting information that defines the layout of the report. The data for the report
is saved with the report or retrieved on demand from the database.
192
Data tier
The data tier is made up of the databases that contain the data used in the reports.
Crystal Enterprise supports a wide range of corporate databases.
See the Platforms.txt file included with your product distribution for a complete
list of tested database software and version requirements.
Information Flow
This section describes the interaction of the server components in order to
demonstrate how report-processing is performed. This section covers two
different scenarios:
What happens when you view a report? on page 193
What happens when you schedule a report? on page 194
What happens when you view a report?

When a user requests to view a report using ePortfolio, the request is passed from
the web server to the Web Connector. The Web Connector handles all Crystal
Enterprise requests that are made to the web server. The Web Connector then
passes the request to the Web Component Server (WCS), which communicates
with the rest of Crystal Enterprise. Since the request was to view a report, the WCS
passes the request to the Cache Server.
The Cache Server checks to see if it has the requested pages cached. The cached
pages are stored as Encapsulated Page Format (.epf) files. If a cached version of the
.epf file is available, the Cache Server checks with the Automated Process
Scheduler (APS) to see if the user has rights to view the report. If the user is granted
the right to view the report, the Cache Server sends the .epf file to the WCS.
If a cached version of the .epf file is unavailable, the Cache Server requests new .epf
files from the Page Server. The Page Server retrieves the report from the Input File
Repository Server, first checking with the APS to see if the user has rights to view
the report.
Note: If the user is granted View rights to the report object, then the Page Server
will only ever generate pages of the latest report instance. That is, the Page Server
will not retrieve the latest data from the database. If, however, the user is granted
193
Information Flow
View On Demand rights to the report object, then the Page Server will refresh the
report against the database.
If the user has sufficient rights, the Page Server generates the .epf pages and
forwards them to the Cache Server. The Cache Server then caches the .epf files and
sends them to the WCS.
Once the WCS receives the cached or generated .epf files from the Cache Server, it
forwards the pages through the Web Connector to the users web browser. (If the user
is using the DHTML Viewer, the WCS first converts the .epf file to an HTML page.)
What happens when you schedule a report?

When you schedule a report, you instruct Crystal Enterprise to process a report
object at a particular point in time, or on a recurring schedule. For example, if you
have a report based off of your web server logs, you can schedule the report to run
every night on a recurring basis.
Tip: Crystal Enterprise also allows you to schedule jobs that are dependent upon
other events. For details, see Managing events overview on page 180.
When a user schedules a report using ePortfolio, the request is passed from the
web server to the Web Connector. The Web Connector handles all Crystal
Enterprise requests that are made to the web server. The Web Connector then
passes the request to the Web Component Server (WCS), which communicates
with the rest of Crystal Enterprise. Since the request was to schedule a report, the
WCS then passes the request to the Automated Process Scheduler (APS).
When the APS gets the request, it checks to see if the user has sufficient rights to
schedule the report. If the user has sufficient rights, the APS schedules the report
to run at the specified time(s). When the time occurs, the APS passes the job to the
Job Server. The Job Server retrieves the report from the Input File Repository
Server and runs the report against the database, thereby creating an instance of the
report. The Job Server then saves the report instance to the Output File Repository
Server, and tells the APS that it has completed the job successfully.
Tip: For details about multiple time zones, see Supporting ePortfolio users in
multiple time zones on page 321.
194
Managing and Configuring Servers
12
This chapter provides information on a range of server

tasks that allow you to customize the behavior of Crystal
Enterprise. The chapter first covers straightforward tasks
like starting and stopping servers, and then proceeds to
more advanced configuration options, including APS
clustering and other server-specific settings.
195
Server management overview
Server management overview

Crystal Enterprise includes two key administrative tools that allow you to view
and to modify a variety of server settings. These two tools are the Crystal
Management Console and the Crystal Configuration Manager:
Crystal Management Console (CMC)
The CMC is the web-based administration tool that allows you to view and to
modify server settings while Crystal Enterprise is running. For instance, you
will use the CMC when you need to change the status of a server, change server
settings, access server metrics, or create server groups. Because the CMC is a
web-based interface, you are able to configure your Crystal Enterprise servers
remotely over the Internet or through your corporate intranet.
Crystal Configuration Manager (CCM)
The CCM is a program that allows you to view and to modify server settings
while Crystal Enterprise is offline. It also allows you to accomplish tasks that
require you to take Crystal Enterprise offline. For instance, you use the CCM to
stop the Web Component Server (WCS) or the Automated Process Scheduler
(APS), to start Crystal Enterprise after you have stopped the system completely,
and to change the default server port numbers. This tool also allows you to
configure Crystal Enterprise remotely over your corporate network.
You can accomplish some configuration tasks with both tools, while other tasks
must be performed with a specific tool. This chapter takes a task-oriented
approach to server management by first explaining the server settings that are
available to you, and then by showing how to accomplish each task with
whichever tool(s) are appropriate.
Related topics
For an overview of the multi-tier architecture and the Crystal Enterprise server
components, see Crystal Enterprise Architecture on page 185.
For information about creating groups of servers, see Server group overview
on page 254.
With the Crystal Enterprise Software Development Kit (SDK), you can now
access and modify server metrics and settings from your own web
applications. For details, see the Crystal Enterprise Web Developers Guide.
Viewing current metrics

The CMC allows you to view server metrics over the Web. These metrics include
general information about each machine, along with details that are specific to the
type of server. The CMC also allows you to view system metrics, which include
information about your product version, your APS, and your current system activity.
Tip: For an example of how to use server metrics in your own web applications,
see the View Server Metrics sample on the Crystal Enterprise Launchpad.
196
12: Managing and Configuring Servers
Viewing current server metrics

The Servers management area of the CMC displays server metrics that provide
statistics and information about each Crystal Enterprise server. The general
information displayed for each server includes information about the machine that
the server is running onits name, operating system, total hard disk space, free hard
disk space, total RAM, number of CPUs, and local time. The general information
also includes the time the server started and the version number of the server.
This example shows the metrics for a Job Server that is running on a machine called
PBROWNSEYB.
For some servers, the Metrics tab includes additional server-specific information:
Input and Output File Repository Servers
The Metrics tab of each File Repository Server lists the root directory of the files
that the server maintains, indicates the maximum idle time, and displays the
number of active files and active client connections. It also lists the total
available hard disk space, as well as the number of bytes sent and received.
Each File Repository Server also has an Active Files tab, which lists the
filename, the number of readers, and the number of writers for each active file.
The Metrics tab of the Web Component Server (WCS) includes statistical data
about the requests that it handles. It lists the total number of requests, the
current number of requests, the total number of bytes sent, the average bytes
per request, the total time taken, and the average time taken per request. This
information is useful in determining how efficiently the WCS is handling the
requests that are sent to it.
197
Viewing current metrics
Cache Server
The Metrics tab of the Cache Server displays the maximum number of
processing threads, the maximum cache size, the minutes before an idle job is
closed, the minutes between refreshes from the database, whether or not the
database is accessed whenever a viewers file (object) is refreshed, the location
of the cache files, the total threads running, the number of requests served, the
number of bytes transferred, the cache hit rate, the number of current
connections, and the number of requests that are queued.
The Metrics tab also provides a table that lists the Page Servers that the Cache
server has connections to, along with the number of connections made to each
Page Server.
Event Server
The Metrics tab of the Event Server contains statistics on the files that the server
is monitoring. This tab includes a table showing the file name, the number of
clients using the event, and the last time the event occurred.
Page Server
The Metrics tab of the Page Server contains information on how the server is
running. It lists the maximum number of simultaneous processing threads, the
location of temporary files, the number of minutes before an idle job is closed,
the number of current connections, the number of requests queued, the current
number of processing threads running, the total number of requests served,
and the total bytes transferred.
Job Server
The Metrics tab of the Job Server lists the current number of jobs that are being
processed, the total number of requests received, the total number of failed job
creations, the processing mode, and the location of its temporary files.
APS
The Metrics tab of the APS lists only the general information about the machine
it is running on. The Properties tab, however, shows a list of users who have
active sessions on the system. Click any users link to view the associated
account details.
To view server metrics

1 Go to the Servers management area of the CMC.
2 Click the link to the server whose metrics you want to view.
3 Click the Metrics tab.
198
Viewing system metrics

The Settings management area of the CMC displays system metrics that provide
general information about your Crystal Enterprise installation. The Properties tab
includes information about the product version and build. It also lists the data
source, database name, and database user name of the APS database. The Metrics
tab lists current account activity, along with statistics about current and processed
jobs. The Cluster tab lists the name of the APS you are connected to, the name of
the APS cluster, and the names of other cluster members.
To view system metrics

2 View the contents of the Properties, Metrics, and Cluster tabs.
This example shows the system Properties for a Windows Crystal Enterprise
system whose APS database is named BrandNewAPSdb.
Related topics
For more information about licenses and account activity, see Licensing
overview on page 270.
For information about APS clusters, see Clustering Automated Process
Schedulers on page 204.
Viewing and changing the current status of servers

The status of a server is its current state of operation: a server can be started,
stopped, enabled, or disabled. To respond to Crystal Enterprise requests, a server
must be started and enabled. A server that is disabled is still running as a process;
however, it is not accepting requests from the rest of Crystal Enterprise. A server
that is stopped is no longer running as a process. This section shows how to modify
the status of servers with the CMC and the CCM.
199
Starting, stopping, and restarting servers

Starting, stopping, and restarting servers are common actions that you perform
when you configure servers or take them offline for other reasons. The remainder
of this chapter tells you when a certain configuration change requires that you first
stop or restart the server. However, because these tasks appear frequently, the
concepts and differences are explained first, and the general procedures are
provided for reference.
Action
Description
Stopping a server
You must stop Crystal Enterprise servers before you can

modify certain properties and settings.
Starting a server
If you have stopped a server to configure it, you need to

start it to effect your changes and to have the server
resume processing requests.
Restarting a server
Restarting a server is a shortcut to stopping a server

completely and then starting it again. You can change
certain settings without stopping the server; however, the
changes typically do not take effect until your restart the
server.
For example, if you want to change the name of an APS, or if you want to configure
the WCS to support NT Single Sign On, then you must first stop the server. Once
you have made your changes, you start the server again to effect your changes.
Tip: When you stop (or restart) a server, you terminate the servers Process ID,
thereby stopping the server completely. If you want to prevent a server from
receiving requests without actually stopping the server process, you can also enable
and disable servers. For details, see Enabling and disabling servers on page 201.
To start, stop, or restart servers over the Web

Note: You cannot stop the APS or the WCS over the Web. You must use the CCM
instead.
A list of servers appears. The icon associated with each server identifies its
status:
Running is indicated by a server with a green arrow.
Stopped is indicated by a server with a red arrow.
Disabled is indicated by a server with a red circle.
2 Select the check box for the server whose status you want to change.
3 Depending upon the action you need to perform, click Start, Stop, or Restart.
You may be prompted for network credentials that allow you to start and stop
services running on the remote machine.
200
To start, stop, or restart a Windows server with the CCM

1 Start the CCM.
2 Select the server that you want to start, stop, or restart.
3 On the toolbar, click the appropriate button.
Toolbar Icon
Action
Start the selected server.
Stop the selected server.
Restart the selected server.
You may be prompted for network credentials that allow you to start and stop
services running on the remote machine.
The CCM performs the action and refreshes the list of servers.
To start, stop, or restart a UNIX server with the CCM

Use the ccm.sh script. For reference, see ccm.sh on page 280.
Enabling and disabling servers

When you disable a Crystal Enterprise server, you prevent it from receiving and
responding to new Crystal Enterprise requests, but you do not actually stop the
server process. This is especially useful when you want to allow a server to finish
processing all of its current requests before you stop it completely.
For example, you may want to stop a Job Server before rebooting the machine it is
running on. However, you want to allow the server to fulfill any outstanding report
requests that are in its queue. First, you disable the Job Server so it cannot accept
any additional requests. Then, once it has finished processing current requests, you
can safely stop the server.
Note: The APS must be running in order for you to enable and/or disable other
servers.
To enable and disable servers over the Web

The icon associated with each server identifies its status. In this example, the
Event Server is disabled (but not stopped), and the remaining servers are
running and enabled.
201
2 Select the check box for the server whose status you want to change.
3 Depending upon the action you need to perform, click Enable or Disable.
To enable or disable a Windows server with the CCM

1 Start the CCM.
2 On the toolbar, click Enable/Disable.
3 When prompted, log on to your APS with the credentials that provide you
with administrative privileges to Crystal Enterprise.
4 Click Connect.
The Enable/Disable Servers dialog box appears.
This dialog box lists all of the Crystal Enterprise servers that are registered with
your APS. By default, servers running on remote machines are displayed as
MACHINE.servertype. So, in this example, LCONNORS02.eventserver is an Event
Server running on a remote machine called LCONNORS02. The server named Input
is the Input File Repository Server running on the local machine. In this
example, all of the listed servers are currently enabled.
202
5 To disable a server, clear the check box in the Server Name column.
This example disables all servers running on LCONNORS02.
6 Click OK to effect your changes and return to the CCM.
To enable or disable a UNIX server with the CCM

Use the ccm.sh script. For reference, see ccm.sh on page 280.
Printing, copying, and refreshing server status

When using the CCM on Windows, you can print and copy the properties of a
server, and refresh the list of servers.
To print the status of a server

1 Start the CCM.
2 Select the server(s).
3 Click Print.
The Print dialog box appears.
4 Click OK.
A brief listing of the servers properties is printed, including the Display Name,
Version, Command Line, Status, and so on.
To copy the status of a server

To email the status of a server, you can copy the details from the CCM to your
email application.
1 Start the CCM.
2 Select the server(s).
3 Click Copy.
4 Paste the information into your email message.
203
Configuring the intelligence tier
To refresh the list of servers

To ensure you are looking at the latest information, click Refresh.
Note: Disabled servers may not appear in this list. Click Enable/Disable to view a
list of servers and ensure that each is enabled.

This section includes technical information and procedures that show how you can
modify settings for the Crystal Enterprise servers that make up the intelligence
tier. If you are already familiar with the Crystal Enterprise architecture, you will
recognize this graphic representation of the intelligence tier.
The majority of the settings discussed here allow you to integrate Crystal Enterprise
more effectively with your current hardware, software, and network configurations.
Consequently, the settings that you choose will depend largely upon your own
requirements.
Note: This section does not show how to configure your web server with the Web
Connector, nor does it show how to set up effective communication between the
Web Connector and the Web Component Server. These tasks are typically
performed when you install Crystal Enterprise. For details, see the Crystal
Enterprise Installation Guide. For further troubleshooting, see Working with
Firewalls on page 259 and Path mapping overview on page 298.
Clustering Automated Process Schedulers

If you have a large or mission-critical implementation of Crystal Enterprise, you
will probably want to run several APS machines together in an APS cluster. An
APS cluster consists of two or more APS servers working together to maintain the
system database. If a machine that is running one APS fails, a machine with
another APS will continue to service Crystal Enterprise requests. This failover
204
support helps to ensure that Crystal Enterprise users can still access information
when there is equipment failure.
This section shows how to add a new APS cluster member to a production system
that is already up and running. When you add a new APS to an existing cluster,
you instruct the new APS to connect to the existing APS database and to share the
processing workload with any existing APS machines. For information about your
current APS and APS cluster, go to the Settings management area of the CMC and
click the Cluster tab.
Before clustering APS machines, note the following clustering requirements:
Run each APS cluster member on the same operating system.
Configure each machine similarly:
Install the same operating system service packs and patches.
Install the same version of Crystal Enterprise (including patches, if
applicable).
Ensure that each APS connects to the APS database in the same manner:
whether you use native or ODBC drivers, ensure that the drivers are the
same on each machine.
Check that each APS uses the same database user account and password to
connect to the APS database.
Run each APS service/daemon under the same account. (On Windows, the
default is the LocalSystem account.)
Install each and every APS cluster member on the same subnet.
If the database server is multihomed, add one of its valid IP addresses to the
hosts file on each APS machine. This ensures that each cluster member
communicates with the database on the same IP address, without relying upon
a WINS server for name to IP resolution.
Tip: By default, an APS cluster name reflects the name of the first APS that you
install, but the cluster name is prefixed by the @ symbol. For instance, if your
existing APS is called CRYSTALAPS, then the default cluster name is @CRYSTALAPS. To
modify the default name, see Changing the name of an APS cluster on page 208.
There are two ways to add a new APS cluster member. Follow the appropriate
procedure, depending upon whether or not you have already installed a second APS:
Installing a new APS and adding it to a cluster on page 206
See this section if you have not already installed the new APS on its own machine.
Adding an installed APS to a cluster on page 206
Follow this procedure if you have already installed a second, independent APS
on its own machine. While testing various server configurations, for instance,
you might have set up an independent Crystal Enterprise system with its own
APS. Follow this procedure when you want to incorporate this independent
APS into your production system.
Note: Back up your current APS database before making any changes. If
necessary, contact your database administrator.
205
Installing a new APS and adding it to a cluster

When you install a new APS, you can quickly cluster it with your existing APS.
Run the Crystal Enterprise installation and setup program on the machine where
you want to install the new APS cluster member. The setup program allows you to
perform an Expand installation. During the Expand installation, you specify the
existing APS whose system you want to expand, and you select the components
that want to install on the local machine. In this case, specify the name of the APS
that is running your existing system, and choose to install a new APS on the local
machine. Then provide the Setup program with the information it needs to connect
to your existing APS database. When the Setup program installs the new APS on
the local machine, it automatically adds the server to your existing APS cluster.
For complete information on running the Setup program and performing the
Expand installation, see the Crystal Enterprise Installation Guide.
Adding an installed APS to a cluster

In these steps, the independent APS refers to the one that you want to add to a
cluster. You will add the independent APS to your production APS cluster. By
adding an independent APS to a cluster, you disconnect the independent APS
from its own database and instruct it to share the system database that belongs to
your production APS.
Before starting this procedure, ensure that you have a database user account with
Create, Delete, and Update rights to the database storing the Crystal Enterprise
tables. Ensure also that you can connect to the database from the machine that is
running the independent APS (through your database client software or through
ODBC, according to your configuration).
Note: Back up your current APS database before beginning this procedure. If
To add an installed APS to a cluster on Windows

1 Use the CCM to stop the independent Crystal APS.
2 With the APS selected, click Specify APS Datasource on the toolbar.
The APS Database Setup dialog box appears.
206
3 Click Select a Data Source; then click OK.

4 In the Select Database Driver dialog box, specify whether you want to connect
to the production APS database through ODBC, or through one of the native
drivers.
5 Click OK.
6 The remaining steps depend upon the connection type you selected:
If you selected ODBC, the Windows Select Data Source dialog box
appears. Select the ODBC data source that corresponds to your production
APS database; then click OK. If prompted, provide your database
credentials and click OK. The CCM connects to the database server and
adds the new APS to the cluster.
If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Once you provide this
information, the CCM connects to the database server and adds the new
APS to the cluster.
The SvcMgr dialog box notifies you when the APS database setup is complete.
7 Click OK.
8 Start the Crystal APS.
To add an installed APS to a cluster on UNIX

Use the apsdbsetup.sh script. For reference, see apsdbsetup.sh on page 283.
207
Changing the name of an APS cluster

This procedure allows you to change the name of a cluster that is already installed
and running. To change the cluster name, you need only stop one of the APS
cluster members. The remaining APS cluster members are dynamically notified
of the change.
To change the cluster name on Windows

1 Use the CCM to stop any Crystal APS that is a member of the cluster.
2 With the APS selected, click Properties on the toolbar.
3 Click the Configuration tab.
4 Select the Change Cluster Name to check box.
5 Type the new name for the cluster.
6 Click OK and then start the Crystal APS.
The APS cluster name is now changed. All other APS cluster members are
dynamically notified of the new cluster name.
7 Go to the Servers management area of the CMC and check that all of your
servers remain enabled. If necessary, enable any servers that have been
disabled by your changes.
To change the cluster name on UNIX

Copying APS data from one database to another

Crystal Enterprise enables you to copy the contents of one APS database into
another database. This procedure is also referred to as migrating an APS database.
You can migrate APS data from a different APS database (version 8.0 or 8.5 of
Crystal Enterprise) into your current APS database. Or, you can migrate the data
from your current APS database into a different data source.
Note: Throughout these procedures, the source APS database refers to the data that
you are copying; this data is copied into the destination database. The destination
database is initialized before the new data is copied in, so any existing contents of
the destination database are permanently deleted (all Crystal Enterprise tables are
destroyed permanently and then recreated). Once the data has been copied, the
destination database is established as the current database for the APS.
208
To copy APS data from a different APS database (version 8.0 or 8.5 of Crystal
Enterprise) into your current APS database, follow the procedure that corresponds
to your operating system and to the version of Crystal Enterprise whose data you
want to copy. In this scenario, your current APS database is the destination database
whose tables are deleted before they are replaced with the copied data:
Copying data from a Crystal Enterprise 8.5 APS on Windows
Copying data from a Crystal Enterprise 8 APS on Windows on page 211
Copying data from a Crystal Enterprise 8.5 APS on UNIX on page 212
To copy the current APS database from one database server to another, follow the
procedure that corresponds to your operating system. This is also the procedure to
follow if you want to move the default APS database (on Windows) from the
Microsoft Database Engine (MSDE) to a dedicated database server, such as
Microsoft SQL Server or Oracle. In this scenario, your current APS database is the
source environment. Its contents are copied to the destination database, which is
then established as the active database for the APS:
Copying data from a Crystal Enterprise 8.5 APS on Windows on page 209
Copying data from a Crystal Enterprise 8 APS on Windows on page 211
Before starting these procedures, ensure that you have a database user account
with Create, Delete, and Update rights to the database storing the Crystal
Enterprise tables. Ensure also that you can connect to both databasesthrough
your database client software or through ODBC, according to your
configurationfrom the APS machine whose database you are replacing.
Note:
When you copy data from one database to another, the destination database is
initialized before the new data is copied in. Thus, any existing contents of the
destination database are permanently deleted. (If the APS database is stored in
Oracle, all the Crystal Enterprise tables are deleted.)
Back up both APS databases before beginning this procedure. If necessary,
contact your database administrator.
When you migrate an APS database, none of the objects on the system (report
objects, report instances, folders, and so on) are actually moved. If you want to
import users, groups, folders, and reports from one system to another, see
Importing with the Crystal Import Wizard on page 89.
Copying data from a Crystal Enterprise 8.5 APS on Windows

1 Use the CCM to stop the Crystal APS.
209
3 Click Copy data from another Data Source; then click OK.
The Specify Data Source dialog box appears.
4 Click Crystal Enterprise 8.5.

You must now specify the source APS database whose contents you want to
copy.
5 Click Specify.
to the source APS database through ODBC, or through one of the native
drivers.
7 Click OK.
8 The next steps depend upon the connection type you selected:
appears. Select the ODBC data source that corresponds to the source APS
database; then click OK. If prompted, provide your database credentials
and click OK.
If you selected a native driver, provide your database Server Name, your
Login ID, and your Password; then click OK.
You are returned to the Specify Data Source dialog box. You must now specify
the destination APS database whose contents you want to replace with the
copied data.
Tip: If the correct destination database already appears in the Copy to the
following data source field, proceed to step 13.
9 Click Browse.
to the destination APS database through ODBC, or through one of the native
drivers.
11 Click OK.
210
appears. Select the ODBC data source that corresponds to the destination
credentials and click OK.
You are returned to the Specify Data Source dialog box. You are now ready to
copy the APS data.
13 Click OK and, when prompted to confirm, click Yes.
14 Click OK.
Copying data from a Crystal Enterprise 8 APS on Windows

Note: When you copy a version 8 APS database, the database and database
schema are upgraded to version 8.5.
3 Click Copy data from another Data Source; then click OK.
The Specify Data Source dialog box appears.
4 Click Crystal Enterprise 8.

You must now specify the source APS database whose contents you want to
copy.
5 Click Specify.
211
6 In the Browse data dialog box, click one of the following:

APS machine name
Click this option if you have administrative rights to the Crystal Enterprise
8 APS machine. Your administrative rights allow the CCM to read the data
source information from the Windows Registry on the APS machine. Click
OK and use the Browse for Computer dialog box to specify the APS
machine.
APS ODBC data source
Click this option if you do not have administrative rights to the Crystal
Enterprise 8 APS machine. Use the Windows Select Data Source dialog
box to select (or create) an ODBC data source that provides the local
machine with access to the Crystal Enterprise 8 APS database. If prompted,
provide your database credentials and click OK.
You are returned to the Specify Data Source dialog box. You must now specify
the destination APS database whose contents you want to replace with the
copied data.
Tip: If the correct destination database already appears in the Copy to the
following data source field, proceed to step 11.
7 Click Browse.
to the destination APS database through ODBC, or through one of the native
drivers.
9 Click OK.
appears. Select the ODBC data source that corresponds to the destination
credentials and click OK.
You are returned to the Specify Data Source dialog box. You are now ready to
copy the APS data.
12 Click OK.
Copying data from a Crystal Enterprise 8.5 APS on UNIX

212
Deleting and recreating the APS database

This procedure shows how to recreate (re-initialize) the current APS database. By
performing this task, you destroy all data that is already present in the database.
This procedure is useful, for instance, if you have installed Crystal Enterprise in a
development environment for designing and testing your own, custom web
applications. You can re-initialize the APS database in your development
environment every time you need to clear the system of absolutely all its data.
Note:
Back up your current APS database before beginning this procedure. If
After recreating the APS database, you will have to enter your license keys
again. Log on to the CMC with the default Administrator account (which will
have been reset to have no password). Go to the Authorization management
area and enter your information on the License Keys tab.
To recreate the APS database on Windows

3 In the APS Database Setup dialog box, click Recreate the current Data Source.
5 Click OK.
You are returned to the CCM.
While it is starting, the APS writes required system data to the newly emptied
data source. You may need to click the Refresh button in the CCM to see that
the APS has successfully started.
To recreate the APS database on UNIX

Selecting a new or existing APS database

Follow this procedure if you want to disconnect an APS from its current database
and connect it to an alternate database. When you complete these steps, none of the
data in the current database is copied into the alternate database. If the alternate
database is empty, the CCM initializes it by writing system data that is required by
Crystal Enterprise. If the alternate database already contains Crystal Enterprise
system data, the APS uses that data when it starts.
213
Generally, there are only a few times when you need to complete these steps:
If you have changed the password for the current APS database, these steps
allow you to disconnect from, and then reconnect to, the current database.
When prompted, you can provide the APS with the new password.
If you want to select and initialize an empty database for Crystal Enterprise,
these steps allow you to select that new data source.
If you have restored an APS database from backup (using your standard
database administration tools and procedures) in a way that renders the
original database connection invalid, you will need to reconnect the APS to the
restored database. (This might occur, for instance, if you restored the original
APS database to a newly installed database server.)
Note: These steps are essentially the same as adding an APS to an existing cluster;
in this case, however, there are no other APS machines already maintaining the
database. For complete details about APS clusters, see Clustering Automated
Process Schedulers on page 204.
To select a new or existing database for an APS on Windows

The APS Database Setup dialog box appears.
3 Click Select a Data Source; then click OK.

to the new database through ODBC, or through one of the native drivers.
5 Click OK.
214
6 The remaining steps depend upon the connection type you selected:
appears. Select the ODBC data source that you want to use as the APS
database; then click OK. (Click New to configure a new DSN.) When
prompted, provide your database credentials and click OK.
If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Provide this information and
then click OK.
7 Click OK.
To select a new or existing database for an APS on UNIX

Setting root directories and idle times of the File Repository Servers
The Properties tabs of the Input and Output File Repository Servers enable you to
change the locations of the default root directories. These root directories contain
all of the report objects and instances on the system. You may change these settings
if you want to use different directories after installing Crystal Enterprise, or if you
upgrade to a different drive (thus rendering the old directory paths invalid).
Note:
The Input and Output File Repository Servers must not share the same root
directory, because modifications to the files and subdirectories belonging to
one server could have adverse effects on the other server. In other words, if the
Input and Output File Repository Servers share the same root directory, then
one server might damage files belonging to the other.
The root directory should be on a drive that is local to the server.
You can also set the maximum idle time of each File Repository Server. This setting
limits the length of time that the server waits before it closes inactive connections.
To modify settings for a File Repository Server

2 Click the Input or Output link, depending upon which File Repository Server
you want to change.
215
3 Make your changes on the Properties tab.

In this example, the Input File Repository Server is set to use D:\InputFRS\ as its
root directory. The server will remain idle for a maximum of 15 minutes.
4 Click either Apply or Update:

Click Apply to submit changes and restart the server so that the changes
take effect immediately.
Click Update to save the changes. You must restart the server for the
changes to take effect.
Modifying Cache Server performance settings

The Properties tab of the Cache Server allows you to set the location of the cache
files, the maximum cache size, the maximum number of simultaneous processing
threads, the number of minutes before an idle job is closed, and the number of
minutes between refreshes from the database.
The Location of the Cache Files setting specifies the absolute path to the
directory on the Cache Server machine where the cached report pages (.epf files)
are stored.
Note: The cache directory should be on a drive that is local to the server.
The Maximum Cache Size Allowed setting limits the amount of hard disk space
(in KBytes) that is used to cache reports. When the Cache Server has to handle large
numbers of reports, or reports that are especially complex, a larger cache size is
needed. Generally, the larger you make the cache size, the better it is able to perform.
The Maximum Simultaneous Processing Threads setting limits the number of
concurrent reporting requests that the Cache Server processes. The default value is
acceptable for most, if not all, reporting scenarios. The ideal setting for your
reporting environment, however, is highly dependent upon your hardware
configuration, your database software, and your reporting requirements. Thus, it
is difficult to discuss the recommended or optimum settings in a general way. It is
216
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
The Minutes Before an Idle Job is Closed setting alters the length of time that the
Cache Server waits for further requests from an idle connection. Before you change
this setting, it is important to understand that setting a value too low can cause a
users request to be closed prematurely, and setting a value that is too high can
cause requests to be queued while the server waits for idle jobs to be closed.
The Minutes Between Refreshes from Database setting determines how long
cached report pages are used before new data is requested from the database.
Generally, the default value is acceptable: as with other performance settings, the
optimal value is largely dependent upon your reporting requirements.
To modify Cache Server performance settings

2 Click the link to the Cache Server whose settings you want to change.
In this example, the Cache Server retains most of the default settings, but the
Maximum Simultaneous Processing Threads is decreased to 50.

217
Modifying the polling time of the Event Server

The Properties tab of the Event Server allows you to change the frequency with
which the Event Server checks for file events. This File Polling Interval setting
determines the number of seconds that the server waits between polls. The minimum
value is 1 (one). It is important to note that, the lower the value, the more resources
the server requires.
Tip: On Windows, you can also change this setting in the CCM. Stop the Event
Server and view its Properties. Then click the Configuration tab.
To modify the polling time

2 Click the link to the Event Server whose settings you want to change.
The value that you type must be 1 or greater.
Modifying logging behavior of the Web Component Server

The Properties tab of the Web Component Server (WCS) allows you to specify the
location of its log files and the types of information that it logs for each Crystal
Enterprise web request.
The web attributes that you can audit include: Date, Time, IP address and port,
Duration, Bytes transferred, Used cache, Method, URI, URI-stem, URI-query, and
Status. There are no performance penalties for logging this information. It is
recommended that you leave logging enabled.
To change the logging behavior of the WCS

2 Click the link to the WCS whose settings you want to change.
218
This example shows the Logging area of the Properties tab. Here, the log files
are saved to the default file location for a WCS that is running on Windows.

Modifying report viewing and viewer options

The Properties tab of the WCS allows you to modify report viewing settings that
affect all users on the system. You can change the default directory where the WCS
stores its temporary image files. And you can customize the look and feel of the
different viewer controls to suit users preferences or to suit your administrative
requirements.
Tip: On Windows, you can also change some of these settings in the CCM. Stop the
WCS and view its Properties. Then click the Configuration tab.
This table lists the properties that you can change for each of the viewer controls.
Viewer Property
DHTML Viewer
ActiveX Viewer
Java Viewer
Drilldown for more

detail
Supported
Supported
Supported
Hide the Group Tree

(if it is displayed)
Supported
Supported
Supported
Group Tree
Not Supported
Supported
Supported
Refresh Report data
Not Supported
Supported
Supported
Search the Report
Not Supported
Supported
Supported
Export the Report
Not Supported
Supported
Supported
Zoom
Not Supported
Supported
Supported
Print the Report
Not Supported
Supported
Supported
219
Viewer Property
DHTML Viewer
ActiveX Viewer
Java Viewer
Product logo
(if applicable)
Not Supported
Supported
Supported
Report Navigation
toolbar
Supported
Not Supported
Not Supported
Tip: On the Properties tab, use the NT Single Sign On check box only when you are
running more than one WCS. (If you are running a single WCS, use the CCM
instead.) This feature requires your web server to support NT Challenge/
Response or Integrated Windows Authentication. For more information on NT
Single Sign On, see Setting up NT Single Sign On on page 52.
To modify report viewing and viewer settings

2 Click the link to the WCS whose settings you want to change.
This example shows the Report Viewing area of the Properties tab. Here, the
WCS is using the default values.

220
Configuring the processing tier

This section includes technical information and procedures that show how you can
modify settings for the Crystal Enterprise servers that make up the processing tier.
The processing tier includes one or more Job Servers and one or more Page Servers.
The majority of the settings discussed here allow you to integrate Crystal
Enterprise more effectively with your current hardware, software, and network
configurations. Consequently, the settings that you choose will depend largely
upon your own requirements.
Modifying Page Server performance settings

The Properties tab of the Page Server lets you set the location of temporary files,
the maximum simultaneous processing threads, and the number of minutes before
an idle job is closed.
The Location of Temp Files setting specifies the absolute path to a directory on
the Page Server machine.This directory must have plenty of free hard disk space.
If not enough disk space is available, job processing may be slower than usual, or
job processing may fail.
The Maximum Simultaneous Processing Threads setting limits the number of
concurrent reporting requests that any single Page Server processes. The default
value is acceptable for most, if not all, reporting scenarios. The ideal setting for
your reporting environment, however, is highly dependent upon your hardware
configuration, your database software, and your reporting requirements. Thus, it
is difficult to discuss the recommended or optimum settings in a general way. It is
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
The Minutes Before an Idle Job is Closed setting alters the length of time that the
Page Server waits for further requests from an idle connection. Before you change
this setting, it is important to understand that setting a value too low can cause a
users request to be closed prematurely, and setting a value that is too high can
cause requests to be queued while the server waits for idle jobs to be closed.
221
To modify Page Server performance settings

2 Click the link to the Page Server whose settings you want to change.
In this example, the Maximum Simultaneous Processing Threads is increased
to 80.

Modifying the number of jobs per Job Server

By default, the Job Server runs jobs as independent processes rather than as
threads. This method allows for more efficient processing of large, complex reports.
The Maximum Jobs Allowed setting limits the number of concurrent
independent processes (child processes) that the Job Server allowsthat is, it limits
the number of scheduled reports that the Job Server will process at any one time.
You can tailor the maximum number of jobs to suit your reporting environment.
The default Maximum Jobs Allowed setting is acceptable for most, if not all,
reporting scenarios. The ideal setting for your reporting environment, however, is
highly dependent upon your hardware configuration, your database software, and
your reporting requirements. Thus, it is difficult to discuss the recommended or
optimum settings in a general way. It is recommended that you contact your
Crystal Decisions, Inc. sales representative and request information about the
Crystal Enterprise Sizing Guide. A Crystal Services consultant can then assess your
reporting environment and assist you in customizing these advanced
configuration and performance settings.
222
To modify the number of jobs

2 Click the link to the Job Server whose settings you want to change.
4 Click Update.
5 Return to the Servers management area of the CMC and restart the Job Server.
Setting default scheduling destinations for Job Servers

By default, when users schedule reports, the report instances are saved to the
Output File Repository Server. However, Crystal Enterprise also allows users to
specify other output destinations for scheduled reports. The supported output
destinations are unmanaged disk, FTP, and email (Simple Mail Transfer Protocol,
or SMTP). This section shows how to set up destination support on the Job Servers.
You must perform these tasks in order to enable the schedule to destinations
features offered by Crystal Enterprise.
For complete information about scheduling reports to particular destinations, see
Selecting a destination on page 166.
Setting the default disk destination

3 On the Destinations tab, click the Crystal Enterprise.DiskUnmanaged link.
4 On the Properties tab, set the default values to be used at schedule time:
Type the absolute path to the directory. The directory can be on a local
drive of the Job Server machine, or on any other machine that you can
specify with a UNC path.
name.
Specified File Name
Select this option if you want to specify a file nameyou can also add a
variable property from the list and click Add. When each instance runs, the
variable is replaced with the appropriate information. For example, when
you add the variable Owner, the file name of each report includes the
report owners name.
User Name
Specify a user who has permission to write files to the destination directory.
223
Password
Type the password for the user.
In this example, the destination directory is on a network drive that is accessible
to the Job Server machine through a UNC path. Each file name will be
randomly generated, and a user name and password have been specified to
grant the Job Server permission to write files to the remote directory.
5 Click Update.
Setting the default FTP destination

3 On the Destinations tab, click the Crystal Enterprise.Ftp link.
4 On the Properties tab, set the default values to be used at schedule time:
Host
Enter your FTP host information.
Port
Enter the FTP port number (the standard FTP port is 21).
FTP User Name
Specify a user who has the necessary rights to upload a report to the FTP
server.
FTP Password
Enter the users password.
224
Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
Enter the FTP directory that you want the report to be saved to. A relative
path is interpreted relative to the root directory on the FTP server.
name.
Specified File Name
In this example, all of the required FTP information is provided. Reports
scheduled to this destination are randomly named and uploaded to the
ftp.crystaldecisions.com site.
5 Click Update.
Setting the default email (SMTP) destination

3 On the Destinations tab, click the Crystal Enterprise.Smtp link.
225
4 On the Properties tab, complete these required fields with the information that
corresponds to your SMTP server:
Domain Name
Enter the fully qualified domain of the SMTP server.
Server Name
Enter the name of the SMTP server.
Port
Enter the port that the SMTP server is listening on. (This standard SMTP
port is 25.)
Authentication
Select Plain or Login if the Job Server must be authenticated using one of
these methods in order to send email.
SMTP User Name
Provide the Job Server with a user name that has permission to send email
and attachments through the SMTP server.
SMTP Password
Provide the Job Server with the password for the SMTP server.
From
Provide the return email address.
In this example, the SMTP server resides in the crystaldecisions.com domain.
Its name is EMAIL_SERV and it is listening on the standard SMTP port. Plain text
authentication is being used, and an account called CrystalJobAccount has been
created on the SMTP server for use by the Job Server.
5 Complete the optional email fields (To, Cc, Subject, and Message) if you want
to set default values for users who schedule reports to this SMTP destination.
Note: Users can override these defaults with their own values when they
schedule reports to this SMTP destination.
6 Select one of these required fields to specify file names:
name.
226
Specified File Name

7 Click Update.
Configuring Windows processing servers for your data source

When started on Windows, Job Servers and Page Servers by default log on to the
local system as services with the Windows NT/2000 LocalSystem account. This
account determines the permissions that each service is granted on the local
machine. This account does not grant the service any network permissions.
In the majority of cases, this account is irrelevant in relation to the servers task of
processing reports against your data source. (The database logon credentials are
stored with the report object.) Thus, you can usually leave each servers default
logon account unchanged or, if you prefer, you can change it to a Windows user
account with the appropriate permissions.
However, there are certain cases when you must change the logon account used by
the Job Servers and Page Servers. These cases arise either because the server needs
additional network permissions to access the database, or because the database
client software is configured for a particular Windows user account. This table lists
the various database/driver combinations and shows when you must complete
additional configuration.
Tip: If your reports require ODBC connections, set up identical System Data Source
Names (DSNs) on each machine that is running a Job Server or a Page Server.
Ensure that each of these DSNs matches the DSN that was used when the report
was designed.
Database
Driver
Oracle
None
Native
ODBC (CROR8)
OLE DB
Sybase
Native
ODBC (CRSYB)
None
Lotus
Domino
Native
None
Microsoft
SQL Server
Native
ODBC (CRSS)
OLE DB
If you use SQL Servers Trusted Connection setting, change

each servers log on account to a Windows user account that
has permissions within the database. (In this case, the database
logon credentials stored with the report object should be blank.)
DB2
Native
None
Additional Configuration Required
227
Database
Driver
Additional Configuration Required
DB2
ODBC (CRDB2) For on-demand viewing, configure the Page Server to close
idle jobs after one minute, thereby allowing other users to
access the database. For details, see Modifying Page Server
performance settings on page 221.
Tip: IBM offers several client applications for connecting to DB2.
The recommended client is IBM DB2 Direct Connect, whose
ODBC drivers were written for actual programmatic interaction
with products like Crystal Enterprise. See the Crystal Care
Knowledge Base for discussions of this and other DB2 clients.
Informix
Native
Change the log on account for each Job Server/Page Server

to the account under which the Informix client was installed.
Add the Informix bin directory to the System Path (for
example, C:\Informix\bin) environment variable.
Informix
ODBC
(CRINF9)
Change the log on account for each Job Server/Page Server

to the Windows user account under which the Informix
client was installed.
For on-demand viewing, configure the Page Server to close
idle jobs after one minute, thereby allowing other users to
access the database. For details, see Modifying Page Server
performance settings on page 221.
Microsoft
Exchange
PC databases
(Btrieve,
Microsoft
Access,
Paradox,
XML)
Ensure that the Exchange profile is set up on the local

machine.
Change the log on account of each Job Server/Page Server
to the Windows user account that has access to the mailbox
in which the report data is located.
Native, ODBC
If the database is installed on the servers local machine, no

additional configuration is required.
If the Job Server/Page Server must access the database over
the network, change the servers log on account to a
Windows domain user account that has the appropriate
network permissions. Ensure that the account has READ
access to the shared resource.
Tip: Running a service under an Administrator account does not inadvertently grant
administrative privileges to another user, because users cannot impersonate services.
To change a processing servers logon account

1 Use the CCM to stop the Job Server or Page Server.
2 Click Properties.
3 Clear the System Account check box.
228
4 Enter the Windows NT/2000 user name and password information.

When started, the server process will log on to the local machine with this user
account. In addition, all reports processed by this server will be formatted using
the printer settings associated with the user account that you enter.
5 Click Apply, and then click OK.
6 Start the server.
Note: Repeat this procedure for each Job Server and Page Server that needs to
access the database.
Configuring UNIX processing servers for your data source

The Job Server and Page Server support native and ODBC connections to a number
of reporting databases. This section discusses the environment variables, software,
and configuration files that must be available to the servers in order for them to
process reports successfully. Whether your reports use native or ODBC drivers,
ensure that the reporting environment configured on the server accurately reflects
the reporting environment configured on the Windows machine that you use
when designing reports with Crystal Reports.
See the Platforms.txt file included with your product distribution for a complete
list of tested database software and version requirements.
Native drivers
If you design reports using native drivers, you must install the appropriate database
client software on each Job Server and/or Page Server machine that will process the
reports. The server loads the client software at runtime in order to access the database
that is specified in the report. The server locates the client software by searching the
library path environment variable that corresponds to your operating system
(LD_LIBRARY_PATH on Sun Solaris, LIBPATH on IBM AIX, and so on), so this variable
must be defined for the login environment of each Job Server and Page Server.
Depending on your database, additional environment variables may be required
for the Job Server and Page Server to use the client software. These include:
Oracle
The ORACLE_HOME environment variable must define the top-level directory of
the Oracle client installation.
Sybase
The SYBASE environment variable must define the top-level directory of the
Sybase client installation. The SYBPLATFORM environment variable must define
the platform architecture.
DB2
The DB2INSTANCE environment variable must define the DB2 instance that is
used for database access. Use the DB2 instance initialization script to ensure
that the DB2 environment is correct.
229
Note: For complete details regarding these and other required environment
variables, see the documentation included with your database client software.
As an example, suppose that you are running reports against both Sybase and
Oracle. The Sybase database client is installed in /opt/sybase, and the Oracle client
is installed in /opt/oracle/app/oracle/product/8.0.3. You installed Crystal
Enterprise under the crystal user account (as recommended in the Crystal
Enterprise Installation Guide).
If the crystal users default shell is a C shell, add these commands to the crystal
users login script:
setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8.0.3/lib:opt/sybase/
lib:$LD_LIBRARY_PATH
setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.0.3
setenv SYBASE /opt/sybase
setenv SYBPLATFORM sun_svr4
If the crystal users default shell is a Bourne shell, modify the syntax accordingly:
LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8.0.3/lib:opt/sybase/
lib:$LD_LIBRARY_PATH;export LD_LIBRARY_PATH
ORACLE_HOME=/opt/oracle/app/oracle/product/8.0.3;export ORACLE_HOME
SYBASE=/opt/sybase;export SYBASE
SYBPLATFORM=sun_svr4;export SYBPLATFORM
ODBC drivers
If you design reports off ODBC data sources (on Windows), you must set up the
corresponding data sources on the Job Server and Page Server machines. In
addition, you must ensure that each server is set up properly for ODBC. During
the installation, Crystal Enterprise installs ODBC drivers for UNIX, creates
configuration files and templates related to ODBC reporting, and sets up the
required ODBC environment variables. This section discusses the installed
environment, along with the information that you need to edit.
Note:
Detailed documentation covering the various ODBC drivers is included in the
Merant Connect ODBC Reference (odbcref.pdf). This is installed below the
crystal/enterprise/platform/odbc directory; it is also located in the doc
directory of your product distribution.
If you report off DB2 using ODBC, your database administrator must first bind
the UNIX version of the driver to every database that you report against (and
not just each database server). The bind packages are installed below the
crystal/enterprise/platform/odbc/lib directory; their filenames are
iscsso.bnd, iscswhso.bnd, isrrso.bnd, isrrwhso.bnd, isurso.bnd, and
isurwhso.bnd. Because Crystal Reports runs on Windows, ensure also that the
Windows version of the driver has been bound to each database.
230
ODBC environment variables

The environment variables related to ODBC reporting are: the library path that
corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris, LIBPATH on
IBM AIX, and so on), ODBC_HOME, and ODBCINI. The Crystal Enterprise installation
includes a file called env.csh that is sourced automatically every time you start the
Crystal Enterprise servers with the CCM. Thus, the environment for the Job Server
and Page Server is set up automatically:
The INSTALL_ROOT/crystal/enterprise/platform/odbc/lib directory of your
installation is added to the library path environment variable.
The ODBC_HOME environment variable is set to the INSTALL_ROOT/crystal/
enterprise/platform/odbc directory of your installation.
The ODBCINI environment variable is defined as the path to the .odbc.ini file
that was created by the Crystal Enterprise installation.
Modify the environment variables in the env.csh script only if you have
customized your configuration of ODBC. The main ODBC configuration file that
you need to modify is the system information file.
Working with the ODBC system information file
The system information file (.odbc.ini) is created in the HOME directory of the user
account under which you installed Crystal Enterprise (typically the crystal user
account). In this file, you define each of the ODBC data sources (DSNs) that the Job
Server and Page Server need in order to process your reports. The Crystal
Enterprise installation completes most of the required informationsuch as the
location of the ODBC directory and the name and location of each installed ODBC
driverand shows where you need to provide additional information.
Tip: A template of the system information file is installed to INSTALL_ROOT/
crystal/defaultodbc.ini
The following example shows the contents of a system information file that defines
a single ODBC DSN for servers running on UNIX. This DSN allows the Job Server
and Page Server to process reports based on a System DSN (on Windows) called
CRDB2:
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
[CRDB2]
Driver=/opt/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=myDB2server
LogonID=username
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/opt/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/opt/crystal/enterprise/platform/odbc
231
As shown in the example above, the system information file is structured in three
major sections:
The first section, denoted by [ODBC Data Sources], lists all the DSNs that are
defined later in the file. Each entry in this section is provided as dsn=driver,
and there must be one entry for every DSN that is defined in the file. The value
of dsn must correspond exactly to the name of the System DSN (on Windows)
that the report was based off.
The second section sequentially defines each DSN that is listed in the first
section. The beginning of each definition is denoted by [dsn]. In the example
above, [CRDB2] marks the beginning of the single DSN that is defined in the file.
Each DSN is defined through a number of option=value pairs. The options that
you must define depend upon the ODBC driver that you are using. These pairs
essentially correspond to the Name=Data pairs that Windows stores for each
System DSN in the registry:
\\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc.ini\dsn
However, the options for a particular ODBC driver on UNIX may not
correspond by name to the options available for a Windows version of the same
driver. For example, some Windows drivers store a UID value in the registry,
and on UNIX you may need to specify this value with the LogonID option.
Note: For detailed documentation on each ODBC driver, see the Merant
Connect ODBC Reference (odbcref.pdf). The PDF is installed below the crystal/
enterprise/platform/odbc directory; it is also located in the doc directory of
your product distribution.
The final section of the file, denoted by [ODBC], includes ODBC tracing
information. You need not modify this section.
When the installation creates the system information file, it completes some fields
and sets up a number of default DSNsone for each of the installed ODBC drivers.
The standard options that are commonly required for each driver are included in
the file (Database=, LogonID=, and so on). Edit the file and provide the
corresponding values that are specific to your reporting environment.
This example shows the entire contents of a system information file created when
Crystal Enterprise was installed to the /usr/local directory.
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
CRINF_CL=MERANT 3.70 Informix Dynamic Server ODBC Driver
CROR8=MERANT 3.70 Oracle8 ODBC Driver
CRSS=MERANT 3.70 SQL Server ODBC Driver
CRSYB=MERANT 3.70 Sybase ASE ODBC Driver
CRTXT=MERANT 3.70 Text ODBC Driver
[CRDB2]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=
LogonID=
232
[CRINF_CL]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crifcl16.so
Description=MERANT 3.70 Informix Dynamic Server ODBC Driver
ServerName=
HostName=
PortNumber=
Database=
LogonID=
[CROR8]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=
ProcedureRetResults=1
LogonID=
[CRSS]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crmsss16.so
Description=MERANT 3.70 SQL Server ODBC Driver
Address=
Database=
QuotedId=Yes
LogonID=
[CRSYB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crase16.so
Description=MERANT 3.70 Sybase ASE ODBC Driver
NetworkAddress=
Database=
LogonID=
[CRTXT]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crtxt16.so
Description=MERANT 3.70 Text ODBC Driver
Database=
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/usr/local/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/usr/local/crystal/enterprise/platform/odbc
Adding a DSN to the default ODBC system information file

When you need to add a new DSN to the installed system information file
(.odbc.ini) file, first add the new DSN to the bottom of the [ODBC Data Sources]
list. Then add the corresponding [dsn] definition just before the [ODBC] section.
233
Logging server activity
For example, suppose that you have a Crystal report that uses ODBC drivers to
report off your Oracle8 database. The report is based off a System DSN (on
Windows) called SalesDB. To create the corresponding DSN, first append this line
to the [ODBC Data Sources] section of the system information file:
SalesDB=MERANT 3.70 Oracle8 ODBC Driver
Then define the new DSN by adding the following lines just before the system
information files [ODBC] section:
[SalesDB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=MyServer
ProcedureRetResults=1
LogonID=MyUserName
Once you have added this information, the new DSN is available to the Job Server
and Page Server, so they can process reports that are based off the SalesDB System
DSN (on Windows).
Logging server activity

Crystal Enterprise allows you to log specific information about Crystal Enterprise
web activity. For details on locating and customizing the web activity logs, see
Modifying logging behavior of the Web Component Server on page 218.
In addition, each of the Crystal Enterprise servers is designed to log messages to
your operating systems standard system log:
On Windows NT/2000, Crystal Enterprise logs to the Event Log service. You
can view the results with the Event Viewer (in the Application Log).
On UNIX, Crystal Enterprise logs to the syslog daemon as a User application.
Each server prepends its name and PID to any messages that it logs.
This example shows two messages logged to the syslog daemon on UNIX:
234
Each server also logs assert messages to the logging directory of your product
installation. The programmatic information logged to these files is typically useful
only to Crystal Decisions support staff for advanced debugging purposes. The
location of these log files depends upon your operating system:
On Windows, the default logging directory is C:\Program Files\Crystal
Decisions\Logging
On UNIX, the default logging directory INSTALL_ROOT/crystal/logging

directory of your installation.
The important point to note is that these log files are cleaned up automatically, so
there will never be more than approximately 1 MB of logged data per server. If you
need to reduce the size of these log files for a particular server, or if you want to
eliminate the log files entirely, stop the server and add the following command to
the servers command line:
-maxlogfilesize <# of bytes>
Replace <# of bytes> with 0 (zero) to eliminate the log files. The procedure for
making this modification depends upon your operating system:
On Windows, use the CCM to stop the server. Then open the servers Properties
to modify the command line. Start the server again when you have finished.
On UNIX, run ccm.sh to stop the server. Then edit ccm.config to modify the
servers command line. Start the server again when you have finished. For
reference, see ccm.sh on page 280.
Advanced server configuration options

This section includes additional configuration tasks that you may want to perform,
depending upon your reporting environment.
Changing the default server port numbers

During installation, the APS and the WCS are set up to use default port numbers.
The default APS port number is 6400, and the default WCS port number is 6401.
These ports fall within the range of ports reserved by Crystal Decisions, Inc. (6400
to 6410). Thus, Crystal Enterprise communication on these ports should not
conflict with third-party applications that you have in place. (Although unlikely, it
is possible that your custom applications use these ports. If so, you can change the
default APS and WCS ports.)
When started and enabled, each of the other Crystal Enterprise servers dynamically
binds to an available port (higher than 1024), registers with this port on the APS,
and then listens for Crystal Enterprise requests. If necessary, you can instruct each
server component to listen on a specific port (rather than dynamically selecting any
available port).
235
On Windows, you view and modify server command lines with the CCM. The
Command field appears on each servers Properties tab. On UNIX, you view and
modify server command lines (also referred to as launch strings) in the ccm.config
file, which is installed in the crystal directory.
This table summarizes the command-line options as they relate to port usage for
specific server types.
Option
APS
WCS
Other Servers
-port
Specifies the primary

Crystal Enterprise
port on which the APS
listens for requests
from all other servers.
The default is 6400.
Specifies the port on which

the WCS listens for web
requests from the Web
Connector. The default is
6401.
Used only in multihomed

environments or for certain
NAT firewall environments.
In both cases, specify -port
interface:portnumber (and
not just -port number).

the WCS listens for replies
from the APS and the other
servers. The WCS registers
this port with the APS.
Selected dynamically if
unspecified.

the server listens for Crystal
Enterprise requests. The
server registers this port with
the APS. Selected
dynamically if unspecified.
Specifies the APS that the

WCS will register with.
Specifies the APS that the

WCS will register with.
-requestPort Specifies the
secondary port that

the APS uses for
identifying other
servers and for
registering with itself
and/or a cluster.
Selected dynamically
if unspecified.
-ns
n/a
Before modifying any port numbers, consider the following:

If you change the default APS port number, you must change the -ns option in
every other servers command line, to ensure that each server connects to the
appropriate port of the APS. (The -ns option stands for nameserver. The
APS functions as the nameserver in Crystal Enterprise, because it maintains a
list that includes the host name and port number of each server that is started,
enabled, and thus available to accept Crystal Enterprise requests.)
If you change the default WCS port number, you must make corresponding
changes to the mapping that allows the Web Connector to communicate with
the WCS. For information about configuring your Web Connector and any of
your web server configuration files, see Path mapping overview on
page 298.
If the machine is multihomed, you can restrict Crystal Enterprise to one of the
available particular network addresses. For details, see Configuring Crystal
Enterprise on a multihomed machine on page 238.
On Windows, the CCM displays default port numbers on each servers
Configuration tab. This displayed port corresponds to the -port option. For
servers other than the APS and the WCS, this default port is not actually in
use (each server registers its -requestPort number with the APS instead).
236
To change the default APS port

1 Use the CCM to stop all the Crystal Enterprise servers.
2 Add (or modify) the following option in the APS command line:
-port number
Replace number with the port that you want the APS to listen on. (The default
port is 6400.)
3 Add (or modify) the following option in the command line of all of the
remaining non-APS Crystal Enterprise servers:
-ns hostname:number
Replace hostname with the host name of the machine that is running the APS.
The host name must resolve to a valid IP address within your network. Replace
number with the port that the APS is listening on.
4 Start and enable all the Crystal Enterprise servers.
The APS begins listening on the port specified by number, and the non-APS
servers broadcast to that port when attempting to register with the APS.
To change the default WCS port

1 Use the CCM to stop all the Crystal Enterprise servers.
2 Add (or modify) the following option in the WCS command line:
-port number
Replace number with the port that you want the WCS to listen on. (The default
port is 6401.)
3 Reconfigure the Web Connector so that it forwards Crystal Enterprise requests
to the WCS host on the new port specified by number.
For details, see Path mapping overview on page 298.
To change the port a server registers with the APS

1 Use the CCM to stop the server.
2 Add (or modify) the following option in the servers command line:
-requestPort number
Replace number with the port that you want the server to listen on.
3 Start and enable the server.
The server binds to the new port specified by number. It then registers with the APS
and begins listening for Crystal Enterprise requests on the new port.
By default, each server registers itself with the APS by IP address, rather than by
name. This typically provides the most reliable behavior. If you need each server to
register with the APS by fully qualified domain name instead, use the -requestPort
237
option in conjunction with -port interface:port (where interface is the servers

fully qualified domain name). Having the servers register by name can be useful if
a NAT firewall resides between the server and the APS. For more information, see
Configuring for Network Address Translation on page 263.
You may also need to specify -port interface:port when Crystal Enterprise is
running on a multihomed machine.
Configuring Crystal Enterprise on a multihomed machine

A multihomed machine is one that has multiple network addresses. You may
accomplish this with multiple network interfaces, each with one or more IP
addresses, or with a single network interface that has been assigned multiple IP
addresses. In either case, Crystal Enterprise responds to requests made to all
available addresses by default. However, you can configure Crystal Enterprise to
service only one of the available network addresses.
The number of servers that you must configure depends upon how restrictive you
need to be, and whether or not the available network addresses are all resolved by
the same Domain Name Service (DNS) in your network. The surest way to restrict
Crystal Enterprise communication to one of the available network addresses is to
configure each of the server components that is installed on the multihomed
machine. For this purpose, each of the servers supports interface as a command
line parameter.
Tip: This section shows how to restrict all servers to the same network address, but
it is possible to bind individual servers to different addresses. For instance, you might
want to bind the File Repository Servers to a private address that is not routable from
users machines. Advanced configurations such as this require your DNS
configuration to route communications effectively between all the Crystal Enterprise
server components. In this example, the DNS must route communications from the
other Crystal Enterprise servers to the private address of the File Repository Servers.
Restricting the APS and the WCS to a network address

The APS and the WCS require their own ports, so add the following option to both
of their command lines:
-port interface:port
If the machine has multiple network interfaces, interface can be the fully qualified
domain name or the IP address of the interface that you want the server to bind to.
If the machine has a single network interface, interface must be the IP address
that you want the server to bind to.
Note: To retain the default port numbers, replace port with 6400 for the APS, and
with 6401 for the WCS. If you change the default port numbers, you will need to
make additional configuration changes. For details, see Changing the default
server port numbers on page 235.
238
Restricting the remaining servers to the same network address

The remaining Crystal Enterprise servers select their ports dynamically by default,
so you need only add the following option to their command lines:
-port interface
Replace interface with the same value that you specified for the APS and the
WCS. Ensure that each servers -ns parameter points to the APS, and that the DNS
resolves the value to the appropriate network address.
Adding and removing Windows server dependencies

When installed on Windows, each server in Crystal Enterprise is dependent on at
least three services: the Event Log, NT LM Security Support Provider, and Remote
Procedure Call (RPC) services. If you are having problems with a server, check to
ensure that all three services appear on the servers Dependency tab.
To add and remove server dependencies

1 Use the CCM to stop the server whose dependencies you want to modify.
2 With the server selected, click Properties on the toolbar.
3 Click the Dependency tab.
As shown here, at least three services should be listed: Event Log, NT LM
Security Support Provider, and Remote Procedure Call (RPC).
239
4 To add a dependency to the list, click Add.

The Add Dependency dialog box provides you with a list of all available
dependencies. Select the dependency or dependencies, as required, and then
click Add.
5 To remove a dependency from the list, select it and click Remove.
6 Click OK.
7 Restart the server.
Changing the server startup type

When installed on Windows, each server is configured to start automatically. As
with other Windows services, there are three startup types:
Automatic starts the server each time the machine is started.
Manual requires you to start the server before it will run.
Disabled requires you to change the startup type to automatic or manual
before it can run.
To change the server startup type on Windows

1 Start the CCM.
2 Stop the server whose startup type you want to modify.
3 With the server selected, click Properties on the toolbar.
4 Click the Startup Type list and select Automatic, Disabled, or Manual.
5 Click OK.
6 Restart the server.
To change the server startup type on UNIX

On UNIX, this requires root privileges. See initlaunch.sh on page 286.
240
Scaling Your System
13
This chapter details the common ways in which you should

begin to scale, or expand, your Crystal Enterprise system.
The chapter also provides general scalability considerations,
and shows how to add server components to your
installation.
241
Scalability overview
Scalability overview
The Crystal Enterprise architecture is scalable in that it allows for a multitude of
server configurations, ranging from stand-alone, single-machine environments, to
large-scale deployments supporting global organizations. The flexibility offered
by the products architecture allows you to set up a system that suits your current
reporting requirements, without limiting the possibilities for future growth and
expansion.
This chapter details common scalability scenarios for administrators who want to
expand beyond a stand-alone installation of Crystal Enterprise. These three
scenarios have received the most testing, and are recommended for the majority of
deployments. For details, see Common configurations on page 243.
It must be emphasized, however, that the optimal configuration for your
deployment will vary depending upon your hardware configuration, your
database software, and your reporting requirements. It is recommended that you
contact your Crystal Decisions sales representative and request information about
the Crystal Enterprise Sizing Guide. A Crystal Services consultant can then assess
your reporting environment and assist in determining the configuration that will
best integrate with your current environment.
Note: If you customize or expand your system beyond these common
configurations without first contacting Crystal Services, your deployment may
not be officially supported.
This chapter also provides the related procedures for adding and deleting servers
from your Crystal Enterprise installation. Follow these steps when you need to add
server components to a machine that is already running Crystal Enterprise.
Tip: If you are adding new hardware to Crystal Enterprise by installing server
components on additional machines, run the Crystal Enterprise installation and
setup program. The setup program allows you to perform an Expand installation.
During the Expand installation, you specify the existing APS whose system you
want to expand, and you select the components that want to install on the local
machine. For details, see the Crystal Enterprise Installation Guide.
Choosing between live and saved data

When reporting over the Web, the choice to use live or saved data is one of the
most important decisions youll make. Whichever choice you make, however,
Crystal Enterprise displays the first page as quickly as possible, so you can see
your report while the rest of the data is being processed.
242
13: Scaling Your System
Live data
On-demand reporting gives users real-time access to live data, straight from the
database server. Use live data to keep users up-to-date on constantly changing data,
so they can access information thats accurate to the second. For instance, if the
managers of a large distribution center need to keep track of inventory shipped on a
continual basis, then live reporting is the way to give them the information they need.
Before providing live data for all your reports, however, consider whether or not
you want all of your users hitting the database server on a continual basis. If the
data isnt rapidly or constantly changing, then all those requests to the database do
little more than increase network traffic and consume server resources. In such
cases, you may prefer to schedule reports on a recurrent basis so that users can
always view recent data (report instances) without hitting the database server.
For more information about optimizing the performance of reports that are viewed
on demand, see the Designing Optimized Web Reports section in the Crystal
Reports Users Guide (version 8.5 and later).
Tip: Users require View On Demand access to refresh reports against the database.
Saved data
Report instances are useful for dealing with data that isnt continually updated.
When users navigate through report instances, and drill down for details on
columns or charts, they dont access the database server directly; instead, they
access the saved data. Consequently, reports with saved data not only minimize
data transfer over the network, but also lighten the database servers workload.
You can schedule these reports within Crystal Enterprise so that they automatically
refresh from the database on a predetermined basis. For example, if your sales
database is only updated once a day, or once a week, then you can run the report
on a similar schedule. Sales representatives then always have access to current sales
data, but they arent hitting the database every time they open a report.
Tip: Users require only View access to display report instances.
Common configurations
This section details the common ways in which you should begin to scale, or
expand, your Crystal Enterprise system. The scenarios described are those that
have been most thoroughly tested by Crystal Decisions, Inc. As a baseline, this
section assumes that you have not yet distributed the Crystal Enterprise servers
across multiple machines; however, this section does assume familiarity with the
Crystal Enterprise architecture, installation, and server configuration. For
preliminary installation information, see the Crystal Enterprise Installation Guide.
Tip: If you are deploying multi-processor machines, you may also want to run one
or more Crystal Enterprise servers in multiple instances on that machine. For
details, see Adding a server on page 249.
243
Common configurations
One-machine setup
This basic configuration separates the Crystal Enterprise servers from the rest of
your reporting environment and from your web server. This grants the Crystal
Enterprise servers their own set of processing resources, which they do not have to
share with database and web server processes. These are the general steps to
setting up this configuration:
Install all of the Crystal Enterprise servers on a single, dedicated machine.
Install and configure the Web Connector on your web server machine.
Run the APS database on your database server.
If you are still using the MSDE APS database on Windows, migrate the APS
database to a supported database server. See the Platforms.txt file included
with your product distribution for a list of supported database servers.
Three-machine setup
This second configuration divides the Crystal Enterprise processing load in a
logical manner, based on the types of work performed by each server. In this way,
you prevent the server components from having to compete with each other for the
same hardware and processing resources. In addition, this scenario prepares your
system for further expansion to provide redundancy.
Note: It is recommended that you use three multi-processor machines (dual-CPU
or better), with at least 2 GB RAM installed on each machine.
These are the general steps to setting up this configuration:
Install the APS and the Event Server on one machine.
Tip: Here, the Event Server is installed on the same machine as the APS. In
general, however, the Event Server should be installed on the machine where
your monitored, file-based events occur.
Install the WCS and the Cache Server on the second machine.
Install the Page Server, the Job Server, and the Input and Output File
Repository Servers on the third machine.
Six-machine setup
This third configuration mirrors the three-machine setup. You maintain the logical
breakdown of processing based on the types of work performed by each server,
but you increase the number of available machines and servers for redundancy
and fault-tolerance. For instance, if a server stops responding, or if you need to take
one or two machines offline completely, you need not interrupt Crystal Enterprise
requests in order to service the system.
This tested configuration is designed to meet the reporting requirements of 85% of
all deployment scenarios. If you have further requirements or more advanced
configuration needs, contact your Crystal Decisions sales representative for
additional assistance.
244
Note: It is recommended that you use six multi-processor machines (dual-CPU or

better), with at least 2 GB RAM installed on each machine.
Install the three-machine setup first. Verify that Crystal Enterprise is
functioning correctly.
Install a second APS/Event Server pair on the fourth machine. This machine
must be on the same subnet as the APS that you have already installed.
Cluster the two APS services, so they share the task of maintaining the APS
database. Ensure that each APS accesses the APS database in exactly the same
manner (the same database client software, the same database user name and
password, and so on).
Tip: Here, the Event Server is installed on the same machine as the APS. In
general, however, the Event Server should be installed on the machine where
your monitored, file-based events occur.
Install a second WCS/Cache Server pair on the fifth machine.
Modify your Web Connector configuration to ensure that the Web Connector
communicates with the two distinct WCS hosts.
Install a second Page Server/Job Server on the remaining machine.
Ensure that all Page Servers and Job Servers can access your reporting database
in exactly the same manner. Install and configure any required database client
software similarly on each machine, along with any ODBC DSNs that are
required for your reports.
General scalability considerations

This section provides information about system scalability and the Crystal
Enterprise servers that are responsible for particular aspects of your system. Each
subsection focuses on one aspect of your systems capacity, discusses the relevant
components, and provides a number of ways in which you might modify your
configuration accordingly.
Before modifying these aspects of your system, it is strongly recommended that
you contact your Crystal Decisions sales representative and request information
about the Crystal Enterprise Sizing Guide. A Crystal Services consultant can then
assess your reporting environment and assist in determining the configuration
that will best integrate with your current environment.
Increasing overall system capacity

As the number of report objects and users on your system increases, you can
increase the overall system capacity by clustering two (or more) Automated
Process Schedulers (APS). You can install multiple APS services/daemons on the
same machine. However, to provide server redundancy and fault-tolerance, you
should ideally install each cluster member on its own machine.
245
APS clusters can improve overall system performance because every Crystal
Enterprise request results, at some point, in a server component querying the APS
for information that is stored in the APS database. When you cluster two APS
machines, you instruct the new APS to share in the task of maintaining and
querying the APS database.
For more information, see Clustering Automated Process Schedulers on
page 204.
Increasing scheduled reporting capacity

All Crystal reports that are scheduled are eventually processed by a Job Server.
You can expand Crystal Enterprise by running individual Job Servers on multiple
machines, or by running multiple Job Servers on a single multi-processor machine.
If the majority of your reports are scheduled to run on a regular basis, there are
several strategies you can adopt to maximize your systems processing capacity:
Install the Job Server in close proximity to (but not on the same machine as) the
database server against which the reports run. Ensure also that the File
Repository Servers are readily accessible to all Job Servers (so they can read
report objects from the Input FRS and write report instances to the Output FRS
quickly). Depending upon your network configuration, these strategies may
improve the Job Servers processing speeds, because there is less distance for
data to travel over your corporate network.
Verify the efficiency of your reports. When designing reports in Crystal
Reports, there are a number of ways in which you can improve the
performance of the report itself, by modifying record selection formulas, using
the database servers resources to group data, incorporating parameter fields,
and so on. For more information, see the Designing Optimized Web Reports
section in the Crystal Reports Users Guide (version 8.5 and later).
Use event-based scheduling to create dependencies between large or complex
reports. For instance, if you run several very complex reports on a regular,
nightly basis, you can use Schedule events to ensure that the reports are
processed sequentially. This is a useful way of minimizing the processing load
that your database server is subject to at any given point in time.
If some reports are much larger or more complex than others, consider
distributing the processing load through the use of server groups. For
instance, you might create two server groups, each containing one or more Job
Servers. Then, when you schedule recurrent reports, you can specify that it be
processed by a particular server group to ensure that especially large reports
are distributed evenly across resources.
Increase the hardware resources that are available to a Job Server. If the Job
Server is currently running on a machine along with other Crystal Enterprise
components, consider moving the Job Server to a dedicated machine. If the
new machine has multiple CPUs, you can install multiple Job Servers on the
same machine (typically no more than one service/daemon per CPU).
246
Increasing on-demand viewing capacity

When you provide many users with View On Demand access to reports, you allow
each user to view live report data by refreshing reports against your database
server. The Page Server retrieves the data and performs the report processing, and
the Cache Server stores recently viewed report pages for possible reuse.
If your reporting requirements demand that users have continual access to the
latest data, you can increase capacity in the following ways:
Increase the maximum allowed size of the cache. For details, see Modifying
Cache Server performance settings on page 216.
Verify the efficiency of your reports. When designing reports in Crystal
Reports, there are a number of ways in which you can improve the
performance of the report itself, by modifying record selection formulas, using
the database servers resources to group data, incorporating parameter fields,
and so on. For more information, see the Designing Optimized Web Reports
section in the Crystal Reports Users Guide (version 8.5 and later).
Increase the number of Page Servers that service requests on behalf of any
single Cache Server. You can install additional Page Servers on multiple
machines, or you can run multiple Page Servers on a single multi-processor
machine (typically no more than one service/daemon per CPU).
Increase the number of Page Servers and Cache Servers on the system, and
then distribute the processing load through the use of server groups. For
instance, you might create two server groups, each containing one or more
Cache Server/Page Server pairs. You can then specify individual reports that
should always be processed by a particular server group.
Enhancing custom web applications

If you are developing your own custom desktops or administrative tools with the
Crystal Enterprise Software Development Kit (SDK), be sure to review the newly
exposed libraries and APIs. You can now, for instance, incorporate complete security
and scheduling options into your own web applications. You can also modify server
settings from within your own code in order to further integrate Crystal Enterprise
with your existing intranet tools and overall reporting environment.
To improve the scalability of your system, consider distributing administrative
efforts by developing web applications for delegated content administration. You
can grant select users the ability to manage particular Crystal Enterprise folders,
content, users, and groups on behalf of their team, department, or regional office.
In addition, be sure to check the Crystal Enterprise Web Developers Guide for
performance tips and other scalability considerations. The query optimization
section in particular provides some preliminary steps to ensuring that custom
applications make efficient use of the query language. Access the Crystal Enterprise
Web Developers Guide online from the Crystal Enterprise Launchpad.
247
Improving web response speeds

Because all user interaction with Crystal Enterprise occurs over the Web, you may
need to investigate a number of areas to determine exactly where you can improve
web response speeds. These are some common aspects of your deployment that
you should consider before deciding how to expand Crystal Enterprise:
Assess your web servers ability to serve the number of users who connect
regularly to Crystal Enterprise. Use the administrative tools provided with
your web server software (or with your operating system) to determine how
well your web server performs. If the web server is indeed limiting web
response speeds, consider increasing the web servers hardware and/or
setting up a web farm (multiple web servers responding to web requests to a
single IP address). To configure Crystal Enterprise for use in a web farm
environment, see the Crystal Enterprise Installation Guide.
If web response speeds are slowed only by report viewing activities, see
Choosing between live and saved data on page 242 and Increasing ondemand viewing capacity on page 247.
Take into account the number of users who regularly access your system. If
you are running a large deployment, ensure that you have set up an APS
cluster. For details, see Increasing overall system capacity on page 245.
If you find that a single Web Component Server (WCS) inadequately services the
number of scripting requests made by users who access your system on a regular
basis, consider the following options:
Increase the hardware resources that are available to the Web Component
Server (WCS). If the WCS is currently running on the web server, or on a single
machine with other Crystal Enterprise components, consider moving the WCS
to a dedicated machine. If the new machine has multiple CPUs, you can install
multiple WCS services/daemons on the same machine (typically no more than
one per CPU).
Set up two (or more) WCS machines to take advantage of the dynamic load
balancing that is built into the Web Connector components. The Web
Connector distributes the processing load evenly across WCS hosts: each new
Crystal Enterprise session is sent to the least used WCS. This also provides you
with the benefits of being able to take one WCS machine offline for service,
without bringing down the entire system.
Note: If you are running Apache as your web server, you must instruct Apache to
reinitialize its child worker processes after you add or remove WCSHOSTS to the
Web Connector configuration files. You can generally do this with one of the
following commands:
kill -HUP `cat <absolute path to httpd.pid file>`
kill -USR1 `cat <absolute path to httpd.pid file>`
Consult the Apache documentation for more information.
248
Adding and deleting servers

This section shows how to add and delete servers from a machine that is already
running Crystal Enterprise components.
Tip: If you are adding new hardware to Crystal Enterprise by installing server
components on new, additional machines, run the Crystal Enterprise installation
and setup program from your product distribution. The setup program allows you
to perform an Expand installation. During the Expand installation, you specify the
existing APS whose system you want to expand, and you select the components
that you want to install on the local machine. For details, see the Crystal Enterprise
Installation Guide.
Adding a server
These steps add a server (service or daemon) to the local machine. You can run
multiple instances of the same Crystal Enterprise server on the same machine
(except for the File Repository Servers).
To add a Windows server

Note: To complete this procedure, you must log on as an Administrator of the
local machine.
1 Start the CCM on the Crystal Enterprise machine upon which you want to
install a new server.
2 On the toolbar, click Add Server.
The Add Crystal Server Wizard displays its Welcome dialog box.
3 Click Next.
The Server Type and Display Name Configuration dialog box appears.
249
4 Click the Server Type list and select the kind of server you want to add.
The drop-down list includes the following servers:
APS
Cache Server
Input File Repository Server
Output File Repository Server
Page Server
Report Job Server
Event Server
5 Change the default Display Name field if you want a different name to appear
in the list of servers in the CCM.
Note: The display name for each server on the local machine must be unique.
6 Change the default Server Name field if required.
Note: Each server on the system must have a unique name. The default naming
convention is HOSTNAME.servertype (a number is appended if there is more than
one server of the same type on the same host machine). This Server Name is
displayed when you manage servers over the Web in the Crystal Management
Console (CMC).
7 Click Next.
The Set Configuration for this server dialog box appears. The contents of this
dialog vary slightly, depending upon the type of server that you are installing.
Note: If port number options are displayed in this dialog box, do not modify
them. Instead, change ports through each servers command line. For details,
see Changing the default server port numbers on page 235.
8 Type the name of the APS that you want the server to communicate with.
9 Click Next to accept any other default values, or modify them to suit your
environment.
10 Confirm the summary information is correct; then click Finish.
The new server appears in the list, but it is neither started nor enabled
automatically.
11 Use the CCM (or the CMC) to start and then to enable the new server when
you want it to begin responding to Crystal Enterprise requests. For details, see
Viewing and changing the current status of servers on page 199.
To add a UNIX server

Use the serverconfig.sh script. For reference, see serverconfig.sh on page 283.
250
Deleting a server
To delete a Windows server
1 Start the CCM on the Crystal Enterprise machine that you want to delete a
server from.
2 Stop the server that you want to delete from the system.
3 With the server selected, click Delete Server on the toolbar.
4 When prompted for confirmation, click Yes.
To delete a UNIX server

Use the serverconfig.sh script. For reference, see serverconfig.sh on page 283.
251
252
Managing Server Groups
14
This chapter shows how to create server groups and

subgroups. It also shows how to modify the group
membership of an individual server.
253
Server group overview
Server group overview

Server groups provide a way of organizing your Crystal Enterprise servers to
make them easier to manage. That is, when you manage a group of servers, you
need only view a subset of all the servers on your system. You might, for example,
group your servers together by region or by type.
If you group your servers by region, you can easily set up default processing
settings, recurrent schedules, and schedule destinations that are appropriate to
users who work in a particular regional office. You can associate a report with a
single server group, so the report is always processed by the same servers. And
you can associate scheduled reports with a particular server group to ensure that
scheduled reports are sent to the correct printers, file servers, and so on. Thus,
server groups prove especially useful when maintaining systems that span
multiple locations and multiple time zones.
Once you have created your server groups, you can change the status, obtain
metrics, and configure your servers in the Server Groups management areajust
as you would in the Servers management area. The only difference is that you see
only the servers that you added to the server group. For details on configuring
individual servers, see Server management overview on page 196.
Creating a server group

To create a server group, you need to specify the name and description of the
group, and then add servers to the group.
To create a server group

1 Go to the Server Groups management area of the CMC.
2 Click New Server Group.
The New Server Group Properties tab appears.
254
14: Managing Server Groups
3 In the Server Group Name field, type a name for the new group of servers.
4 Use the Description field to include additional information about the group.
5 Click OK.
6 On the Servers tab, click Add/Remove Servers.
7 Select the servers that you want to add to this group; then click the > arrow.
Tip: Use CTRL+click to select multiple servers.
This example adds the servers running on PBROWNSEYA to a server group called
Northern Office Servers.
8 Click OK.
You are returned to the Servers tab, which now lists all the servers that you
added to the group. You can now change the status, view server metrics, and
change the properties of the servers in the group. For more information, see
Server management overview on page 196.
Working with server subgroups

Subgroups of servers provide you with a way of further organizing your servers.
A subgroup is just a server group that is a member of another server group.
For example, if you group servers by region and by country, then each regional
group becomes a subgroup of a country group. To organize servers in this way,
first create a group for each region, and add the appropriate servers to each
regional group. Then, create a group for each country, and add each regional
group to the corresponding country group.
There are two ways to set up subgroups: you can modify the subgroups of a server
group, or you can make one server group a member of another. The results are the
same, so use whichever method proves most convenient.
255
Working with server subgroups
To add subgroups to a server group

2 Click the group that you want to add subgroups to.
This group is the parent group.
3 On the Subgroups tab, click Add/Remove Groups.
4 In the Available server groups list, select the server groups that you want to
add as subgroups; then click the > arrow.
5 Click OK.
You are returned to the Subgroups tab, which now lists all the server groups
that you added to the parent group.
To make one server group a member of another

2 Click the group that you want to add to another group.
3 On the Member of tab, click the Member of button.
4 In the Available server groups list, select the server groups that should
include your group as a member; then click the > arrow.
This example makes the Job Servers group a member subgroup of the Northern
Office Servers group.
5 Click OK.
You are returned to the Member of tab, which now lists all the server groups
that the initial group is now a member of.
256
14: Managing Server Groups
Modifying the group membership of a server

You can modify a servers group membership to quickly add the server to (or
remove it from) any group or subgroup that you have already created on the
system.
For example, suppose that you created server groups for a number of regions. You
might want to use a single Web Component Server (WCS) for multiple regions.
Instead of having to add the WCS individually to each regional server group, you
can click the servers Member of link to add it to all three regions at once.
To modify a servers group membership

2 Locate the server whose membership information you want to change.
3 In the Server Group column, click the servers Member of link.
The Member of page lists any server groups that the server currently belongs
to.
4 Click the Member of button.
The Modify Member Of page appears.
5 Move server groups from one list to another to specify which groups the
server is a member of.
6 Click OK.
257
Modifying the group membership of a server
258
Working with Firewalls
15
This chapter describes how Crystal Enterprise works with

firewall systems. After providing some background
information on the supported types of firewalls, this
chapter explains how to configure firewalls and Crystal
Enterprise to work together.
259
Firewalls overview
Firewalls overview
Crystal Enterprise works with firewall systems to provide reporting across
intranets and the Internet without compromising network security. This chapter
provides general information about firewalls, packet filtering, Network Address
Translation (NAT), and SOCKS proxy server firewalls. It then explains how to
configure these firewalls and Crystal Enterprise to work together.
If you are already familiar with firewalls and the configuration used in your
network, proceed directly to Configuring Crystal Enterprise to work with
firewalls on page 263.
What is a firewall?
A firewall is a security system that protects one or more computers from unauthorized
network access. A firewall restricts people to entering and leaving your network at a
carefully controlled point. It also prevents attackers from getting close to your other
defenses. Typically, a firewall protects a companys intranet from being improperly
accessed through the Internet. A firewall can enforce a security policy, log Internet
activity, and be a focus for security decisions. A firewall cant protect against malicious
insiders or connections that dont go through it. A firewall also cant set itself up
correctly or protect against completely new threats. To help explain how firewalls
work, some basic networking termsTCP/IP, packets, and portsare described here.
If you are already familiar with these topics see Configuring Crystal Enterprise to
work with firewalls on page 263.
TCP/IP and packets

TCP/IP (Transmission Control Protocol/Internet Protocol) is the communications
protocol used on the Internet. The units of data transmitted through a TCP/IP
network are called packets. Packets are typically too small to contain all the data
that is sent at any one time, so multiple packets are required, each containing a
portion of the overall data. When data is sent by TCP/IP, the packets are
constructed such that a layer for each protocol is wrapped around each packet.
Typically, TCP/IP packets have the following layers:
Application layer (for example, FTP, telnet, and HTTP).
Transport layer (TCP or UDP).
Internet layer (IP).
Network Access layer (for example, ethernet and ATM).
At the application layer, the packet consists simply of the data to be transferred. As
the packet moves through the layers, each layer adds a header to the packet,
preserving the data from the previous level. These headers are used to determine
the packets destination and to ensure that it arrives intact. When the packet
reaches its destination, the process is reversed: the layers are sequentially removed
until the transferred data is available to the destination application.
260
15: Working with Firewalls
Ports
Ports are logical connection points that a computer uses to send and receive
packets. With TCP/IP, ports allow a client program to specify a particular server
program on a computer in a network. High-level applications that use TCP/IP
have ports with pre-assigned numbers. For instance, when you visit a typical
HTTP site over the Web, you communicate with the web server on port 80, which
is the pre-assigned port for HTTP communication.
Other application processes are given port numbers dynamically for each
connection. When a service or daemon initially is started, it binds to its designated
port number. When any client program wants to use that server, it must also
request to bind to the designated port number. Valid port numbers range from 0
to 65536, but ports 0 to 1024 are reserved for use by certain privileged services.
Firewall types
Firewalls primarily function using at least one of three methods: packet filtering,
Network Address Translation (NAT), and proxy services. Crystal Enterprise
works with these firewall types. Packet filtering rejects TCP/IP packets from
unauthorized hosts and rejects connection attempts to unauthorized services. NAT
translates the IP addresses of internal hosts to hide them from outside monitoring.
NAT is also called IP masquerading. Proxy services make high-level application
connections on behalf of internal hosts to completely break the network layer
connection between internal and external hosts.
Packet filtering
Packet filtering deletes packets before they are delivered to the destination
computer. Packet filtering can delete packets based on the following:
The address the data is coming from.
The address the data is going to.
The session and application ports being used to transfer the data.
The data contained within the packet.
Typically there are two types of packet filtering: stateful and stateless. Stateful
packet filters remember the state of connections at the network and session layers
by recording the established session information that passes through the filter
gateway. The filter then uses that information to discriminate valid return packets
from invalid connection attempts. Stateless packet filters do not retain information
about connections in use; instead, they make determinations packet-by-packet
based only on the information contained within the packet. Firewalls that employ
packet filtering will work with Crystal Enterprise.
261
Firewalls overview
Network Address Translation

Network Address Translation (NAT) converts private IP addresses in a private
network to globally unique, public IP addresses for use on the Internet. The main
purpose of NAT is to hide internal hosts. As outgoing packets are routed through
the firewall, NAT hides internal hosts by converting their IP addresses to the
address of the firewall. Once the translation is complete, the firewall sends the data
payload on to its original destination; thus, NAT makes it appear that all traffic
from your site comes from one (or more) IP addresses.
The firewall maintains a translation table to keep track of the address conversions
that it has performed. When an incoming response arrives at the firewall, the
firewall uses this translation table to determine which internal host should receive
the response. Because this type of firewall essentially sends and receives data on
behalf of internal hosts, NAT can also be described as a simple proxy.
There are two basic types of NAT:
Static translation (port forwarding) grants a specific internal host a fixed
translation that never changes. For example, if you run an email server inside a
firewall, you can establish a static route through the firewall for that service.
Dynamic translation (automatic, hide mode, or IP masquerade) shares a small
group of external IP addresses amongst a large group of internal clients for the
purpose of expanding the internal network address space. Because a translation
entry does not exist until an internal client establishes a connection out through
the firewall, external computers have no way to address an internal host that is
protected using a dynamically translated IP address.
Note: Some protocols do not function correctly when the port is changed.
These protocols will not work through a dynamically translated connection.
Crystal Enterprise and static translation NAT can be configured so that they work
together.
For configuration steps, see Configuring for Network Address Translation on
page 263.
SOCKS proxy servers

SOCKS is a networking protocol that enables computers on one side of a SOCKS
server to access computers on the other side of a SOCKS server without requiring
a direct IP connection. A SOCKS server redirects connection requests from
computers on one side of it to computers on the other side of it. A SOCKS server
typically authenticates and authorizes requests, establishes a proxy connection,
and relays data between the internal and external networks. Crystal Enterprise
supports and works with SOCKS servers.
SOCKS servers work by listening for service requests from internal clients. When
an internal request is made, the SOCKS server sends the requests to the external
network as if the SOCKS server itself was the originating client. When the SOCKS
server receives a response from the external server, it returns that response to the
262
original client as if it were the originating external server. This effectively hides the
identity and the number of clients on the internal network from examination by
anyone on the external network.
For configuration steps, see Configuring for SOCKS servers on page 265.
Configuring Crystal Enterprise to work with firewalls

You can configure Crystal Enterprise to work with different types of firewalls. This
section explains how to configure Crystal Enterprise to work with different
firewalls in different scenarios. This section assumes that the Web Connector and
the Web Component Server (WCS) reside on separate computers. (If they reside on
the same computer, their communication is uninterrupted by firewalls, and no
additional configuration is required.)
In most cases, clients access protected information through a web server running
in a Demilitarized Zone (DMZ). A DMZ is a network area that is neither part of the
internal network nor directly part of the Internet. Typically, the DMZ is set up
between two firewalls: an outer firewall and an inner firewall.
The only Crystal Enterprise component that needs to provide direct service to
external clients is the Web Connector, which must be installed on the web server.
When a client makes a request to the Web Connector, the Web Connector makes a
TCP/IP request to the WCS on a specific port (the default port is 6401). The most
logical and secure way to position the web server and the Web Connector is to
place them in the DMZ. All the other Crystal Enterprise components can then be
placed on the internal network.
Configuring for packet filtering

If you are using packet filtering without NAT, then no special configuration is
required within Crystal Enterprise. However, you must ensure that your firewall
is not inadvertently filtering Crystal Enterprise packets.
You may need to modify your packet filtering rules to allow the Web Connector
(on the web server machine) to send data to the port that the WCS is listening on.
By default, this port is 6401. The Web Connector must also be able to receive
responses from the WCS on the same port.
Configuring for Network Address Translation

If you use Network Address Translation (NAT) on the outer firewall only, then no
special configuration is required for Crystal Enterprise to communicate properly.
However, if NAT is employed on the inner firewallbetween the Web Connector
and the Web Component Server (WCS)you must configure the Web Connector
to communicate properly through the firewall. This Web Connector configuration
is required because the internal IP address of the WCS may not be routable
263
through the firewall. (The WCS requires no special configuration, because the Web
Connectors IP address is not hidden by the NAT firewall.)
Note: You can configure the Web Connector to communicate properly across
NAT firewalls that use static IP translation; however, the Web Connector cannot
communicate across a firewall whose IP translation is dynamic.
To configure the Web Connector on Windows

1 Start the CCM.
2 Stop the Word Wide Web Publishing Service.
3 On the toolbar, click Configure web connector.
4 In the Web Component Servers area, click Add.
If your WCS Host Name is already listed, select it and click Edit.
5 In the WCS Host Name field, type one of the following:
The name of the machine that is running the WCS. This machine must be
routable from the web server that is running the Web Connector.
The external translated IP address of the machine that is running the WCS.
This IP address must be fixed; that is, your firewall must use static IP
translation to grant the WCS machine a fixed IP address.
6 If you have customized the WCS so that it listens on a port other than the default,
type your new port number in the Port field. Otherwise, ensure that the
default port number (6401) appears.
7 Click OK twice to return to the CCM.
8 Start the Word Wide Web Publishing Service.
To configure the Web Connector on UNIX

If your web server is running on UNIX, stop the web server and then set the
WCSHOST or WCSHosts variable to one of the following:
The name of the machine that is running the WCS. This machine must be
routable from the web server that is running the Web Connector.
The external translated IP address of the machine that is running the WCS.
This IP address must be fixed; that is, your firewall must use static IP
translation to grant the WCS machine a fixed IP address.
The WCSHOST or WCSHosts variable is defined in the configuration file that
corresponds to your web server. For details about each configuration file, see Web
Connector virtual path mappings on page 304.
264
Configuring for SOCKS servers

Crystal Enterprise provides direct support for SOCKS proxy server firewalls. The
required configuration depends on the location of your SOCKS server. Your SOCKS
server(s) may separate the Web Connector from the Web Component Server (WCS)
and/or they may separate the WCS from the Automated Process Scheduler (APS).
This list describes when to use the procedures that are provided in the remainder
of this section:
Configuring the WCS for SOCKS servers
Complete these steps regardless of the location of your SOCKS server(s).
Configuring the Web Connector for SOCKS servers
Complete these steps if one or more SOCKS servers separate the Web
Connector from the WCS.
Configuring the APS for SOCKS Servers
Complete these steps if one or more SOCKS servers separate the WCS from the
APS.
Crystal Enterprise requires that the APS and the remaining server components
reside on the same subnet and that these components are not separated from one
another by firewalls. The remaining server components automatically obtain their
SOCKS configuration from the APS, as required, so you dont need to configure
them separately.
Configuring the WCS for SOCKS servers

Complete these steps if one or more SOCKS servers separate the WCS from the
Web Connector, from the APS, or from both. These steps provide the WCS with the
required information about each SOCKS server, in order, from the outermost to the
innermost.
The outermost SOCKS server is the one closest to the Web Connector. The
innermost SOCKS server depends on whether or not a SOCKS server separates the
WCS from the APS:
If no SOCKS servers separate the WCS from the APS, then the innermost
SOCKS server is the first SOCKS server that the WCS connects to when
communicating with the Web Connector.
If a SOCKS server separates the WCS and the APS, then the innermost SOCKS
server is the last SOCKS server the WCS communicates with before the APS.
To configure the WCS on Windows

1 Start the CCM.
2 Stop the Web Component Server.
3 Select the Web Component Server and, on the toolbar, click Properties.
4 On the Configuration tab, click Specify SOCKS; then click Add.
265
5 In the SOCKS Proxy dialog box, type the Server Name or IP Address of your
SOCKS server.
6 In the Server Port field, type the number of the port that the SOCKS server is
listening on.
7 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
8 Click OK.
If you have more than one SOCKS server, repeat steps 4 to 8 for each additional
server. Then click Up and Down to order the SOCKS servers from the
outermost (closest to the Web Connector) to the innermost (closest to the APS).
9 Click OK in all three dialog boxes to return to the CCM.
10 Start the Web Component Server.
To configure the WCS on UNIX

The UNIX version of Crystal Enterprise includes a utility that allows you to configure
the WCS to work with SOCKS servers. For details, see sockssetup.sh on page 284.
Configuring the Web Connector for SOCKS servers

Complete these steps if the Web Connector must communicate through a SOCKS
server when it sends information to the WCS.
To configure the Web Connector on Windows

1 Start the CCM.
2 Stop the World Wide Web Publishing Service.
3 On the toolbar, click Configure web connector.
4 In the Web Component Servers area, click Add.
If your WCS Host Name is already listed, select it and click Edit.
5 In the WCS Host Name field, type the name of the machine that is running the
WCS.
6 If you have customized the WCS so that it listens on a port other than the default,
type your new port number in the Port field. Otherwise, ensure that the
default port number (6401) appears.
7 Click Specify SOCKS, then click Add.
SOCKS server.
listening on.
266
11 Click OK.
If more than one SOCKS server separates the Web Connector from the WCS,
repeat steps 7 to 11 for each SOCKS server. Then click Up and Down to order
the SOCKS servers. The SOCKS server closest to the Web Connector must
appear at the top of the list, and the SOCKS server closest to the WCS must be
at the bottom of the list.
13 Start the World Wide Web Publishing Service.
To configure the Web Connector on UNIX

If your web server is running on UNIX, you must stop the web server and then
modify the definition of the Crystal Enterprise WCSHOST or WCSHosts variable. This
variable is defined in the configuration file that corresponds to your web server.
Depending on the web server and Web Connector you are using, the environment
variable is typically defined in one of these files:
Web Server
Path
Apache with ASAPI
crystal/enterprise/platform/wcs/conf/
asapi.conf
iPlanet 6.x with NSAPI
In the iPlanet magnus.conf file.
iPlanet 4.x with NSAPI
In the iPlanet obj.conf file.
Any web server with CGI
crystal/enterprise/platform/wcs/bin/wcscgi.cgi
For more information about the configuration files for your web server, see Web
Connector virtual path mappings on page 304.
The syntax that denotes the WCS through a SOCKS server can be considerably
complex. This section shows a complete connection string and then describes its
component parts. The complete connection string for specifying the WCS through
a SOCKS server is as follows:
socks://Version;User:Password@SOCKSServer:Port/WCSmachine:Port
This string consists of two main parts: the SOCKS connection information
(Version;User:Password@SOCKSServer:Port) followed by the WCS destination
(WCSmachine:Port). The variable components in this string are as follows:
Version is the SOCKS version in use (4 or 5).
User is a SOCKS user name of length < 256 characters.
Password is the corresponding password of length < 256 characters.
SOCKSServer:Port is the name or IP4 of the SOCKS server, along with its port.
WCSmachine:Port is the name or IP4 of the WCS, along with its port.
267
For example, suppose that you are running SOCKS version 5 on a server called
socksmachine. You need to provide the user name socksuser and the password
secret to connect to a WCS named sales1. The WCS is listening on its default port
(6401). In this case, in the configuration file appropriate to your web server, you
would type the following definition for the WCSHOST or WCSHosts variable:
socks://5;socksuser:secret@socksmachine/sales1:6401
To specify a sequence of SOCKS servers, list them in the connection string by

preceding each additional SOCKS server with the ampersand symbol (&), as follows:
socks://Version;User:Password@SOCKSServer1:Port&Version;User:Password@
SOCKSServer2:Port/WCSmachine:Port
Configuring the APS for SOCKS Servers

Complete these steps if one or more SOCKS servers separate the WCS from the APS. The
remaining Crystal Enterprise servers automatically obtain their SOCKS configuration
from the APS, as required, so you dont need to configure them separately.
To configure the APS on Windows

1 Start the CCM.
2 Stop all of the Crystal servers, including the Crystal APS.
3 Select the APS and, on the toolbar, click Properties.
4 On the Connection tab, click Add.
SOCKS server.
listening on.
8 Click OK.
If you have more than one SOCKS server, repeat steps 4 to 8 for each additional
server. Then click Up and Down to order the SOCKS servers from the outermost
(closest to the Web Component Server) to the innermost (closest to the APS).
10 Start the Crystal Enterprise server components.
To configure the APS on UNIX

The UNIX version of Crystal Enterprise includes a utility that allows you to
configure Crystal Enterprise servers to work with SOCKS servers. For details, see
sockssetup.sh on page 284.
268
Licensing Information
16
This chapter describes how to view licensing information

and add license keys with the Crystal Management Console
(CMC). It also shows how to view your current account
activity.
269
Licensing overview
Licensing overview
Crystal Enterprise is a scalable product that provides you with the ability to add
license keys as the demand for report information increases in your organization.
You can purchase concurrent, named, and processor licenses.
Concurrent licenses specify the number of people who can connect to Crystal
Enterprise at the same time. This type of licensing is very flexible because a small
concurrent license can support a large user base. For example, a 100 user
concurrent license could support 250, 500, or 700 users depending on the frequency
with which the system is accessed and the number and size of the reports.
Named user licenses are associated with specific users and allow people to access
the system based on their user name and password. This provides named users
with access to the system regardless of how many other people are connected.
You may want to purchase named user licenses for people in your organization
who require access to Crystal Enterprise at all times. For example, you could
purchase a named user license for each of the 25 managers and a concurrent license
for 175 general users.
Processor licenses are based on the number of processors that are running Crystal
Enterprise. To determine the number of processor licenses you require, count the
number of processors on any servers running any component of Crystal Enterprise
(except the Web Connector).
Note: If you are upgrading from a trial version of the product, be sure to delete
the Evaluation key prior to adding any new license keys or activation codes.
For more information about licenses, sessions, and session handling see Crystal
Enterprise Security Concepts on page 15.
270
16: Licensing Information
Accessing license information

The License Keys tab identifies the number of concurrent, named, and processor
licenses associated with each key.
The License Keys tab appears.
2 Select a license key.

The details associated with the key appear in the Licensing Information area. To
purchase additional license keys:
Contact your Crystal Decisions sales representative.
Call 1-800-877-2340 (US/Canada) or 1-604-681-3435 (International).
Email sales@crystaldecisions.com.
271
Licensing overview
Adding a license key

Note: If you are upgrading from a trial version of the product, be sure to delete
the Evaluation key prior to adding any new license keys or activation codes.
The License Keys tab appears.
2 Type the key in the Add Key field.
Note: Key codes are case-sensitive.
3 Click Add.
The key is added to the list.
Viewing current account activity

2 Click the Metrics tab.
This tab displays current license usage, along with additional job metrics.
272
Object Rights and Access Levels
This appendix maps the object rights that are available in

the Crystal Management Console (CMC) to the actual
rights available through the Crystal Enterprise SDK; it also
lists the object rights that make up each of the predefined
access levels, and the default rights that are applied to the
system root folder. This appendix is provided primarily for
reference purposes. For complete details on setting object
rights, see Controlling Users Access to Objects on
page 95.
273
Object rights
Object rights
This table lists the object rights that are available within the Advanced Rights page
of the Crystal Management Console (CMC). Other Crystal Enterprise plug-in
components may in future add their own, object-specific rights to this list. The
table matches the descriptions used in the CMC with the programmatic name that
developers use when assigning rights with the Crystal Enterprise SDK.
274
Description used in the CMC
Name used in the SDK
Respect current security by inheriting

rights from parent groups
AdvancedInheritGroups
Respect current security by inheriting

rights from parent folders
AdvancedInheritFolders
Add objects to the folder
ceRightAdd
View objects
ceRightView
Edit objects
ceRightEdit
Modify the rights users have to objects
ceRightModifyRights
Schedule the document to run
ceRightSchedule
Delete objects
ceRightDelete
Define server groups to process jobs
ceRightPickMachines
Delete instances
ceRightDeleteInstance
Copy objects to another folder
ceRightCopy
Schedule to destinations
ceRightSetDestination
View document instances
ceRightViewInstance
Pause and Resume document

instances
ceRightPauseResumeSchedule
Print the reports data
ceReportRightPrintReport
Refresh the reports data
ceReportRightRefreshOnDemandReport
Export the reports data
ceReportRightPageServerExport
View objects that the user owns
ceRightOwnerView
Edit objects that the user owns
ceRightOwnerEdit
Modify the rights users have to

objects that the user owns
ceRightOwnerModifyRights
Delete objects that the user owns
ceRightOwner
Delete instances that the user owns
ceRightOwnerDeleteInstance
View document instances that the

user owns
ceRightOwnerViewInstance
Pause and resume instances that the

user owns
ceRightOwnerPauseResumeSchedule
Access levels
This section lists the object rights that constitute each of the predefined access
levels that are available through the Advanced Rights page of the Crystal
Management Console (CMC).
No Access
Respect current security by

inheriting rights from parent groups

inheriting rights from parent folders
View


View objects
ceRightView
ceRightViewInstance
Schedule


ceRightAdd
View objects
ceRightView
ceRightSchedule
ceRightCopy
ceRightPickMachines

user owns
275
Access levels
ceRightViewInstance
Schedule the report to a printer
View On Demand


ceRightAdd
View objects
ceRightView
ceRightSchedule
ceRightCopy
ceRightPickMachines

user owns
ceRightViewInstance
Full Control
276


ceRightAdd
View objects
ceRightView
ceRightViewInstance
Edit objects
ceRightEdit
Modify the rights users have to

objects
ceRightModifyRights
ceRightSchedule
Delete objects
ceRightDelete
Delete instances
ceRightDeleteInstance
ceRightPickMachines
ceRightCopy
Pause and Resume document

instances
ceRightPauseResumeSchedule
Default rights on the root folder

The top-level Crystal Enterprise folder serves as the root for all other folders and
objects that you add to the system. This folder provides the following rights by
default:
The Everyone group is granted the Schedule access level.
The Administrators group is granted the Full Control access level.
The Guest user account is granted the ability to add a user account.
277
Default rights on the root folder
278
UNIX Tools
This appendix details each of the administrative tools and

scripts that are included with the UNIX distribution of
Crystal Enterprise. This appendix is provided primarily for
reference purposes. Concepts and configuration procedures
are discussed in more detail throughout this guide.
279
UNIX tools overview
UNIX tools overview

The UNIX distribution of Crystal Enterprise includes a number of scripts that,
together, provide you with all the configuration options that are available in the
Windows version of the Crystal Configuration Manager (CCM). There are a
number of other scripts that provide you with UNIX-specific options or serve as
templates for your own scripts. Also, there are several secondary scripts that are
used by Crystal Enterprise. Each script is described here and the command-line
options are provided where applicable.
Script utilities
This section describes the administrative scripts that assist you in working with
Crystal Enterprise on UNIX. The remainder of this guide discusses the concepts
behind each of the tasks that you can perform with these scripts. This reference
section provides you the main command-line options and their arguments.
ccm.sh
The ccm.sh script is installed to the crystal directory of your installation. This
script provides you with a command-line version of the CCM. This section lists the
command-line options and provides some examples.
Note:
Arguments in square brackets [ ] are optional.
Replace server with the complete name of the Crystal Enterprise server
component that you want to configure. By default, servers are named with a
hostname.servertype convention. If you are unsure of a servers name, look in
the ccm.config file, locate the servers launch string, and use the value that
appears after the -name option.
Arguments denoted by other authentication information are provided in
the second table.
CCM Option
Valid Arguments
Description
-help
n/a
Display command-line help.
-start
all or server
Start each server as a process.
-stop
all or server
Stop each server by terminating its

Process ID.
-restart
all or server
Stop each server by terminating its

Process ID; then each server is started.
-enable
all or server [other

authentication information]
Enable a started server so that it registers

with the system and starts listening on the
appropriate port.
280
CCM Option
Valid Arguments
Description
-disable
all or server [other

authentication information]
Disable a server so that it stops

responding to Crystal Enterprise requests
but remains started as a process.
-display
server <other authentication

information>
Reports the servers current status

(enabled or disabled). The APS must be
running before you can use this option.
-apsfriendlyname
-selectdb
-srcconn
-srcdbdriver
-copydb
-setcluster
-getcluster
-reinitialize
Run ccm.sh -help for complete

details.
-socksserver
-listall
-wcssocks
-wcsfriendlyname
-getsocks
-wcssocks
-deletesocks
-moveup
-movedown
-create
-modify
-port
-version
-useauth
Run ccm.sh -help for complete

details.
These options are used primarily by

apsdbsetup.sh. Although you can run
these commands directly from the CCM,

it is recommended that you run
apsdbsetup.sh instead. It provides a textbased interface to APS configuration. For
details, see apsdbsetup.sh on page 283.
These options are used primarily by
sockssetup.sh. Although you can run
these commands directly from the CCM,

it is recommended that you run
sockssetup.sh instead. It provides a textbased interface to SOCKS server
configuration. For details, see
sockssetup.sh on page 284.
This table describes the options that make up the argument denoted by other
authentication information.
Authentication
Option
Valid arguments
Description
-aps
apsname:port#
Specify the APS that you want to log on to.

If not specified, the CCM defaults to the
local machine and the default port (6400).
-username
username
Specify an account that provides

administrative rights to Crystal
Enterprise. If not specified, the default
Administrator account is attempted.
281
Script utilities
Authentication
Option
Valid arguments
Description
-password
password
Specify the corresponding password. If

not specified, a blank password is
attempted.
-authentication
secEnterprise, secWindowsNT,
secLDAP
Specify the appropriate authentication

type for the administrative account. If not
specified, secEnterprise is attempted.
The CCM reads the server launch strings and other configuration values from the
ccm.config file. For details, see ccm.config on page 282.
Examples
These two commands start and enable all the servers. The Automated Process
Scheduler (APS) is started on the local machine and the default port (6400):
ccm.sh -start all
ccm.sh -enable all
These two commands start and enable all the servers. The APS is started on port
6701, rather than on the default port:
ccm.sh -start all
ccm.sh -enable all -aps MACHINE01:6701
These two commands start and enable all the servers with a specified
administrative account named SysAdmin:
ccm.sh -start all
ccm.sh -enable all -aps MACHINE01:6701 -username SysAdmin -password 35%bC5@5
-authentication LDAP
This single command logs on with a specified administrative account to disable a

Job Server that is running on a second machine:
ccm.sh -disable MACHINE02.crystaldecisions.com.reportserver -aps
MACHINE01:6701 -username SysAdmin -password 35%bC5@5 -authentication secLDAP
ccm.config
This configuration file defines the server launch strings and other values that are
used by the CCM when you run its commands. This file is maintained by the CCM
itself, and by the other Crystal Enterprise script utilities. You typically edit this file
only when you need to modify a servers command line. For details, see
Command lines overview on page 290.
282
apsdbsetup.sh
The apsdbsetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the APS
database and APS clusters. You can add an APS to a cluster by selecting a new data
source for its APS database. You can also delete and recreate (re-initialize) an APS
database, copy data from another data source, or change the existing cluster name.
Note: Before running this script, back up your current APS database. Also be sure
to see Configuring the intelligence tier on page 204 for additional information
about APS clusters and configuring the APS database.
The script will prompt you for the name of your APS. By default, the APS name is
hostname.aps. That is, the default name of an APS installed on a machine called
MACHINE01 is MACHINE01.aps. To check the name of your APS (or any other server),
view the contents of ccm.config and look for the servers launch string. The servers
current name appears after the -name option.
For information about each of these topics, see Configuring the intelligence tier
on page 204.
serverconfig.sh
The serverconfig.sh script is installed to the crystal directory of your installation.
This script provides a text-based program that enables you to view server
information and to add and delete servers from your installation. This script adds,
deletes, modifies, and lists information from the ccm.config file.
To add/delete/modify/list UNIX servers

1 Go to the crystal directory of your installation.
2 Issue the following command:
./serverconfig.sh
The script prompts you with a list of options:

1 - Add a server
2 - Delete a server
3 - Modify a server
4 - List all servers in the config file
3 Type the number that corresponds to the action you want to perform.
4 If you are adding, deleting, or modifying a server, provide the script with any
additional information that it requests.
Tip: The script will prompt you for the name of your APS. By default, the APS
name is hostname.aps. That is, the default name of an APS installed on a
machine called MACHINE01 is MACHINE01.aps. To check the name of your APS (or
any other server), view the contents of ccm.config and look for the servers
launch string. The servers current name appears after the -name option.
283
Script utilities
5 Once you have added or modified a server, use the CCM to ensure that the
server is both started and enabled.
For more information about each of these topics, see Scalability overview on
page 242.
sockssetup.sh
The sockssetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the Web
Component Server (WCS) and the Automated Process Scheduler (APS) when they
must communicate across one or more SOCKS proxy server firewalls. For technical
information about Crystal Enterprise and firewalls, see Firewalls overview on
page 260.
This script does not configure the Web Connector to communicate with the WCS
through a SOCKS server. If a SOCKS server separates your web server from the
WCS, you must manually configure the Web Connector configuration file that
corresponds to your web server. For more information, see Configuring the Web
Connector for SOCKS servers on page 266.
To modify SOCKS configuration

1 Go to the crystal directory of your installation.
2 Issue the following command:
./sockssetup.sh
3 Type wcs to configure the communication between the WCS and the APS. Or,
type servers to configure SOCKS information between the remaining servers.
The script may prompt you for the name or friendly name of the server. By
default, each servers name is hostname.servertype. To check the name of a
server, view the contents of ccm.config and look for the servers launch string.
The servers current name appears after the -name option.
4 Specify one of the available actions:
Type show to display any SOCKS servers that have already been entered
with this script. A blank list is displayed if no servers have been added.
Type create to add a new SOCKS server to the list.
Type modify to change one of the SOCKS servers in the list.
Type delete to remove a SOCKS server from the list.
Type moveup or movedown to modify the sequence of SOCKS servers.
5 Proceed through the script and provide any additional information that it
requests:
If you are creating a new entry in the list, you will typically need to provide
the name or IP address of the SOCKS server, the port number it is listening
on, the version number of the SOCKS server (4 or 5), and any
284
authentication information that the Crystal Enterprise servers will require

in order to establish a connection with your SOCKS server.
If you choose to delete, modify, or move an existing entry, you will be
asked to specify the server by index. Type the number that corresponds
to the SOCKS server you want to modify.
For details about SOCKS and the importance of the sequence of servers, see
Configuring for SOCKS servers on page 265.
uninstall.sh
The uninstall.sh script is installed to the crystal directory of your installation.
This script deletes all of the Crystal Enterprise files by running a long sequence of
rm -f and rmdir commands. Before running this script, you must disable and stop
all of the Crystal Enterprise servers. In addition, you should stop your web server,
because the Web Connector modules and related files will be deleted.
Note: When you uninstall Crystal Enterprise, you must manually remove any
changes that you made to your web servers configuration files when you set up
Crystal Enterprise. Failure to remove these changes may result in web server
errors, because the uninstall.sh script deletes the Web Connector modules and
configuration files that your web server loads when it starts. Thus, you should
remove these entries manually before restarting the web server. If someone else in
your organization installed and set up Crystal Enterprise, see the Crystal Enterprise
Installation Guide for details about the Web Connector entries for your web server.
Script templates
These scripts are provided primarily as templates upon which you can base your
own automation scripts.
startservers
The startservers script is installed to the crystal directory of your installation.
This script can be used as a template for your own scripts: it is provided as an
example to show how you could set up your own script that starts the Crystal
Enterprise servers by running a series of CCM commands. For details on writing
CCM commands for your servers, see ccm.sh on page 280.
stopservers
The stopservers script is installed to the crystal directory of your installation. This
script can be used as a template for your own scripts: it is provided as an example
to show how you could set up your own script that stops the Crystal Enterprise
servers by running a series of CCM commands. For details on writing CCM
commands for your servers, see ccm.sh on page 280.
285
Scripts used by Crystal Enterprise
silentinstall.sh
The silentinstall.sh script is installed to the crystal directory of your installation.
Once you have set up Crystal Enterprise on one machine, you can use this template
to create your own scripts that install Crystal Enterprise automatically on other
machines. Essentially, once you have edited the silentinstall.sh template
accordingly, it defines the required environment variables, runs the installation
and setup scripts, and sets up Crystal Enterprise according to your specifications,
without requiring any further input.

These secondary scripts are often run in the background when you run the main
Crystal Enterprise script utilities. You need not run these scripts yourself.
env.sh
The env.sh script is installed to the crystal directory of your installation. This
script sets up the Crystal Enterprise environment variables that are required by
some of the other scripts. You need not run this script, because the other scripts run
it as required.
initlaunch.sh
The initlaunch.sh script is installed to the crystal directory of your installation.
This script copies the run control scripts to your rc# directories for automated
startup. This script is run automatically by the setup.sh script, when you run the
system installation.
Note: You must have root privileges to run this script.
patchlevel.sh
The patchlevel.sh is installed to the crystal/enterprise/generic directory of your
installation. This script reports on the patch level of your UNIX distribution. This
script is intended primarily for use by Crystal Decisions, Inc. support staff.
286
Option
Valid Arguments
Description
list
n/a
List all the installed patches.
query
patch #
Query the operating system for the presence of

a particular patch by numeric ID.
check
textfile
Check that all the patches listed in textfile

are installed on your operating system.
postinstall.sh
The postinstall.sh script is installed to the crystal directory of your installation.
This script runs automatically at the end of the installation script and launches the
setup.sh script. You need not run this script yourself.
crystalrestart.sh
This script is run internally by the CCM when it starts the Crystal Enterprise server
components. If a server process ends abruptly without returning its normal exit
code, this script automatically restarts a new server process in its place. Do not run
this script yourself.
setup.sh
The setup.sh script is installed to the crystal directory of your installation. This
script provides a text-based program that allows you to set up your Crystal
Enterprise installation. This script is run automatically when you install Crystal
Enterprise. It prompts you for the information that is required in order to set up
Crystal Enterprise for the first time.
For complete details on responding to the setup script when you install Crystal
Enterprise, see the Crystal Enterprise Installation Guide.
287
288
Server Command Lines
This appendix lists the command-line options that control

the behavior of each Crystal Enterprise server.
289
Command lines overview
Command lines overview

When you start or configure a server through the Crystal Management Console
(CMC) or the Crystal Configuration Manager (CCM), the server is started (or
restarted) with a default command line that includes a typical set of options and
values. In the majority of cases, you need not modify the default command lines
directly. Moreover, you can manipulate the most common settings through the
various server configuration screens in the CMC and the CCM. For reference, this
appendix provides a full listing of the command-line options supported by each
server. You can modify each servers command line directly if you need to further
customize the behavior of Crystal Enterprise.
Throughout this appendix, values provided in square brackets [ ] are optional.
To view or modify a servers command line

The procedure for viewing or modifying a servers command line depends upon
your operating system:
On Windows, use the CCM to stop the server. Then open the servers Properties
to modify the command line. Start the server again when you have finished.
On UNIX, run ccm.sh to stop the server. Then edit ccm.config to modify the
servers command line. Start the server again when you have finished.
Note: On UNIX, each servers command line is actually passed as an argument
to the crystalrestart.sh script. This script launches the server and monitors it
in case an automatic restart is required. See the ccm.config file and
crystalrestart.sh on page 287.
Standard options for all servers

These command-line options apply to all of the Crystal Enterprise servers, unless
otherwise indicated. See the remainder of this appendix for options specific to each
type of server.
Option
Valid Arguments
Behavior
-name
string
Specify the friendly name of the server. The server registers

this name with the APS, and the name is displayed in the
CMC and the CCM. The default friendly name is
hostname.servertype
Note: Do not modify -name for Input or Output File

Repository Servers.
-ns
290
apsname[:port]
Specify the APS that the server should register with. Add
port if the APS is not listening on the default (6400). This
option does not apply to the APS itself.
Option
Valid Arguments
Behavior
-requestPort
port
Specify the port that the server listens on. The server
registers this port with the APS. If unspecified, the server
chooses any free port > 1024.
Note: Before changing, see Changing the default server port
numbers on page 235.
-port
[interface:]port Bind server to the specified port, or to the specified network

interface and port. Useful on multihomed machines.
Note:
Before changing, see Configuring Crystal Enterprise on a
multihomed machine on page 238.
Use -psport to differentiate a Page Server from a Cache
Server. For details, see Page Server and Cache Server on
page 293.
-maxlogfilesize bytes
Replace bytes with 0 (zero) to eliminate log files. The default

value is 512 KB. For details, see Logging server activity on
page 234.
-restart
Windows only. Server restarts if it exits with an unusual exit

code. For UNIX, see crystalrestart.sh on page 287.
-fg
UNIX only. Run the daemon in the foreground. When

passing the servers command line to the crystalrestart.sh
script, you must use this option (see ccm.config). If you run
the servers command line directly, do not use this option,
because the foreground process blocks the shell until the
server exits.
UNIX signal handling

On UNIX, the Crystal Enterprise daemons handle the following signals:
SIGTERM results in a graceful server shutdown (exit code = 0).
SIGSEGV, SIGBUS, SIGSYS, SIGFPE, and SIGILL result in a rapid shutdown (exit
code = 1).
291

This section provides the command-line options that are specific to the APS.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\CrystalAPS.exe
The default path to the server on UNIX is:

INSTALL_ROOT/crystal/enterprise/platform/crystalapsd
Option
Valid Arguments Behavior
-threads
number
Use a thread pool of the specified size. The default is one

thread per request.
Cause the APS to delete the system database and recreate it
with only the default system objects.
-reinitializedb
-addkey
licensekey
Add the specified license key to the APS system database.
-quit
Force the APS to quit after processing the -reinitializedb and

-addkey options.
-connect
Specify the database connection string for the APS database. If

this option is present, the new value is written to the APS
configuration file. It need only be specified on the first APS
startup, or when you change the database subsystem.

This section provides the command-line options that are specific to the WCS.
C:\Program Files\Crystal Decisions\WCS\WebCompServer.exe

INSTALL_ROOT/crystal/enterprise/platform/wcs/bin/crystalwcsd
Option
Valid Arguments
Behavior
-defaultSessionTimeout
minutes
Specify the default session timeout, in minutes. If

unspecified, sessions time out after 20 minutes of
inactivity.
292
Page Server and Cache Server

The Page Server and the Cache Server are controlled in much the same way from
the command line. The command-line options determine whether the server starts
as a Page Server, a Cache Server, or both. Options that apply only to one server
type are noted below.
The default paths to the servers on Windows are:
C:\Program Files\Crystal Decisions\WCS\cacheserver.exe
C:\Program Files\Crystal Decisions\WCS\pageserver.exe
The default paths to the servers on UNIX are:

INSTALL_ROOT/crystal/enterprise/platform/crystalcachesd
INSTALL_ROOT/crystal/enterprise/platform/crystalpagesd
Option
Valid Arguments
Behavior
Enable Cache Server functionality.
-cache
-cs
hostname:port
If -cache is not specified, use this option to specify the Cache

Server that the Page Server should communicate with.
-dir
absolutepath
Specify the cache directory for a Cache Server and the temp
directory for the Page Server. The directories created are
absolutepath/cache and absolutepath/temp
Delete the cache directory every time the server starts and
stops.
-deleteCache
-psdir
absolutepath
Specify the temp directory for the Page Server. This option
overrides -dir.
-size
kilobytes
Specify the maximum size of the cache in KB. The default is

100 MB.
-refresh
minutes
Share cached pages for the specified number of minutes.
-maxthreads
number
Set the maximum number of Print Engine and/or Cache

Server worker threads. The default value of 0 (zero) means
unlimited.
-maxidletime
minutes
Specify the number of minutes after which an idle session is

cleaned up. The default is five minutes.
293
Job Server
Job Server
This section provides the command-line options that are specific to the Job Server.
C:\Program Files\Crystal Decisions\WCS\JobServer.exe

INSTALL_ROOT/crystal/enterprise/platform/crystaljobsd
Option
Valid Arguments
Behavior
-dir
absolutepath
Specify the data directory for the Job Server.
-lib
processinglibrary
Specify the processing library to load

(procreport).
-objectType
progID
The progID of the processing library

(CrystalEnterprise.report).
-maxJobs
number
Set the maximum number of concurrent jobs

that the server will handle. The default is
five.
-requestJSChildPorts
lowerboundupperbound
Specify the range of ports that child processes

should use in a firewall environment. For
example, 6800-6805 limits child processes to
six ports.
294
Input and Output File Repository Servers

This section provides the command-line options that are specific to the Input and
Output File Repository Servers.
The default paths to the servers on Windows are:
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\inputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\outputfileserver.exe
The default path to the program that provides both servers on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystalfilesd
Note: Do not modify -name for Input or Output File Repository Servers.
Option
Valid Arguments
Behavior
-rootDir
absolutepath
Set the root directory for the various subfolders and files that
are managed by the server. File paths used to refer to files in
the File Repository Server are interpreted relative to this root
directory.
-maxidle
minutes
Specify the number of minutes after which an idle session is

cleaned up.
Event Server
This section provides the command-line options that are specific to the Event Server.
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\EventServer.exe

INSTALL_ROOT/crystal/enterprise/platform/crystaleventsd
Option
Valid Arguments
Behavior
-poll
seconds
Specify the frequency (in seconds) with which the server

checks for File events.
-cleanup
minutes
Specify the frequency (in minutes) with which the server

cleans up listener proxies.
295
Event Server
296
Troubleshooting path mappings
This chapter describes the ways in which virtual

directories, application mappings, and virtual paths must
be set up between your web server, the Web Connector, and
the Web Component Server in order for Crystal Enterprise
to work correctly.
297
Path mapping overview
Path mapping overview

When you integrate Crystal Enterprise with your existing web environment,
mapping occurs at several levels:
First, the virtual directory on the web server is mapped to the Crystal
Enterprise web content directory on the web server machine. This mapping
ensures that the web server can locate all of the HTML and image files
required by any Crystal Enterprise request.
For details, see Web server virtual directory mappings on page 298.
Second, Crystal Enterprise file types are mapped to the Web Connector, so the
web server knows that those files require additional server-side processing.
This application mapping ensures that the web server handles the relevant
Crystal Enterprise file types differently to HTML and image files.
For details, see Web server application mappings on page 300.
Third, a virtual path mapping is made in the Web Connector. This mapping
ensures that the Web Component Server (WCS) is able to locate its own local
copies of all relevant Crystal Enterprise files.
Note: On Windows, this third mapping is typically required only when the Web
Connector and the Web Component Server are installed on separate machines.
For details, see Web Connector virtual path mappings on page 304.
These mappings are usually configured appropriately when you first set up
Crystal Enterprise. The initial installation and configuration steps are provided in
the Crystal Enterprise Installation Guide. This chapter provides additional details to
help you customize, modify, or troubleshoot your installation.
Note: If a firewall separates your web server from the WCS or from other Crystal
Enterprise components, you will need to make additional changes to your
configuration. For details, see Working with Firewalls on page 259.
Web server virtual directory mappings

You create virtual directories on the web server in order to map URLs to actual
directories on the web server machine. When you set up a virtual directory on your
web server, you provide a name for the virtual directory along with the actual
directory path of the corresponding HTML files, images, and so on. You typically
define virtual directories with your web servers administration tools and/or
configuration files.
For Crystal Enterprise to function correctly, two virtual directories must be created
on the web server:
The /crystal virtual directory
The /viewer virtual directory
Note: For some UNIX web servers, Crystal Enterprise includes the appropriate
web server directives in its default configuration files and templates. For
complete details, see the Crystal Enterprise Installation Guide.
298
The /crystal virtual directory

The /crystal virtual directory must be mapped to the Crystal Enterprise web
content directory on the web server machine. So, when a user requests a Crystal
Enterprise web page, the HTML file and any associated images can be served up
from the actual directory on the web server machine.
On a Windows web server, the default web content directory path is C:\Program
Files\Crystal Decisions\Web Content; on a UNIX web server, it is INSTALL_ROOT/
crystal/webcontent.
To check the /crystal virtual directory configuration

Type the entire Crystal Enterprise Launchpad URL in your browser:
http://webserver/crystal/enterprise/launchpad/language/default.htm
Replace webserver with the name of your web server machine, and replace
language with the information appropriate to your version of Crystal
Enterprise: use en for English, fr for French, de for German, and ja for Japanese.
If you cannot access this page, ensure that the /crystal virtual directory is
configured correctly on your web server. For additional details on creating or
editing virtual directories, see your web server documentation.
The /viewer virtual directory

The /viewer virtual directory must be mapped to the Crystal Enterprise viewers
directory on the web server machine. So, when a user requests a report from
Crystal Enterprise, a Report Viewer (if required) can be served up from the actual
directory on the web server machine.
On a Windows web server, the default viewers directory path is C:\Program
Files\Crystal Decisions\viewers; on a UNIX web server, it is INSTALL_ROOT/
crystal/viewers.
To check the /viewer virtual directory configuration

1 Go to the Crystal Enterprise Launchpad at:
http://webserver/crystal/enterprise/launchpad/language/default.htm
Replace webserver with the name of your web server machine, and replace
language with the information appropriate to your version of Crystal
Enterprise: use en for English, fr for French, de for German, and ja for Japanese.
2 Click the Crystal Offline Viewer link.
You should be prompted to download the cvwsetup.exe file, which is located in
the viewers directory of your Crystal Enterprise installation. If the web server
cannot find this file, you may need to check the configuration of the /viewer
virtual directory. For additional details on creating or editing virtual
directories, see your web server documentation.
299
Web server application mappings

Application mappings instruct your web server to pass certain file types to a
particular program or module before returning any HTML to the users browser.
In this way, application mappings ensure that server-side scripts and other special
files are processed correctly.
Crystal Enterprise relies upon four application mappingsone for each Crystal
Enterprise file type. Through these application mappings, you instruct the web
server to pass all .csp, .rpt, .cwr, and .cri requests to the Web Connector. The Web
Connector then forwards the request to the Web Component Server, which
communicates with the rest of Crystal Enterprise (as required) and generates the
resultant HTML page.
Configuring application mappings on Windows

If you use Microsoft Internet Information Services or iPlanet Enterprise Server as
your web server, the Crystal Enterprise setup program typically configures the
application mappings for your web server during the installation.
If you need to modify or to manually configure the application mappings, you
must associate the Crystal Enterprise file types (.csp, .rpt, .cwr, and .cri) with the
Web Connector that is provided for your web server:
wcsisapi.dll (for Internet Information Services)
wcsnsapi.dll (for iPlanet Enterprise Server)
wcsdsapi.dll (for Lotus Domino 5.x)
wcscgi.cgi (provides a wrapper to wcscgi.exe for CGI-compatible web servers).
After a default installation, the Web Connectors are located in the C:\Program
Files\Crystal Decisions\WCS directory on your web server machine.
The exact procedure for adding application mappings under Windows depends
on your operating system (NT or 2000) and your web server. Consult your web
server documentation for more details. This example shows how you would add
the appropriate application mappings to Internet Information Services 5.0 running
on Windows 2000.
To add application mappings to IIS 5.0 on Windows 2000

1 On the Start menu, point to Administrative Tools and, on the submenu, click
Internet Services Manager.
2 Select Default Web Site (or the web site you are using), and on the Action
menu, click Properties.
300
3 In the Properties dialog box, click the Home Directory tab.
4 In the Application Settings area, click Configuration.

The Application Configuration dialog box appears.
301
5 On the App Mappings tab, look in the Extension list for the .rpt, .csp, .cwr,
and .cri entries. These entries are typically created by the Crystal Enterprise
setup program.
6 If the entries are not there, or if you need to modify an existing entry, click Add
or Edit.
The Add/Edit Application Extension Mapping dialog box appears.
7 In the Executable field, type the absolute path to the ISAPI Web Connector.
The default path is:
C:\Program Files\Crystal Decisions\WCS\wcsisapi.dll
8 In the Extension field, type .csp

9 Select All Verbs.
10 Select the Script engine check box.
11 Clear the Check that file exists check box.
12 Click OK.
13 Repeat steps 6 to 12 for .rpt, .cwr, and .cri files.
14 Return to the Internet Services Manager and restart your web server.
Configuring application mappings on UNIX

The configuration entries that affect application mappings depend upon both the
type of web server and the type of Web Connector that you are using.
Click the appropriate link to jump to that section:
Apache (ASAPI Web Connector) on page 303
iPlanet Enterprise Server (NSAPI Web Connector) on page 303
Any web server with the CGI Web Connector on page 303
302
Apache (ASAPI Web Connector)

If you are using Apache with the ASAPI Web Connector, the application mappings
are made with the AddHandler directive.
Ensure that the following line appears in the asapi.conf file (so long as you used
the Include command in your httpd.conf file to reference the Crystal Enterprise
asapi.conf file, as outlined in the Crystal Enterprise Installation Guide):
AddHandler wcs_connector_handler cri cwr rpt csp
This line instructs Apache to pass all requests for Crystal Enterprise file types to
the ASAPI Web Connector.
iPlanet Enterprise Server (NSAPI Web Connector)

If you are using iPlanet Enterprise Server 4.1 or 6.x with the NSAPI Web
Connector, the application mappings are made with the req_handler function.
Ensure that the following lines appear in the <Object name="default"> section of
the iPlanet obj.conf file, after any existing Service lines:
Service
Service
Service
Service
fn="req_handler"
fn="req_handler"
fn="req_handler"
fn="req_handler"
method="(GET|POST)"
method="(GET|POST)"
method="(GET|POST)"
method="(GET|POST)"
type="magnus-internal/rpt"
type="magnus-internal/csp"
type="magnus-internal/cri"
type="magnus-internal/cwr"
Also ensure that the following lines appear in the iPlanet mime.types file:
type=magnus-internal/rpt
type=magnus-internal/csp
type=magnus-internal/cri
type=magnus-internal/cwr
exts=rpt
exts=csp
exts=cri
exts=cwr
Together, these configuration entries serve to define the Crystal Enterprise file
types and to allow the NSAPI Web Connector to handle requests for such files.
Any web server with the CGI Web Connector

Depending upon your web server, you typically configure CGI application
mappings in one of two ways: either you specify a particular directory (the cgi-bin)
as one that contains all scripts that are executable by the CGI interpreter, or you
specify certain file types that are always executable by the CGI interpreter,
regardless of the directory in which they are located. The default web applications
provided with Crystal EnterpriseePortfolio and the Crystal Management
Console (CMC)require the latter method.
Consult your web server documentation to see how to specify certain file types as
being globally executable by a particular interpreter; then associate all .csp, .rpt,
.cwr, and .cri files with the wcscgi.cgi script. (As far as the web server is concerned,
the wcscgi.cgi script is the interpreter. However, this script really serves as a
wrapper that sets additional environment variables before passing the scripting
request along to wcscgi.bin, which is the actual CGI Web Connector binary.)
303
Web Connector virtual path mappings
Note: ePortfolio and the CMC do not contain all .csp, .rpt, .cwr, and .cri files to a
single cgi-bin directory. Therefore, these default applications will not function
properly if your web server requires you to specify executable files by directory.
In such cases, however, you can still deploy your own web applications that
reference .csp scripts from the cgi-bin, so long as you map the Crystal Enterprise
file types in the cgi-bin to the wcscgi.cgi script.

Crystal Enterprise may require a third level of path mapping that establishes a
virtual path between the Web Connector and the Web Component Server (WCS).
Rather than passing entire files back and forth across the network, Crystal
Enterprise increases overall efficiency and response time by duplicating its web
content directory structure on both the web server and the WCS machines. For
instance, when a user requests an HTML page that refers to ./logon.csp, the Web
Connector does not send the logon.csp file across the network. Instead, the Web
Connector instructs the WCS to evaluate its own local copy of the logon.csp file.
The path to the logon.csp file on the web server may not match the absolute path
to the corresponding logon.csp file on the WCS; therefore, the Web Connector uses
a virtual path mapping in order to translate a path on the web server to an absolute
path on the WCS.
The WCS must be able to locate its own local copy of each .csp file that it is asked
to process. Thus, you must define a virtual path mapping for .csp files. If you want
to make unmanaged Crystal reports available on your web site, you must also
define a virtual path mapping for .rpt files.
Depending upon your web environment, you configure this virtual path mapping
in the Web Connector or in your web servers configuration files. On Windows,
this virtual path mapping is typically required only when the Web Connector and
the Web Component Server are installed on separate machines.
Note:
The WCS also responds to .cwr and .cri requests, but it generates these files
itself, so it does not have to find its own local copy first. In other words, the
.cwr and .cri file types file types are handled by application mappings alone.
If a firewall separates your web server from the WCS or from other Crystal
Enterprise components, you will need to make additional changes to your
configuration. For details, see Working with Firewalls on page 259.
To check the Web Connector virtual path mappings

Type the following URL in your browser:
http://webserver/crystal/enterprise/eportfolio/default.htm
If you are successfully redirected to ePortfolio or its logon page, then the path
mapping between the Web Connector and the WCS is configured to process
.csp files properly.
304
If the redirection is unsuccessful, you should check not only the virtual path
mappings, but also the configuration of the virtual directory and of the
application mappings on your web server.
Configuring virtual path mappings on Windows

If Crystal Enterprise is running on Windows, you can use the Crystal
Configuration Manager (CCM) to configure the virtual path mappings for the Web
Connector.
To create a virtual path

1 From the Crystal Enterprise program group, click Crystal Configuration
Manager.
2 In the CCM, click Configure web connector.
The Web Connector Configuration dialog box appears.
3 In the Web Component Servers area, ensure that the WCS Host Name and Port
number correspond to your system configuration.
In the example above, the WCS is running on a machine named PBROWNSEYA,
and it is listening on the default port (6401).
305
4 In the Path Mapping area, click Add.

The Path Mapping dialog box appears.
5 In the Virtual Path field, type /crystal

This entry must match the name of your web servers virtual directory that is
mapped to the Crystal Enterprise web content directory on the web server. By
default, this virtual directory is named /crystal.
6 In the Extension field, type .csp
This entry flags .csp files as exceptions, so the web server does not attempt to
send the file directly to the users browser.
7 In the Actual Path field, type the absolute path of the Crystal Enterprise web
content directory on the Web Component Server.
This entry must specify the physical drive path on the Web Component Server,
because this denotes the directory where the WCS will look for any .csp files
that it must process.
On Windows, the default web content directory path is C:\Program
Files\Crystal Decisions\Web Content.
Note: If the Actual Path contains spaces, enclose the string in double-quotes.
8 Click OK.
Now, before it forwards .csp requests to the WCS, the Web Connector translates
the path to the .csp file so that the WCS can locate the corresponding .csp file on
its local drive.
9 If you want to make unmanaged Crystal reports available on your web site,
repeat steps 4 to 8 for .rpt files.
10 Click OK and restart your web server and all associated services.
Note: The CCM does not allow you to specify multiple actual paths for one
virtual directory. Consequently, when you are running more than one WCS
machine, the actual path to your .csp files (and any other Crystal Enterprise file
types) must be identical on each WCS machine.
306
Configuring virtual path mappings on UNIX

The configuration entries that affect your virtual path mappings depend upon
both the type of web server and the type of Web Connector that you are using.
Click the appropriate link to jump to that section:

If you are using Apache with the ASAPI Web Connector, the virtual path mapping
is made in the asapi.conf file (so long as you used the Include command in your
httpd.conf file to reference the Crystal Enterprise asapi.conf file, as outlined in the
Crystal Enterprise Installation Guide).
The relevant lines are as follows:
WCSHosts WCSLIST
This line defines the Web Component Server(s) that the ASAPI module must
communicate with. WCSLIST is a list of one or more WCS hosts, specified as
machinename:portnumber (separate multiple entries with semicolons).
AddPathMap /crystal csp "WCS_INSTALL_ROOT/webcontent"
This line defines how the ASAPI module translates file paths for each Crystal
Server Page (.csp file). Any .csp request made to http://webserver/crystal
must be mapped relative to the webcontent directory on the WCS. The virtual
directory on the web server is specified first (/crystal); the file extension is
specified second (csp); and the absolute path of the Crystal Enterprise web content
directory on the Web Component Server is specified last (WCS_INSTALL_ROOT/
webcontent).

If you are using iPlanet Enterprise Server 6.x with the NSAPI Connector, the
virtual path mapping is made in the Init line of the iPlanet magnus.conf file. Ensure
that the following line appears in the magnus.conf file:
Init fn="req_init" WCSHosts="WCSLIST" ClientPool="5"
ConnectorTimeout="600000" WCSPathMap="/crystal;.csp;WCS_INSTALL_ROOT/
webcontent,/crystal;.cri;WCS_INSTALL_ROOT/webcontent,/
crystal;.rpt;WCS_INSTALL_ROOT/webcontent,/crystal;.cwr;WCS_INSTALL_ROOT/
webcontent"
Note: If you are using iPlanet Enterprise Server 4.1 with the NSAPI Web
Connector, this same Init line is located in the iPlanet obj.conf file.
307
This Init line provides the NSAPI Web Connector module with the instructions
necessary for mapping paths correctly. The relevant portions can be broken down
as follows:
WCSHosts="WCSLIST"
This line defines the Web Component Server(s) that the NSAPI module must
communicate with. WCSLIST is a list of one or more WCS hosts, specified as
machinename:portnumber (separate multiple entries with semicolons).
WCSPathMap="/crystal;.csp;WCS_INSTALL_ROOT/webcontent,..."
The WCSPathMap command maps paths from the web server to the WCS based on
file type. The portion quoted here defines how the NSAPI module translates file
paths for each Crystal Server Page (.csp file). Any .csp request made to http://
webserver/crystal must be mapped relative to the webcontent directory on the
WCS. The virtual directory on the web server is specified first (/crystal); the
file extension is specified second (.csp); and the absolute path of the Crystal
Enterprise web content directory on the Web Component Server is specified last
(WCS_INSTALL_ROOT/webcontent).
Note: The entries for each mapped file type are separated by commas, but all
entries are contained within double-quotes.

If you are using the CGI Web Connector, the virtual path mapping is made in the
wcscgi.cgi script, regardless of the type of web server you are running.
First, ensure that the following line appears in the wcscgi.cgi script:
WCSHOST1=machinename:portnumber; export WCSHOST1;
This line sets the WCSHOST1 environment variable, which specifies the host machine
that is running the Web Component Server (WCS). Replace machinename with the
fully qualified domain name (or IP address) of the machine that is running the
WCS. Replace portnumber with the port that the WCS is listening on (by default,
this is port 6401). You may specify additional WCS machines by defining similar
environment variables with names WCSHOST2, WCSHOST3, and so on.
Second, ensure that the following line appears in the wcscgi.cgi script:
WCSPATHMAP1="/crystal;csp;WCS_INSTALL_ROOT/webcontent"; export WCSPATHMAP1
This line defines how the CGI Web Connector handles a request for a Crystal
Server Page (.csp files). Any .csp request made to http://webserver/crystal must
be mapped relative to the webcontent directory on the WCS. The virtual directory
on the web server is specified first (/crystal); the file extension is specified second
(csp); and the absolute path of the Crystal Enterprise web content directory on the Web
Component Server is specified last (WCS_INSTALL_ROOT/webcontent).
To map different paths or different file extensions, add a new environment
variable with the prefix WCSPATHMAP. For instance, to make unmanaged Crystal
reports available on your web site, you would add a line similar to this:
WCSPATHMAP2="/crystal;rpt;WCS_INSTALL_ROOT/webcontent"; export WCSPATHMAP2
308
General Troubleshooting
This appendix provides general troubleshooting steps and

solutions to some specific configuration problems. For upto-date answers to commonly asked questions, registered
customers can freely download additional technical
documents or knowledge base articles from:
http://support.crystaldecisions.com
For more information on Product Registration and Crystal

Care technical support, see Crystal Care technical
support on page 6.
309
Troubleshooting overview
Troubleshooting overview
Crystal Enterprise is designed to integrate with a multitude of different operating
systems, web servers, network and firewall configurations, database servers, and
reporting environments. Thus, any troubleshooting that you may need to undertake
will likely reflect the particularities of your deployment environment. This
appendix includes general troubleshooting steps along with solutions to some
specific configuration issues.
In general, consider the following key points when troubleshooting:
Ensure that client and server machines are running supported operating
systems, database servers, database clients, and appropriate server software.
For details, consult the Platforms.txt file, included with your product
distribution.
Verify that the problem is reproducible, and take note of the exact steps that
cause the problem to recur.
On Windows NT/2000, use the sample reports and sample data included with
the product to confirm whether or not the same problem exists.
Determine whether the problem is isolated to one machine or is occurring on
multiple machines. For instance, if a report fails to run on one processing
server (Job Server or Page Server), see if it runs on another processing server.
If the problem is isolated to one machine, pay close attention to any
configuration differences in the two machines, including operating system
versions, patch levels, and general network integration.
If the problem relates to connectivity or functionality over the Web, check that
Crystal Enterprise is integrated properly with your web environment. For
details, see Troubleshooting path mappings on page 297 and Web
accessibility issues on page 311.
If the problem relates to report viewing or report processing, verify your
database connectivity and functionality from each of the affected machines.
Use Crystal Reports to verify that the report can be viewed properly. If the Job
or Page Servers are running on Windows, open the report in Crystal Reports
on the server machine and check that you can refresh the report against the
database. For details, see Reporting viewing and processing issues on
page 313.
Look for solutions in the documentation included with your product. For
details, see Documentation resources on page 311.
Check out the Crystal Care technical support web site for white papers, files
and updates, user forums, and Knowledge Base articles:
http://support.crystaldecisions.com
310
Documentation resources
The Crystal Enterprise Release Notes are provided in two formats (release.pdf
and release.htm) in the root directory of your product distribution, as is the
Platforms.txt file. These documents list supported third-party software along
with any known issues or implementation-specific configuration details.
Crystal Enterprise also includes four manuals:
Crystal Enterprise ePortfolio Users Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Getting Started Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Administrators Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Installation Guide (HTML, CHM, and PDF)
CHM and PDF files are located in the doc directory of your product distribution.
Online HTML Help versions are installed with the Web Connector and the Web
Component Server. Access the HTML versions from the Crystal Enterprise
Launchpad, or look in the appropriate directory on your Web Connector or Web
Component Server machine:
On Windows, the files are installed by default below the C:\Program
Files\Crystal Decisions\Web Content\Enterprise\Help\ directory of your
installation.
On UNIX, the files are installed below the INSTALL_ROOT/crystal/webcontent/
enterprise/help/ directory of your installation.
Additional Compiled HTML Help (CHM) files are provided with the following
client tools:
Crystal Configuration Manager
Crystal Offline Viewer
Press F1 or click Help to launch the online help from within these applications.
Web accessibility issues

Using an IIS web site other than the default
On Windows, the Crystal Enterprise installation creates a viewer virtual directory
and a crystal virtual directory on the Internet Information Server (IIS) Default
Web Site. If you are using a web site other than the default, you must copy the
viewer and crystal virtual directory configuration from the default web site to the
web site you are using. Crystal Enterprise also sets up several application
mappings on the default site. These can be viewed and copied from the default
web site to the web site you are using. Restart the web server once you have made
these changes. For more information, see Path mapping overview on page 298.
311
Web accessibility issues
UNIX Web Connector cannot access WCS on Windows

If you install any of the Web Connectors on a UNIX web server, and install the Web
Component Server (WCS) on Windows NT/2000, then you must ensure that the WCS
is not configured to use Windows NT Integrated security (NT Challenge/Response).
Until you disable this security, you can access the Crystal Enterprise Launchpad, but
you cannot access the Crystal Management Console (CMC) or ePortfolio.
Note: Ensure also that you can ping the WCS machine by name from the UNIX
web server.
To disable Windows NT Integrated security

1 Start the Crystal Configuration Manager (CCM) on the WCS machine.
2 Stop the Crystal WCS, and then double-click it to view its Properties.
3 On the Configuration tab, clear the Use Windows NT Integrated Security
(NT Challenge/Response) check box; then click OK.
4 Start the Crystal WCS.
If you still cannot access ePortfolio or the CMC, check the mappings between the
web server, the Web Connector, and the WCS. For details, see Path mapping
overview on page 298.
Communication error when accessing the CMC

One of the more common errors encountered over the Web results in the following
error message being displayed in the browser:
Communication Error
Communication failed with all configured Web Component Servers because they
are disabled or not currently running. If this problem continues, please
contact the system administrator.
This error indicates that the WCS is offline or that the Web Connector is not
configured correctly. First, use the CCM to start the WCS and then enable it. (If the
WCS was already started and enabled, use the CCM to restart it.) If restarting the WCS
does not correct the situation, check the mappings between the web server, the Web
Connector, and the WCS. For details, see Path mapping overview on page 298.
Unable to connect to APS when logging on to the CMC

If you attempt to log on to the CMC while the Automated Process Scheduler (APS)
is not running, the following error message appears:
Unable to connect to APS (<servername>) to retrieve cluster members. Logon
can not continue.
Use the CCM to start the APS. (If the APS was already started, use the CCM to
restart it.)
312
Windows NT authentication cannot log you on

When you attempt to log on to the Crystal Management Console (CMC) or to
ePortfolio, the following error occurs:
NT Authentication could not log you on. Please make sure your logon
information is correct. If your account is in any domain other than "DOMAIN
NAME" you must enter your user name as DomainName\UserName.
This error may occur for various reasons. Investigate these common solutions:
Ensure that the specified authentication type corresponds to the user name
and password provided on the log on page. To log on with a Windows NT
user name, verify that the authentication type is set to Windows NT
Authentication and not Enterprise.
Netscape users must provide a valid Windows NT user name in the form of
Domain\User.
Microsoft Internet Explorer users must provide a valid Windows NT user
name. It must be in the form of Domain\User if the user account does not reside
in the default domain of the APS.
If Windows NT Integrated security (NT Challenge/Response) is enabled in
Internet Information Services (IIS) and in the Web Component Server (WCS),
then users must use Microsoft Internet Explorer. In addition, users must log on
to the client machine with a valid NT domain user account before logging on
to Crystal Enterprise. Users must log on to Crystal Enterprise with a valid
Windows NT user name. It must be in the form of Domain\User if the user
account does not reside in the default domain of the APS.
The web server and all Crystal Enterprise components must be running on
Windows NT/2000 for Windows NT authentication to work.
Reporting viewing and processing issues

When troubleshooting reports, it is especially useful to determine whether the
problem is isolated to one machine or is occurring on multiple machines. For
instance, if a report fails to run on one processing server (Job Server or Page
Server), see if it runs on another processing server.
If the problem is isolated to one machine, pay close attention to any configuration
differences in the two machines, including operating system versions, patch levels,
and general network integration.
In particular, check the database client configurations, the drivers and versions,
and the accounts under which the processing servers are running. If the reports are
based off ODBC data sources, compare the ODBC driver versions, the DSN
configurations, and the versions of the MDAC layer.
If you follow these steps and the problem persists, contact Crystal Care technical
support. Before you call, take note of the database client and version you are
running, the database server version that you are connecting to, and the driver
name and version that you are using to connect. For details, see Crystal Care
technical support on page 6.
313
Troubleshooting reports and looping database logon prompts

A common issue when viewing reports over the Web is a persistent database logon
prompt that is displayed repeatedly by the users browser. Regardless of the
credentials provided by the user, the report will not display. This problem is
typically caused by the configuration of the Page Server. This section provides a
series of troubleshooting steps that should resolve this problem and others that are
specific to reports and database connectivity.
Tip: This section applies to reports that you have published to Crystal Enterprise.
If you are troubleshooting .rpt files that are directly accessible through your web
server (unmanaged reports), see Supporting Crystal Reports 8 web distribution
on page 320.
To troubleshoot reports and looping database logon prompts

1 Verify the report with Crystal Reports.
Use Crystal Reports to verify the report. If you have the Crystal Reports
Designer installed on the Page Server or Job Server machine, test database
connectivity by opening the report in Crystal Reports on the server. For details,
see Troubleshooting reports with Crystal Reports on page 316.
2 Change the servers logon account.
Crystal Enterprise servers require access to various local and/or remote
resources and to the database server. Experience shows that running the Page
Server, Job Server, and Web Component Server (WCS) under a Domain
Administrator account allows them to access the components necessary to
connect successfully to data sources. To change a servers logon account, see
Configuring Windows processing servers for your data source on page 227.
Tip: Running a background application under an Administrator account does
not inadvertently grant administrative privileges to another user, because users
cannot impersonate services.
3 Verify the servers access to ODBC Data Source Names (DSNs).
Base reports off System DSNs (and not File or User DSNs), and set up each
System DSN identically on every Job Server and Page Server machine that will
process the report.
If the report is based off an ODBC data source, the processing server must have
permission to access the corresponding DSN configuration. This information is
stored in the Windows registry. The Job Server and Page Server require Full
Control or Special Access to the ODBC registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI
Consult your Windows documentation for information about working with the
registry. Additional configuration may be required, depending upon the
database that you are reporting off of. For details, see Configuring Windows
processing servers for your data source on page 227.
314
4 Determine the configuration of the database client software.

If you are not using ODBC, the database client software must be installed on
each machine that will process reports. On Windows, many database clients
store their configuration in the registry below HKEY_LOCAL_MACHINE.
If your database client stores its configuration below HKEY_CURRENT_USER, the
Crystal Enterprise services cannot use the database client software to
communicate with the database. To work around this issue, you can run the Job
Server and Page Server as foreground applications, thereby allowing them to
utilize the database client. The -console command-line option allows you to run
a server in the foreground.
5 Verify the NTFS permissions granted to the Job Server and Page Server.
Insufficient NTFS rights on the server may cause a number of problems to arise
when you view reports over the Web. As in step 2, changing each servers logon
account to that of a Domain Administrator account should resolve such problems.
6 Check whether or not NT authentication is performed by the database.
If you report against a database that uses NT authentication for access control
(Microsoft SQL Server, Sybase, and so on), the Job Server and Page Server must
run under a Windows NT/2000 domain user account that has access to the
appropriate database tables. (In this scenario, each servers logon account
determines the level of access it is granted by the database. Crystal Enterprise
does not pass the end-users NT tokens through to the database server.)
To retain the access control levels that are set up within the database, you can
instead change each ODBC DSN so that it implements SQL Server Login
instead of NT authentication.
7 Check the available environment variables.
Environment variables are used by the operating system to govern and manage
system files for particular users. On Windows, Crystal Enterprise servers are
generally most affected by the TMP and TEMP environment variables. Because the
servers are run as services, they cannot access the User Environment variables
that are created by default. Therefore, it is recommended that you create System
Environment variables if they do not already exist. Consult your Windows
documentation for details.
8 Reference remote data sources with UNC paths.
Ensure that servers have access to remote databases through UNC paths,
instead of through mapped drives. For example, if you design a report off a PC
database that resides on a network drive, ensure that the report references its
data source with the appropriate UNC path. For details, see Server resources
must be available on local drives on page 319.
9 Ensure that you have enough database client licenses.
If all database client licenses are in use, the Crystal Enterprise servers are unable
to retrieve data from the database.
315
10 Check that database connections are closed in a timely fashion.

If a database connection is not closed quickly, the database may not service
another request until the connection has been closed. To decrease the Minutes
Before an Idle Job is Closed setting, see Modifying Page Server performance
settings on page 221.
11 Use multi-threaded database drivers.
Multi-threaded database drivers allow the processing servers to connect to the
database without having to wait for the database to fulfill initial requests.
ODBC connections are typically recommended because they provide
multithreaded connections to the database. However, Crystal Reports now
includes a number of thread-safe native and OLEDB drivers. A list of these
thread-safe drivers is available in the Crystal Reports 8.5 Release Notes.
12 Check for problems with particular data sources.
If your report is based on a Crystal Query file (.qry) a Crystal Dictionary (.dc5),
or a Lotus Notes database, you may need to perform additional configuration.
Download the latest instructions from the Crystal Care Knowledge Base.
IBM offers several client applications for connecting to DB2. The recommended
client is IBM DB2 Direct Connect, whose ODBC drivers were written for actual
programmatic interaction with products like Crystal Enterprise. See the Crystal
Care Knowledge Base for discussions of this and other DB2 clients.
If you encounter problems with any other specific data sources, check the
Knowledge Base for the latest information.
Troubleshooting reports with Crystal Reports

On Windows, you can install Crystal Reports on all Job Server or Page Server
machines in order to speed up the troubleshooting of reports and database
connectivity. In this way, you use Crystal Reports to simulate the steps that are
performed by the Crystal Enterprise processing servers when a scheduled report
is processed, or when a report is viewed on demand over the Web. By locating the
step where Crystal Reports is unable to open, refresh, or save the report, you may
be able to locate the source of the problem.
To troubleshoot a report
1 Start Crystal Reports on the appropriate machine:
If the report runs successfully on demand, but fails when scheduled, start
Crystal Reports on the Job Server.
If the report fails when viewed on demand, but runs successfully when
scheduled, start Crystal Reports on the Page Server.
If the report fails when viewed on demand or scheduled, complete these
troubleshooting steps on both the Job Server and the Page Server.
316
2 Open the report from the APS.

On the File menu, click Open. Click Enterprise Folders and log on to your APS.
If you cannot open the report, verify network connectivity between the server
you are working on, the APS, and the Input File Repository Server.
3 Test your database connection and authentication.
On the Database menu, click Log On/Off Server. If you cannot log on to the
database server, check the configuration of the database client software and
ensure that the report contains a valid database user name and password.
4 If the reports parameters or record selection need to be modified by Crystal
Enterprise users when they schedule or view the report, change the parameter
values or record selection formula accordingly. If the values are invalid,
Crystal Reports will report an error.
5 Verify that the tables used in the report match the tables in the database.
On the File menu, clear the Save Data with Report check box. On the
Database menu, click Verify Database. Correct any issues reported by Crystal
Reports, and then save the report.
6 Refresh the report and, if current data is not returned from the database, check
these possible causes:
If the report fails, ensure that the database credentials provide READ rights
to all tables in the report.
If the database credentials are valid, the reports SQL statement is
evaluated at this time. Check the join information. Note any ODBC errors
that are produced.
If the SQL statement is valid, data begins to return to Crystal Reports. As
this happens, the temporary files increase in size. Verify resource allocation
in case the machine is running out of memory or disk space.
7 Go to the last page of the report.
Crystal Reports will report any errors that it encounters within the report (such
as formulas, subreports, and other objects).
8 Export the report to Crystal Reports format (or any other desired format).
This step ensures that Crystal Reports is able to create temporary files that are
required in order to complete the processing of a report.
9 If the report now refreshes successfully, save it back to the APS.
10 Close the report.
11 Close Crystal Reports.
12 Repeat the activity that caused the original report to fail: view the report on
demand over the Web, or schedule the report for processing.
317
Error detected by database driver

When the Job Server or Page Server receives an unknown message from the
database driver, an error message similar to the following appears:
Error Detected By Database DLL
This section provides some common troubleshooting steps for resolving this issue.
Before completing these steps, verify your database connectivity and general
reporting configuration (as described in Troubleshooting reports and looping
database logon prompts on page 314).
To troubleshoot database driver errors

1 Verify the database drivers for consistency.
Ensure that the database driver (ODBC or native) used when the report was
designed in Crystal Reports matches the database driver that is installed on the
Job Server and Page Server.
If the Job Server or the Page Server is installed on UNIX, then the database
driver will not match exactly (the UNIX version will be a .so file instead of a
.dll). However, the Windows/UNIX versions of each driver should correspond
in regards to version numbers or driver release.
2 Disable the reports Use Indexes or Server for Speed option.
Open the report in Crystal Reports and, on the File menu, click Options. On the
Database tab, clear the Use Indexes or Server for Speed option. Disabling this
option may resolve database driver errors.
3 Ensure that the reports SQL statement has not been edited manually.
Open the report in Crystal Reports and, on the Database menu, click Show SQL
Query. Copy the query into a text editor; then click Reset in the Show SQL Query
dialog box. Compare the regenerated query with the version displayed in your text
editor. If the queries differ, save the report so it uses the regenerated SQL query.
Note: If you need to edit a reports SQL statement, do so with a stored
procedure, rather than by editing it manually. If you have developed a web
application that modifies the SQL statement through code, ensure that only
the WHERE clause is changed.
4 Ensure that null values are not being passed to subreports.
If the report contains one or more subreports, open it in Crystal Reports and, on
the File menu, click Report Options. Select the Convert NULL Field Value to
Default check box.
5 If the report is based off on ODBC driver, enable tracing to obtain more
information about the error.
On Windows, ODBC tracing can be started through the ODBC Data Source
Administrator. On UNIX, similar tracing can be enabled in the system
information file (.odbc.ini).
318
Once you enable tracing, run the report again from a browser to generate the
tracing log. After you run the report, disable tracing and review the log file for
additional Error or Busy messages. Tracing may provide additional details
that allow you to troubleshoot the problem.
6 If the report is based off Informix 7.3, check the database driver.
If a report that uses the Informix database driver (Windows version) causes a
database driver error, modify the report to use the Crystal Reports CR
Informix driver.
7 Verify the table definition of the database that the report is based off.
If your web application dynamically changes a reports data source at runtime,
ensure that the schema of each database matches the schema of the database
that the report was originally designed for. Rather than running the same
report against diverse data sources, consider designing a separate report for
each database.
8 Verify the data type of parameter values passed through code.
If your web application passes parameter values to a report, ensure that you are
casting the correct data type for the parameter value. It is always a good idea to
cast values to ensure they are of the correct type. For specific details, see the
function reference for your development language.
Server resources must be available on local drives

When the Crystal Enterprise servers are running on Windows, many can be
configured to use specific directories to store files. For example, you can specify the
root directory for each File Repository Server, the temporary directories for the
Cache and Page Servers, or the directory from which the Job Servers load
processing extensions. In all cases, the directory that you specify must be on a local
drive (such as C:\InputFRS or C:\Cache). Do not use Universal Naming Convention
(UNC) paths or mapped drives.
Although some Crystal Enterprise servers can recognize and use UNC paths, do
not configure the servers to access network resources in this manner. Use local
drives instead, because UNC paths can limit performance due to limitations in the
underlying protocol.
Tip: If your report runs against a PC database that resides on a network drive, then
the report itself must reference its data source through a UNC path. In this case,
the service must run under a domain user account with network permissions. For
details, see Configuring Windows processing servers for your data source on
page 227.
Similarly, if you configure a server to use a mapped drive, the server may appear
to function correctly. However, servers cannot access mapped resources when the
machine is restarted. Drives are mapped according to your user profile when you
log on to Windows NT/2000, but, once a drive is mapped, it is available to the
319
entire operating system. So, when you log on and map a local or network drive, the
mapped drive is accessible to the LocalSystem account, and hence to the Crystal
Enterprise servers running on the local machine. When you log off the local
machine, the servers may retain access to the mapped drive for some time
(Windows will release the drive mapping if no application maintains a persistent
connection to the mapped resource). However, when you restart the local machine,
the mapped drive is not restored until you log back on.
Note: Changing a servers log on account from the LocalSystem account to a
Windows NT/2000 user account with network privileges will not resolve the
problem, because the servers do not actually log on to the network with that
account. Instead, the servers perform account impersonation. This provides
access to some profile-specific resources (such as printers and email profiles), but
not others (such as ODBC User Data Source Names and mapped drives).
Supporting Crystal Reports 8 web distribution

Crystal Enterprise continues to support the web distribution system you set up
using Crystal Reports 8:
If you have installed Crystal Enterprise on one machine over your Crystal
Reports 8 implementation, no additional configuration is required. Your
existing web pages will continue to work in the same way.
If your Crystal Enterprise Page Server is on the same machine as your Crystal
Reports 8 implementation, but this a different machine from your web server,
ensure that the path structure on all machines is identical. Changes to your
web page may be required.
If you have multiple Page Servers, the directory structure and reports need to
be the same on each machine.
Note: When you uninstall Crystal Enterprise, all of the web functionality from
both Crystal Reports and Crystal Enterprise will be removed. You will need to
reinstall Crystal Reports 8 to regain use of Crystal Reports 8 web distribution.
Page Server error when viewing a report

When you attempt to run or preview a report, the following error message appears:
There are no Page Servers connected to the Cache Server or all the connected
Page Servers are disabled. Please try to reconnect later. [On Page Server :
<servername>.Cacheserver]
This error indicates that the Page Server is not started and enabled. Use the CCM
to start the Page Server and then enable it. (If the Page Server was already started
and enabled, use the CCM to restart it.)
320
ePortfolio considerations
Supporting ePortfolio users in multiple time zones
Avoid granting Schedule access to the default Guest account if you deploy
ePortfolio as the web desktop for users in different time zones. Instead, ensure that
each user who is allowed to schedule reports has a dedicated account on the
system, and that each user's ePortfolio preferences include the appropriate timezone setting. To view or modify the time-zone setting for any user account, use the
ePortfolio Preferences Manager, which is available as an Administrative Sample
on the Crystal Enterprise Launchpad. Dedicated accounts are recommended
because the default Guest account does not allow users to modify account
preferences that would affect other users. For more information about using
specific time-zone properties in your custom web applications, see the Crystal
Enterprise Web Developer's Guide.
Setting default report destinations

By default, a report's destination that is set in the CMC will be the selected
destination when a report is scheduled in ePortfolio. A user can also select
alternate destinations in ePortfolio by updating the Destination option. Note that
the destination set in ePortfolio applies only to the scheduled instance. Thus, when
a user schedules another instance in ePortfolio, the destination that is set in the
CMC will be selected, unless the user changes the Destination option. If the user
selects the Default destination setting in ePortfolio, reports are processed on the
Job Server and sent to the File Repository Server. The Default destination setting
in ePortfolio is equivalent to the Default destination setting in the CMC.
Setting preferences and report viewers for ePortfolio users

The ePortfolio Preferences Manager enables you to set the default ePortfolio
preferences for each user on the system. If users have their own accounts on the
system, they can modify their preferences when they log on to ePortfolio. If users
access ePortfolio anonymouslywith the Guest accountyou can use this tool to
set preferences, including the default report viewer. Users cannot change their
preferences when they are logged on under the Guest account.
The ePortfolio Preferences Manager is available as an Administrative Sample on
the Crystal Enterprise Launchpad.
321
Configuring your web farm for load balancing
ePortfolio and Windows NT Single Sign On

Enterprise authentication, as opposed to Windows NT authentication. Design your
own web applications accordingly (or modify ePortfolio) if you want to use NT
Single Sign On. By default, when a user launches ePortfolio, he or she will be
automatically logged on using the Guest account (Enterprise authentication).
However, even when you disable the Sign Up feature, ePortfolio is designed to
display a logon page. With Single Sign On enabled, the user can select Windows NT
from the Authentication list and click Log On without entering his or her user name
or password. In the Crystal Enterprise Web Developers Guide, refer to lesson 2 of the
tutorial for an example on creating a web application that uses Single Sign On.
For details on configuring IIS and Crystal Enterprise for Windows NT Single Sign
On, see Setting up NT Single Sign On on page 52.

A web farm is a group of two or more web servers working together to handle
browser requests. To use your web farm in a Crystal Enterprise environment, the
Web Connectors that reside on each of the web servers need to be configured so
they are aware of the Web Component Servers they should communicate with.
Note: Crystal Enterprise supports web farms with and without affinity masks.
After the connectors have been configured, they can load-balance requests
between the Web Component Servers. When a web server establishes a connection
with a Web Component Server, it uses a round robin algorithm to identify the next
available Web Component Server. The only exceptions to this occur when a web
server uses a CGI web connector, or if a session state was created on a previous
request to the Web Component Server. The CGI web connector uses a random
algorithm instead of a round robin algorithm because the connector doesnt have
knowledge of the last Web Component Server it communicated with. Requests
that had a session set up previously, must return to the same Web Component
Server each time to ensure that subsequent requests have access to the previously
set session state.
Both of the following procedures need to be completed for each web server in your
Crystal Enterprise environment.
322
To specify the Web Component Server the web server should use
This procedure assumes that the Web Connector has been installed on each of the
web server machines. For more information on performing a custom installation,
see the Crystal Enterprise Installation Guide.
1 Start the CCM.
2 Click Configure Web Connector.
3 Click Add in the Web Component Servers area.
4 Enter the IP address or host name where the Web Component Server you
would like to communicate with resides.
5 Enter the port number.
This is the Web Component Server port number.
6 Click OK.
The Web Component Server is added to the list.
Note: Repeat this procedure for each Web Component Server the web server
should have access to.
To specify the virtual directory the Web Connector should use

1 Click Add in the Path Mapping area.
2 Enter the virtual path of the web server.
3 Enter .rpt and .csp as the extensions.
4 Enter the actual path of the Web Component Server.
5 Click OK.
Note:
For more information on virtual directories and path mapping, see
Troubleshooting path mappings on page 297.
Crystal Enterprise dynamically maintains the list of available WCS machines, so
your web server should respond to your changes within a maximum of several
minutes (without restarting). However, if you are running Apache as your web
server, you must instruct Apache to reinitialize its child worker processes after
you add or remove WCSHOSTS to the Web Connector configuration files. You can
generally do this with one of the following commands:
kill -HUP `cat <absolute path to httpd.pid file>`
kill -USR1 `cat <absolute path to httpd.pid file>`
Consult the Apache documentation for more information.
323
324
Glossary
Active Server Pages

Active Server Pages are web pages that run under Microsofts Internet Information
Server (IIS) version 3.0 and later. Active Server Pages combine HTML, VBScript or
JScript, and ActiveX controls to create dynamic web pages that can be viewed from
most web browsers.
ActiveX Control
A Custom Control for Visual Basic 4.0 and above that incorporates Object Linking
and Embedding (OLE) technology. Formerly known as an OLE Control (OCX).
alias
An alias is an alternate name that is assigned to a user to enable him or her to log
on to Crystal Enterprise. For example, a user may have both an Enterprise alias and
an LDAP alias that he or she can access the system with.

The Automated Process Scheduler (APS) is responsible for maintaining a database
of information about your Crystal Enterprise system; the other components can
therefore access that data as required. The data stored by the APS includes
information about users and groups, security levels, Crystal Enterprise content,
and servers. The APS maintains security and manages objects and servers.
Cache Server
The Cache Server is responsible for handling all viewing requests from the Web
Component Server (WCS). The Cache Server checks whether or not it can fulfill the
request with a cached report page. If it cannot, it passes the request along to the
Page Server. The Page Server runs the report and returns the results to the Cache
Server. The Cache Server then caches the information and returns the data to the
WCS. By storing report pages in a cache, Crystal Enterprise avoids accessing the
database each and every time a report is requested.
325
CCM
The Crystal Configuration Manager (CCM) is a server administration tool. It is
provided in two forms. In a Windows environment, the CCM allows you to
manage local and remote servers through its Graphical User Interface (GUI) or
from a command line. In a UNIX environment, the CCM shell script (ccm.sh)
allows you to manage servers from a command line.
CMC
The Crystal Management Console (CMC) web application is the most powerful
administrative tool provided for managing a Crystal Enterprise system. It offers
you a single interface through which you can perform almost every task related to
user management, content management, and server management.
Crystal Analysis
Crystal Analysis is a design tool for creating OLAP applications that allow you to
view and analyze data from different data sources. They can be distributed as
desktop applications, or published on the Web using Crystal Enterprise.

The Crystal Import Wizard is a locally installed Windows application that allows
you to migrate existing user accounts, groups, folders, and reports to your new
Crystal Enterprise system. The Crystal Import Wizard runs on Windows, but you
can use it to import information to a new Crystal Enterprise system that is running
on Windows or on UNIX.

The Crystal Publishing Wizard is a locally installed, 32-bit Windows application.
The wizard enables administrators and end users to publish Crystal report (.rpt)
files to Crystal Enterprise.
Crystal Server Pages (CSP)

Crystal Server Pages (CSP), which are similar to Active Server Pages (ASP), are
used to provide dynamic responses to users browsing Crystal Enterprise.
ePortfolio, for instance, is written in CSP. CSP files contain a mixture of HTML code
and scripting code such as VBScript or JavaScript (also known as JScript or ECMA
Script). CSP pages are text files with a .csp extension, and they can be developed
with a text editor or an application such as Microsoft FrontPage or Microsoft Visual
InterDev. For details, see the Crystal Enterprise Web Developers Guide.
326
Crystal Web Wizard

This Windows application is designed to assist new developers in building and
installing web applications. The wizard lets you create a custom web application
or install a sample project. You can use this wizard as a stand-alone application or
as a Microsoft FrontPage web creation tool.
custom event
A custom event is an event that is triggered manually by a user through the CMC,
or triggered directly through CSP code. A scheduled report that is dependent on a
custom event will run only when the event is triggered.
database
A database is a bank of related data. Each unit (record) of the database is typically
organized in a fixed format to make it easier to retrieve selected portions of the
data on demand. Each record is made up of one or more data fields, and each data
field can hold one piece of data (known as a value).
data source
A data source is a database, table, query, or stored procedure result set that
provides the data for a report.
Dynamic Link Library (DLL)

A Dynamic Link Library (DLL) is a special kind of file that contains Windows
functions. DLLs are used by developers to extend the capabilities of Windows
applications. The library is activated whenever an application or another DLL calls
a function in the library. DLLs link on the fly, at runtime, whenever an included
function is called. DLL functions are available on an as-needed basis to any
program that can call DLLs; they do not need to be linked to the program via the
compiler. The Crystal Report Engine can be called as a DLL by developers for use
with applications they are developing.
Enterprise authentication
Enterprise authentication is the default authentication method used by Crystal
Enterprise. You can create distinct accounts and groups for use with Crystal
Enterprise. Crystal Enterprise also supports NT authentication and LDAP
authentication.
327
ePortfolio
ePortfolio is a web-based interface that end users access to view, schedule, and
keep track of published reports. Each Crystal Enterprise request that a user makes
in ePortfolio is directed by the web server to the Web Connector, which then
forwards the request to the Web Component Server.
event
An event is a preset trigger for scheduling and processing objects. Event-based
scheduling provides you with additional control over scheduling reports: you can
set up events so that reports are processed only after a specified event occurs.
Working with events consists of two steps: creating an event and scheduling a
report with events. That is, once you create an event, you can select it as a
dependency when you schedule a report. The scheduled job is then processed only
when the event occurs. You can schedule a report with a file event, a custom event,
and/or a schedule event.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the APS that
the file-based event has occurred. The APS then starts any jobs that are dependent
upon your file-based event.
file event
A file-based event waits for a particular file (the trigger) to appear before the event
occurs. Before scheduling a report that waits for a file-based event to occur, you
must first create the file-based event in the Events management area of the CMC.
When you define a file-based event, you specify a filename that the Event Server
should monitor for a particular file. When the file appears, the Event Server
triggers the event.
File Repository Server

There is one Input and one Output File Repository Server in every Crystal
Enterprise implementation. The Input File Repository Server contains all of the
report objects that have been published to the system by administrators or end
users (using the Crystal Publishing Wizard, the Crystal Management Console
(CMC), the Crystal Import Wizard, or a Crystal designer component such as
Crystal Reports). The Output File Repository Server contains all of the report
instances generated by the Job Server(s). The File Repository Servers are
responsible for listing files on the server, querying for the size of a file, querying
for the size of the entire file repository, adding files to the repository, and removing
files from the repository.
328
group
A group is a collection of users who share the same account privileges. For instance,
you can create groups that are based on department, role, or location. Groups
enable you to make changes in one place (a group) instead of modifying each user
account individually. Also, you can assign object rights to a group or groups.
instance
An instance is a copy or version of an object that contains report data that is
retrieved from one or more databases. Each instance contains data that is current
at the time the report, query, or program is processed. In Crystal Enterprise, you
publish objects to the system, and then schedule those objects to generate instances
on a recurring basis.
Input File Repository Server

See File Repository Server.
Job Server
The Job Server processes scheduled reports, as requested by the Automated
Process Scheduler, and generates report instances (instances are versions of a
report object that contain saved data). To generate a report instance, the Job Server
communicates with the database to retrieve the current data.
LDAP authentication
Lightweight Directory Access Protocol (LDAP) authentication enables you to use
existing LDAP user accounts and groups (on an LDAP directory server) in Crystal
Enterprise. When you map LDAP accounts to Crystal Enterprise, users are able to
access ePortfolio and other Crystal Enterprise applications with their LDAP user
name and password. This eliminates the need to recreate individual user and
group accounts within Crystal Enterprise.
logon token
A logon token is an encoded string that defines its own usage attributes and
contains a users session information. The logon tokens usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users.
mapping accounts
Mapping an account enables a user with an NT or LDAP account to access Crystal
Enterprise. Typically, you map NT or LDAP user accounts to Crystal Enterprise
through the CMC. When you map an NT or LDAP account, you can choose to create
a new Crystal Enterprise account or link to an existing Crystal Enterprise account.
329
NT authentication
NT authentication is a Windows-specific authentication method that enables you
to use existing NT user accounts and groups in Crystal Enterprise. When you map
NT accounts to Crystal Enterprise, users are able to log on to ePortfolio and other
Crystal Enterprise applications with their NT user name and password. This
eliminates the need to recreate individual user and group accounts within Crystal
Enterprise.
NT Single Sign On
NT Single Sign On enables users to use various Crystal Enterprise applications
without being prompted to log on. Users need only to enter their NT user name
and password information once at the beginning of the NT session. Note that
Enterprise authentication, as opposed to Windows NT authentication.
object
From an administrative perspective, objects in Crystal Enterprise are the folders
you create on the system and the content you publish to the system. For example,
a typical object is a report object which is stored in the Input File Repository Server.
A report object is an .rpt file that you publish to the system and schedule in order
to create instances with report data.
ODBC
ODBC stands for Open Database Connectivity. It is an interface that gives
applications the ability to use SQL to retrieve data from data management systems.
Such an interface allows a developer to develop, compile, and ship applications
without targeting specific database management systems. Also called
interoperability.
Output File Repository Server

See File Repository Server.
Page Server
The Page Servers primary responsibility is to respond to on-demand page requests
from the Cache Server and to generate Encapsulated Page Format (EPF) pages. The
Page Server then returns the EPF pages to the Cache Server. The EPF pages contain
formatting information that defines the layout of the report. The data for the report
is saved with the report or retrieved on demand from the database.
330
parameter field
A parameter field is a special kind of field that prompts the user for a value. You
can use parameter fields for report titles, record selection, sorting, and a variety of
other uses. Using parameter fields enables you to create a single report that you
can modify quickly to fit a variety of needs.
processing extension
A processing extension is a dynamically loaded library of code that applies
business logic to particular Crystal Enterprise view requests or schedule requests
before they are processed by the system.
publishing
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. The
objects that you publish may be individual reports created with Crystal Reports,
analytical applications designed with Crystal Analysis, or other objects that youve
created using Crystal Enterprise plug-in components.
record
In a database, a record is a complete unit of related information, an electronic file
folder that holds all of the data on a given entity. Each record contains one or more
fields that contain the specific pieces of data of interest. In a customer database, for
example, a record would store all of the data on a single customer. In an inventory
database, a record would store all of the data on a single inventory item. Data from
an individual record is displayed or printed as a row of data on a columnar report.
report
A report is an organized presentation of data. As a management tool, a report is
used to provide management with the insight it needs to run an organization
effectively. In Crystal Enterprise, you publish objects to the system, and then
schedule those objects to generate instances on a recurring basis.
Report Application Server

The Report Application Server (RAS) is a Crystal Enterprise add-in component
that provides users with report design capability over the Web. The Report
Application Server must be installed separately into an existing Crystal Enterprise
implementation. Consult the documentation included with the Report Application
Server for more information.
331
Report Job Server

See Job Server.
report object
A report object is an object that is created using a Crystal designer component
(such as Crystal Reports or Crystal Analysis). Report objects contain report
information (such as database fields). When you schedule a report, Crystal
Enterprise generates an instance or instances of the object. When you publish a
report object to Crystal Enterprise, only the structure of the report (the template
information) is saved; that is, the published report object contains no saved data.
schedule event
Schedule-based events are dependent upon scheduled reports. That is, a schedulebased event is triggered when a particular report has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
report, or it can be based simply on the completion of the job. A report that is
dependent on a schedule-based event will run only when the schedule-based
event is triggered.
selection formula
A selection formula is a formula that specifies the records, or groups of records,
you want included in your report.
server-side processing
Server-side processing is a feature that allows you to set up reports that perform
the majority of their processing on the database server. These reports push only
relevant details to your computer, thus saving you time and memory.
Sign Up feature
The Sign Up feature in ePortfolio enables users to sign up and create a new account
on Crystal Enterprise. You have the option to disable this feature to prevent guest
users from creating their own accounts.
Single Sign On
Single Sign On enables users to automatically log on to an application without
entering a user name or password. In Crystal Enterprise, there are two forms of
Single Sign On: NT Single Sign On, and ePortfolios Single Sign On feature. With
ePortfolios Single Sign On feature, users are logged on automatically under the
Guest account (Enterprise authentication).
332
Smart Reporting Technology

Smart Reporting Technology offers a flexible DHTML solution for web-based
reporting. See Report Application Server.
Software Development Kit

The Crystal Enterprise Software Development Kit enables you to develop your
own custom desktops or administrative tools. For more information, access the
Crystal Enterprise Web Developers Guide online from the Crystal Enterprise
Launchpad.
subreport
A subreport is a report within a report. It has all of the characteristics of a report
with one exception: it cannot itself include a subreport. Subreports can be freestanding or they can be linked to the data in the primary report. Using Crystal
Reports, you can insert as many subreports as you wish.

The Web Component Server (WCS) is the gateway between the Web Connector on
the web server and the rest of the components in Crystal Enterprise. The WCS is
responsible for processing requests from your browser, including Crystal Server
Pages (.csp files), which are used to customize your access to Crystal Enterprise.
As a result, this server also acts as an application server.
Web Connector
To communicate with the different types of web servers, the WCS uses a Web
Connector. Crystal Enterprise includes different Web Connectors for different
operating systems and web servers.
333
334
Index
A
Access Level column ........................................... 96
access levels........................................................ 96
Advanced...............................................99, 100
available in the CMC .................................. 275
described ...................................................... 98
enabling and disabling inheritance.............. 104
Full Control................................................... 99
inheritance.................................................. 103
No Access..................................................... 98
reference..................................................... 273
Schedule ....................................................... 98
setting ........................................................... 98
specifying on folders ..................................... 68
tutorials....................................................... 108
View ............................................................. 98
View On Demand......................................... 99
when copying/moving folders ....................... 66
access, restricting from the top-level folder ........ 131
account management .......................................... 34
active sessions, viewing ..................................... 198
active trust relationship........................................ 25
ActiveX viewer, modifying options .................... 219
activity, viewing current metrics ........................ 196
adding
APS cluster members................................... 204
license keys................................................. 272
servers......................................................... 249
AddPathMap directive ....................................... 307
administering
remote UNIX machines................................. 12
remote Windows machines........................... 11
administration........................................................ 8
configuration tools ...................................... 196
delegated .................................................... 125
over the Web .................................................. 8
tools................................................................ 8
Administrator, setting password ........................... 13
Administrators group, default rights ................... 277
Advanced access level......................................... 99
advanced rights ................................................. 100
and inheritance ........................................... 103
priorities affecting................................... 107
denied by default ........................................ 108
enabling and disabling inheritance.............. 105
precedence ................................................. 108
reference..................................................... 274
setting ..........................................................100
viewing........................................................100
Advanced Rights page ........................................100
reference......................................................274
affinity, and SSL....................................................26
aliases
LDAP accounts ..............................................59
NT accounts ..................................................49
Apache
application mappings on UNIX....................302
reinitializing child processes........................248
virtual paths on UNIX ..................................307
application mappings .........................................300
applications........................................................187
CCM ............................................................188
CMC ............................................................188
Crystal Import Wizard..................................188
Crystal Publishing Wizard............................188
ePortfolio.....................................................187
APS .............................................................. 20, 190
adding to a cluster .......................................206
and authentication ...................................17, 18
and authorization...........................................18
and distributed security..................................26
and security ...................................................20
and security plug-ins......................................20
as nameserver..............................................235
base rights and available rights ....................102
calculating effective rights............................106
changing cluster name .................................208
clustering.....................................................204
configuring ..........................................213, 235
SOCKS ....................................................268
copying system database..............................208
default port ..................................................235
installing a new cluster member...................206
metrics.................................................198, 199
requirements for clustering...........................204
unable to connect ........................................312
when enabling and disabling other servers..... 201
APS database......................................................190
changing password ......................................213
configuring ..................................................208
deleting........................................................213
migrating .....................................................208
recreating.....................................................213
selecting ......................................................213
335
APS session variables ........................................... 27

and authentication................................... 17, 18
tracking ......................................................... 28
apsdbsetup.sh .................................................... 283
architecture........................................................ 186
client tier .....................................................187
data tier ....................................................... 193
diagram ....................................................... 186
intelligence tier............................................ 189
processing tier ............................................. 192
areas, management ................................................ 9
attributes, logon tokens ........................................25
audience, intended ................................................ 2
auditing web activity.................................... 29, 218
authentication ................................................ 16, 36
Crystal Enterprise security plug-in.................. 21
Enterprise ...................................................... 36
LDAP............................................................. 36
LDAP security plug-in....................................23
primary.......................................................... 17
process described .......................................... 17
secondary ...................................................... 18
security plug-ins ............................................20
troubleshooting log on................................. 313
Windows NT ................................................. 36
Windows NT Challenge/Response .................22
Windows NT security plug-in ........................ 22
authentication providers ...................................... 20
authorization .......................................................16
effective rights ............................................. 106
process described .......................................... 18
see also object rights
Automated Process Scheduler. See APS
available rights................................................... 102
B
base rights.......................................................... 102
Btrieve ............................................................... 228
C
cache files settings ............................................. 216
Cache Server...................................................... 192
configuring .................................................. 216
metrics ........................................................ 198
performance settings.................................... 216
CCM .................................................................. 188
accessing .......................................................11
adding a server ............................................ 249
changing
server startup type................................... 240
Windows server dependencies ...............239
copying server status ................................... 203
deleting a server ..........................................251
enabling and disabling servers..................... 201
for UNIX................................................ 12, 280
336
for Windows ................................................. 11

printing server status ................................... 203
refreshing the list of servers ......................... 204
starting, stopping, and restarting servers ...... 200
working with ................................................. 11
ccm.sh............................................................... 280
Help option................................................... 12
running ......................................................... 12
CGI
application mappings
on UNIX................................................. 303
on Windows........................................... 300
virtual path mappings
on UNIX................................................. 308
on Windows........................................... 305
characters, setting CMC preferences .................... 10
client tier ........................................................... 187
clustering, requirements..................................... 204
clusters ...................................................... 204, 206
changing names .......................................... 208
viewing details ............................................ 199
CMC.................................................................. 188
communication error .................................. 312
enabling and disabling servers .................... 201
Glossary definition ...................................... 326
logging off ..................................................... 11
logging on ....................................................... 9
logging options ........................................... 218
management areas .......................................... 9
navigating ....................................................... 9
publishing objects with ................................. 82
setting preferences ........................................ 10
starting, stopping, and restarting servers ...... 200
unable to connect ....................................... 312
working with ................................................... 8
commands, UNIX reference............................... 279
communication between browser and WCS ........ 17
communication error ......................................... 312
components....................................................... 186
APS ............................................................. 190
Cache Server............................................... 192
CCM ........................................................... 188
client tier..................................................... 187
CMC ........................................................... 188
communication ........................................... 193
configuring servers ...................................... 196
Crystal Import Wizard ................................. 188
Crystal Publishing Wizard ........................... 188
ePortfolio .................................................... 187
Event Server ................................................ 191
File Repository Servers ................................ 191
information flow ......................................... 193
intelligence tier ........................................... 189
Job Server.................................................... 192
Page Server ................................................. 192
processing tier ............................................. 192
security management .....................................19

servers ......................................... 186, 189, 192
WCS ............................................................189
configuration, common scenarios.......................243
configuring
APS clusters ......................................... 204, 208
APS database ....................................... 208, 213
Cache Server ...............................................216
common scenarios.......................................243
Event Server.................................................218
File Repository Servers .................................215
firewalls .......................................................263
intelligence tier ............................................204
Job Server .................................... 222, 223, 227
Page Server .......................................... 221, 227
processing tier .............................................221
servers .........................................................196
WCS .................................................... 218, 219
web servers
application mappings..............................300
virtual directories ....................................298
virtual path mappings .............................304
connecting to remote Windows machines............11
content, folders ....................................................64
cookies
and session tracking.......................................27
logon tokens ..................................................25
copying system data ...........................................208
copying/moving folders ........................................66
creating
folder administrators ....................................125
folders ...........................................................64
server groups ...............................................254
server subgroups ..........................................255
subfolders ......................................................65
.cri files, application mappings...........................300
Crystal Analysis, saving objects to APS .................84
Crystal Configuration Manager. See CCM
Crystal Enterprise SDK.............................. 16, 18, 24
Crystal Enterprise security plug-in.........................21
Crystal Enterprise Sizing Guide...........................242
Crystal Import Wizard .................................. 86, 188
selecting information .....................................91
specifying source and destination ..................90
Crystal Launchpad, accessing .................................9
Crystal Management Console. See CMC
Crystal Publishing Wizard ....................................75
adding
folders.......................................................76
multiple reports.........................................76
reports ......................................................76
changing
default values............................................80
report properties .......................................80
creating folder on APS ...................................78
database log on ............................................. 81

duplicating folder structure............................ 78
moving reports between folders..................... 79
scheduling reports ......................................... 79
selecting
folder on APS ........................................... 78
the APS..................................................... 77
setting report parameters ............................... 81
Crystal Reports
saving objects to APS..................................... 84
troubleshooting reports................................ 316
version 8 web distribution ........................... 320
crystal virtual directory ...................................... 299
Crystal Web Wizard........................................... 189
.csp files, application mappings ......................... 300
custom events ............................................ 180, 184
customizing
inheritance model ....................................... 108
object rights................................................. 100
your configuration ....................................... 242
.cwr files, application mappings......................... 300
D
daemons, signal handling .................................. 291
data
allowing users to refresh ................................ 75
cache files ................................................... 216
choosing live/saved .....................................242
live .............................................................. 243
refreshing on a schedule................................ 75
saved........................................................... 243
data sources
on UNIX...................................................... 229
on Windows................................................ 227
data tier ............................................................. 193
databases
changing settings .........................................150
configuring servers for .................................227
copying APS data ........................................ 208
initializing the APS ...................................... 213
selecting for the APS.................................... 213
troubleshooting
driver errors ............................................ 318
logon ...................................................... 314
DB2 ................................................................... 227
default settings
authentication ............................................... 21
Enterprise accounts........................................ 21
groups ........................................................... 34
Administrators .......................................... 35
Crystal NT Users....................................... 36
Everyone................................................... 35
New Sign-Up Accounts ............................ 35
modifying security ......................................... 14
NT account ................................................... 22
337
object rights................................................. 273

ports ............................................................ 235
security plug-in.............................................. 21
users.............................................................. 34
Administrator............................................35
Guest........................................................ 35
deleting
APS database............................................... 213
folders ...........................................................66
report objects ..............................................145
servers .........................................................251
denied rights ...................................................... 108
dependencies of servers on Windows ................ 239
designer, saving objects to APS ............................ 84
destination environment, and importing............... 90
destinations........................................................ 166
default settings............................................. 166
disk, setting default ......................................223
email ........................................................... 170
FTP.............................................................. 168
Job Servers, setting default ...........................223
printer .........................................................172
troubleshooting ........................................... 321
unmanaged disk ..........................................167
DHTML viewer, modifying options .................... 219
directories
publishing ..................................................... 75
virtual.......................................................... 298
directory servers
about LDAP ................................................... 23
security plug-in.............................................. 23
disabling
Guest account ............................................... 14
inheritance .................................................. 104
servers .........................................................201
Sign Up ......................................................... 13
documentation, additional ................................. 311
drivers, troubleshooting errors............................ 318
DSNs on UNIX .................................................. 231
dynamic-link libraries, as processing
extensions .......................................................24
E
effective rights, calculating................................. 106
email destination ............................................... 170
setting defaults............................................. 225
enabling
inheritance .................................................. 104
servers .........................................................201
encoding logon tokens......................................... 25
environment variables, ODBC ...........................231
env.sh ................................................................ 286
ePortfolio ........................................................... 187
authentication model..................................... 16
considerations ............................................. 321
disabling Guest account ................................ 14
338
disabling Sign Up .......................................... 13

primary authentication process ..................... 17
setting users preferences.............................. 321
Sign Up ......................................................... 21
Single Sign On .............................................. 21
errors
Page Server ................................................. 320
Event Log................................................... 234, 239
Event Server....................................................... 191
configuring.................................................. 218
metrics ........................................................ 198
polling time................................................. 218
events ................................................................ 180
custom ........................................................ 184
file-based .................................................... 181
importing from Crystal Enterprise .................. 88
polling time................................................. 218
schedule-based ........................................... 182
scheduling .................................................. 163
Everyone group, default rights............................ 277
expanding.......................................................... 242
the system ................................................... 241
Explicitly Denied column .................................. 100
Explicitly Granted column ................................. 100
extensions, processing ......................................... 24
F
fail over, Web Connector and WCS ..................... 26
Favorites folders................................................... 71
fax numbers, registration........................................ 5
file events .................................................. 180, 181
File Repository Servers....................................... 191
metrics ........................................................ 197
setting maximum idle times......................... 215
setting root directories ................................. 215
firewalls....................................................... 29, 260
configuring.................................................. 263
NAT ....................................................... 263
Network Address Translation.................. 263
SOCKS ................................................... 265
forcing servers to register by name .............. 237
types of ....................................................... 261
NAT ....................................................... 262
packet filtering ....................................... 261
SOCKS ................................................... 262
folder inheritance .............................................. 103
folder rights ......................................................... 68
folders ................................................................. 64
adding a report.............................................. 67
changing top-level rights ............................. 113
copying/moving ............................................ 66
creating ......................................................... 64
default rights at top level ............................. 277
default user folders ........................................ 71
delegated administration ............................. 125
deleting .........................................................66
Favorites folder ..............................................71
importing
from Crystal Enterprise ..............................87
from Seagate Info ......................................88
moving ..........................................................66
object rights...................................................96
access levels .............................................98
advanced settings....................................100
inheritance..............................................103
setting access levels ..................................98
viewing .....................................................96
when copying/moving ..............................66
setting instance limits.....................................70
specifying rights .............................................68
format, choosing ................................................173
FTP destination...................................................168
setting defaults.............................................224
Full Control access level.......................................99
reference .....................................................276
G
granted rights .....................................................108
group inheritance ...............................................103
group rights ..........................................................96
grouping servers .................................................254
groups
creating .........................................................41
for tutorials .............................................109
deleting .........................................................43
importing
modifying ......................................................42
object rights
access levels .............................................98
advanced rights.......................................100
inheritance..............................................103
of servers .....................................................254
setting
instance limits on folders ..........................70
object rights ............................................176
viewing members ..........................................42
Guest account
default rights ................................................277
disabling .................................................. 14, 43
disabling Sign Up ..........................................13
H
help
documentation resources .............................311
product registration..........................................5
technical support .............................................6
Holos applications, from Seagate Info ..................89
HTTP.............................................................. 17, 27
I
idle times
Cache Server ............................................... 216
File Repository Servers.................................215
Page Server.................................................. 221
importing
Crystal Import Wizard ................................... 86
from Crystal Enterprise................................... 86
from Seagate Info........................................... 88
selecting information ..................................... 91
specifying source and destination .................. 90
index, setting CMC preferences............................ 10
Info cubes, from Seagate Info ............................... 89
Info Views, from Seagate Info............................... 89
information flow, between servers ..................... 193
Informix ............................................................. 228
inheritance......................................................... 103
and advanced rights ............................ 100, 105
base rights and available rights .................... 102
enabling and disabling ................................ 104
priorities affecting........................................ 108
tutorials ....................................................... 108
Inherited column ............................................... 100
initializing APS database .................................... 213
initlaunch.sh ...................................................... 286
Input File Repository Server ............................... 191
metrics ........................................................197
setting maximum idle time .......................... 215
setting root directory.................................... 215
instances ............................................................138
from Seagate Info........................................... 89
importing from Crystal Enterprise................... 87
setting limits at the folder level ...................... 70
intelligence tier .................................................. 189
configuring .................................................. 204
Internet Information Services (IIS)
and NT Single Sign On .................................. 22
application mappings .................................. 300
default web site ........................................... 311
iPlanet Enterprise Server
UNIX
application mappings on UNIX............... 303
virtual paths............................................ 307
Windows
application mappings .............................300
virtual paths............................................ 305
J
Java viewer, modifying options .......................... 219
Job Server .......................................................... 192
configuring .......................................... 223, 227
configuring on UNIX ................................... 229
maximum number of jobs............................ 222
metrics ........................................................198
report objects .............................................. 147
339
K
key combinations................................................... 6
keyboard shortcuts ................................................. 6
L
launchpad, accessing ............................................. 9
LDAP ...................................................................23
about............................................................. 23
authentication ............................................... 36
managing accounts........................................54
LDAP accounts .................................................... 23
aliases
reassigning................................................60
using......................................................... 59
viewing..................................................... 60
configuring .................................................... 54
groups
creating .................................................... 61
disabling................................................... 61
managing ...................................................... 54
mapping ........................................................ 54
modifying
connection parameters .............................58
member groups......................................... 58
troubleshooting ............................................. 61
unmapping .................................................... 57
users
creating .................................................... 61
disabling................................................... 61
LDAP authentication plug-in ................................ 23
LDAP groups
mapping ........................................................ 54
unmapping .................................................... 57
LDAP hosts, managing multiple ........................... 58
LDAP security plug-in .......................................... 23
LDAP users
mapping ........................................................ 54
unmapping .................................................... 57
license keys ....................................................... 270
adding .........................................................272
viewing account activity .............................. 272
licensing ............................................................ 270
accessing information ..................................271
Lightweight Directory Access Protocol. See LDAP
limits, setting at the folder level............................ 70
live data .............................................................243
load balancing
and distributed security ................................. 26
APS clustering ............................................. 204
web farm .....................................................322
Local System account ........................................ 227
log on
authentication ............................................... 16
processing server accounts .......................... 227
protection against malicious attempts ............ 30
with token ..................................................... 18
340
logging
server activity .............................................. 234
web activity .......................................... 29, 218
logon tokens ........................................................ 25
and authentication ........................................ 17
and authorization .......................................... 18
and distributed security ................................. 26
and secondary authentication ....................... 18
and session tracking ...................................... 27
logon.csp............................................................. 17
Lotus Domino.................................................... 227
M
malicious logon attempts, protection against ....... 30
management areas, defined ................................... 9
mapped drives ................................................... 319
mapped LDAP groups, viewing............................ 58
mapped LDAP users, viewing .............................. 58
mapped NT groups, viewing ................................ 48
mapped NT users, viewing .................................. 48
mapping
LDAP accounts ............................................. 54
NT accounts.................................................. 44
troubleshooting web server paths ................ 297
virtual paths ................................................ 304
mappings
application .................................................. 300
virtual directories ........................................ 298
virtual paths ................................................ 304
menu styles, setting CMC preferences.................. 10
metrics............................................................... 196
system ......................................................... 199
viewing
account activity ...................................... 272
for servers............................................... 197
Microsoft Access................................................ 228
Microsoft Exchange ........................................... 228
Microsoft SQL Server ......................................... 227
migrating ............................................................. 86
APS database .............................................. 208
from Crystal Enterprise .................................. 86
from Seagate Info .......................................... 88
selecting information..................................... 91
specifying source and destination.................. 90
multihomed machines ....................................... 238
My Password, setting CMC preferences ............... 10
N
nameserver, role of APS..................................... 235
NAT. See Network Adress Translation
native drivers ..................................................... 227
on UNIX ..................................................... 229
Net Access column.............................................. 96
Network Address Translation ..............261, 262, 263
No Access level ................................................... 98
reference ..................................................... 275
Not Specified rights, and access levels .................98

NT
authentication................................................36
managing accounts........................................44
Single Sign On ...............................................52
NT accounts
aliases
reassigning ................................................50
using .........................................................49
viewing .....................................................50
configuring ....................................................44
groups
creating.....................................................51
disabling ...................................................51
managing.......................................................44
mapping ........................................................44
troubleshooting..............................................51
unmapping ....................................................47
users
creating.....................................................51
disabling ...................................................51
NT authentication
and UNIX ......................................................22
plug-in ...........................................................22
NT groups
mapping ........................................................44
unmapping ....................................................47
NT LM Security Support Provider .......................239
NT Single Sign On
and Windows NT security plug-in .................22
setting up .......................................................52
NT users
mapping ........................................................44
unmapping ....................................................47
number of logons, logon tokens ...........................25
number of minutes, logon tokens .........................25
O
object rights .........................................................96
advanced setting ..........................................100
available in the CMC ...................................274
base and available .......................................102
calculating effective .....................................106
importing
inheritance .......................................... 103, 105
predefined access levels ................................98
reference .....................................................273
setting ............................................................98
specifying for a folder ....................................68
tutorials .......................................................108
decreasing rights .....................................112
increasing rights......................................131
viewing..........................................................96
when copying/moving folders........................66
objects ............................................................... 138

Advanced Rights page .................................100
and access levels ........................................... 98
enabling and disabling inheritance ..............104
importing
from Crystal Enterprise.............................. 87
from Seagate Info...................................... 89
publishing ..................................................... 73
multiple .................................................... 75
options ..................................................... 74
with CMC ................................................. 82
Rights tab ...................................................... 96
saving directly to APS .................................... 84
viewing rights ................................................ 96
objects per page, setting maximum ...................... 10
ODBC
APS database............................................... 206
APS database connectivity........................... 209
drivers ......................................................... 227
environment variables .................................231
identical DSNs required .............................. 227
processing server accounts .......................... 227
reporting on UNIX....................................... 230
system information file ................................ 231
.odbc.ini ............................................................231
one-machine setup ............................................ 244
Open OLAP cubes, from Seagate Info .................. 89
options, publishing .............................................. 74
Oracle ............................................................... 227
Output File Repository Server ............................ 191
metrics ........................................................197
setting maximum idle time .......................... 215
setting root directory.................................... 215
P
packet filtering ................................................... 261
page index, setting CMC preferences ................... 10
Page Server ........................................................192
configuring .......................................... 221, 227
configuring on UNIX ................................... 229
metrics ........................................................198
pages, setting CMC preferences ........................... 10
Paradox ............................................................. 228
passwords
changing
for APS database.....................................213
settings ..................................................... 40
restrictions..................................................... 30
setting
CMC preferences ...................................... 10
for Administrator account ......................... 13
patchlevel.sh...................................................... 286
path mapping..................................................... 298
PC databases...................................................... 228
341
performance ...................................................... 242

APS clusters................................................. 204
Cache Server settings................................... 216
common scenarios ......................................243
general considerations................................. 245
load balancing............................................... 26
Page Server settings ..................................... 221
setting number of jobs per server ................. 222
Windows NT Challenge/Response
authentication.............................................. 22
permissions .......................................................... 96
plug-ins, security.................................................. 20
polling time, setting for Event Server .................. 218
port numbers, changing ..................................... 235
postinstall.sh ...................................................... 287
predefined access levels....................................... 98
preferences
setting
for ePortfolio users..................................321
in the CMC ............................................... 10
primary authentication ......................................... 17
printer destination ..............................................172
processing extensions .................................. 24, 142
registering.................................................... 142
selecting ...................................................... 144
processing servers, configuring .......................... 229
processing threads
Cache Server ............................................... 216
Page Server.................................................. 221
processing tier.................................................... 192
configuring .................................................. 221
product registration ................................................ 5
publishing ............................................................ 74
and object rights..........................................118
folders ...........................................................64
from the designer........................................... 84
options .......................................................... 74
report objects ..............................................139
reports and objects ........................................73
with CMC...................................................... 82
with Crystal Publishing Wizard...................... 75
Q
.qry files .............................................................316
query objects, from Seagate Info .......................... 89
R
refreshing cache files ......................................... 216
registration .............................................................5
re-initializing, APS database............................... 213
Remote Procedure Call ......................................239
remote resources, troubleshooting ..................... 319
remote servers
CCM for UNIX............................................... 12
CCM for Windows......................................... 11
CMC................................................................ 8
342
report instances ................................................. 138

managing ............................................ 146, 149
history .................................................... 149
scheduling .................................................. 153
setting limits ................................................ 174
viewing ....................................................... 149
report objects..................................................... 138
copying ....................................................... 141
creating a shortcut....................................... 141
database...................................................... 150
deleting ....................................................... 145
destination .................................................. 166
filters........................................................... 152
managing ............................................ 139, 146
moving........................................................ 141
parameters .................................................. 151
properties .................................................... 147
publishing ................................................... 139
scheduling .................................................. 153
searching .................................................... 146
setting
instance limits ........................................ 174
rights ...................................................... 176
specifying Job Servers.................................. 147
report packages from Seagate Info ....................... 89
report thumbnails, adding with reports ................ 67
report viewers, modifying options...................... 219
reports ............................................................... 138
adding to a folder individually ...................... 67
configuring servers for data sources............. 227
importing
from Crystal Enterprise ............................. 87
from Seagate Info ..................................... 89
managing .................................................... 146
modifying
number of jobs ....................................... 222
viewing options...................................... 219
publishing ..................................................... 73
multiple.................................................... 75
options ..................................................... 74
with CMC................................................. 82
saving directly to APS.................................... 84
scheduling with events................................ 163
troubleshooting ................................... 314, 316
when scheduling ......................................... 194
when viewing ............................................. 193
requirements, clustering..................................... 204
restarting servers ................................................ 200
restart.sh ............................................................ 287
restricting access from the top level ................... 131
restrictions
guest account ................................................ 31
logon ............................................................ 30
password....................................................... 30
user ............................................................... 31
rights ....................................................................96
Advanced ......................................................99
available ......................................................102
base .............................................................102
Full Control ...................................................99
importing
No Access .....................................................98
Schedule........................................................98
setting object rights......................................176
specifying for a folder ....................................68
tutorials .......................................................108
View ..............................................................98
View On Demand .........................................99
rights. See also object rights
Rights tab .............................................................96
root directories, File Repository Servers ..............215
root folders
default rights ................................................277
modifying security .........................................14
row-level security, processing extensions .............24
.rpt files, application mappings...........................300
S
saved data ..........................................................243
scalability...........................................................242
common scenarios.......................................243
general considerations .................................245
scaling, the system .............................................241
Schedule access level...........................................98
reference .....................................................275
schedule events.......................................... 180, 182
schedules
from Seagate Info ...........................................89
importing from Crystal Enterprise ...................87
scheduling
daily report ..................................................156
events ..........................................................163
information flow ..........................................194
monthly report .............................................159
on demand ..................................................153
report instances ...........................................153
run once ......................................................154
setting default
destinations.............................................223
disk destination .......................................223
FTP destination .......................................224
SMTP destinations...................................225
weekly report...............................................158
scripts for UNIX..................................................279
Seagate Info, importing information......................88
secEnterprise.dll ...................................................21
secLDAP.dll .........................................................23
secondary authentication .....................................18
Secure Sockets Layer (SSL) ................................... 29

and load balancing........................................ 26
security
active trust relationship.................................. 25
auditing web activity ..................................... 29
authentication ............................................... 16
authorization ................................................. 16
closed model............................................... 131
components................................................... 19
distributed ..................................................... 26
environment protection ................................. 28
firewalls......................................................... 29
Guest account restrictions ............................. 31
initial settings ................................................ 13
logon restrictions ........................................... 30
modifying default levels................................. 14
object rights................................................... 96
inheritance .............................................103
tutorials .................................................. 108
open model ................................................. 112
password restrictions ..................................... 30
plug-ins ......................................................... 20
predefined access levels ................................ 98
processing extensions .................................... 24
protection against malicious logon attempts..... 30
restrictions..................................................... 31
session tracking ............................................. 27
user restrictions ............................................. 31
web browser to web server............................ 29
web servers ................................................... 28
security plug-ins................................................... 20
Enterprise authentication ............................... 21
LDAP authentication ..................................... 23
Windows NT authentication.......................... 22
secWindows.dll ................................................... 22
selecting APS database....................................... 213
server dependencies, changing .......................... 239
server groups ..................................................... 254
creating ....................................................... 254
importing from Crystal Enterprise................... 88
subgroups....................................................255
server start up type, changing.............................240
serverconfig.sh ................................................... 283
servers ........................................186, 189, 192, 196
accessing the CCM ........................................ 11
adding ......................................................... 249
changing
startup type on Windows ........................ 240
status ...................................................... 199
configuring ................... 204, 221, 235, 238, 240
size of log files........................................ 234
with firewalls .......................................... 260
copying status.............................................. 203
deleting ....................................................... 251
dependencies on Windows ......................... 239
disabling...................................................... 201
343
enabling ...................................................... 201

grouping...................................................... 254
information flow ..........................................193
intelligence tier.................................... 189, 204
logging activity ............................................ 234
managing .................................................... 195
modifying group membership ...................... 257
printing status ..............................................203
processing tier ..................................... 192, 221
refreshing list using the CCM .......................204
registering by name ..................................... 237
restarting .....................................................200
starting ........................................................ 200
stopping ...................................................... 200
UNIX signal handling ..................................291
viewing
metrics.................................................... 197
status ...................................................... 199
session variables .................................................. 27
and WCS .......................................................19
sessions
tracking ......................................................... 27
viewing active ............................................. 198
setting
access levels.................................................. 98
advanced object rights................................. 100
initial security levels ...................................... 13
settings, viewing account activity .......................272
setup.sh .............................................................287
shared libraries, as processing extensions.............24
shortcuts, keyboard ................................................ 6
Sign Up
disabling.................................................. 13, 43
signal handling .................................................. 291
silentinstall.sh .................................................... 286
Single Sign On
disabling Guest account ................................ 14
NT................................................................. 52
NT authentication.......................................... 22
six-machine setup ..............................................244
SMTP destinations, setting defaults..................... 225
SOCKS ............................................... 262, 265, 268
sockssetup.sh .....................................................284
source environment, specifying............................ 90
starting
CCM for UNIX............................................... 12
CCM for Windows......................................... 11
servers .........................................................200
startservers .........................................................285
startup types, configuring servers .......................240
344
statistics, auditing web activity............................. 29

status, viewing and changing for servers ............ 199
sticky connections, and SSL ................................. 26
stopping servers ................................................. 200
stopservers......................................................... 285
styles, setting CMC preferences............................ 10
subfolders, creating.............................................. 65
subgroups of servers .......................................... 254
support, technical .................................................. 6
Sybase ............................................................... 227
syslog ................................................................ 234
system database, migrating ................................ 208
system information file (ODBC) ......................... 231
system metrics ................................................... 199
system security .................................................... 16
T
technical support ................................................... 6
temporary files, configuring Page Server ............ 221
third-party security plug-ins ................................. 20
three-machine setup .......................................... 244
thumbnails, adding with reports........................... 67
tickets
for distributed security................................... 26
logon tokens ................................................. 25
tiers ................................................................... 186
client........................................................... 187
data............................................................. 193
intelligence ................................................. 189
processing ................................................... 192
time zone, setting CMC preferences..................... 10
time zones, supporting multiple......................... 321
toolbars, customizing for report viewers ............ 219
tools
administration ................................................. 8
Crystal Configuration Manager (CCM) ........... 11
Crystal Management Console (CMC) ............... 8
UNIX .......................................................... 280
top-level folder, modifying security...................... 14
top-level, creating new folders............................. 64
tracking, sessions ................................................. 27
transfer of trust..................................................... 26
troubleshooting.................................................. 310
ePortfolio deployments ............................... 321
LDAP accounts ............................................. 61
NT accounts.................................................. 51
path mappings ............................................ 297
report viewing and processing..................... 313
virtual directories ........................................ 298
web accessibility ......................................... 311
web servers ......................................... 298, 300
trust, active trust relationship ............................... 25
tutorials ............................................................. 108
U
UNC paths .........................................................319
uninstall.sh.........................................................285
UNIX
administrative scripts ...................................279
and NT authentication ...................................22
command reference .....................................279
Crystal Configuration Manager ......................12
syslog ..........................................................234
tools ............................................................279
UNIX web servers
application mappings ..................................302
configuring virtual paths ..............................307
unmanaged disk destination ...............................167
setting defaults.............................................223
unmapping
LDAP accounts ..............................................57
NT accounts ..................................................47
upgrading
Crystal Import Wizard....................................86
from Crystal Enterprise ...................................86
from Seagate Info ...........................................88
user accounts .......................................................34
creating .........................................................37
deleting .........................................................39
modifying ......................................................39
user databases, NT4 and Windows 2000 Active
Directory .........................................................22
user folders...........................................................71
user rights.............................................................96
users.....................................................................34
delegated administrators ..............................125
importing
logging activity ............................................218
object rights
access levels .............................................98
advanced rights.......................................100
effective rights.........................................106
inheritance..............................................104
setting
instance limits on folders ..........................70
object rights ............................................176
viewing active sessions ................................198
utilities, UNIX reference .....................................279
V
View access level .................................................98
reference .....................................................275
View On Demand access level.............................99
reference .....................................................276
viewer virtual directory ......................................299
viewers
modifying settings ........................................219
setting CMC preferences ................................10
viewing
active users.................................................. 198
advanced object rights.................................100
APS cluster details ....................................... 199
current account activity ............................... 272
current metrics ............................................ 196
information flow.......................................... 193
licensing information................................... 271
object rights................................................... 96
server metrics .............................................. 197
system metrics .............................................199
virtual directories ............................................... 298
crystal.......................................................... 299
viewer ......................................................... 299
virtual path mappings ........................................ 304
W
WCS ............................................................ 19, 189
and authentication......................................... 17
and authorization .......................................... 18
and logon tokens ........................................... 19
and multiple web servers.............................322
and security................................................... 19
auditing web activity ..................................... 29
configuring .......................................... 218, 235
configuring SOCKS...................................... 265
default port.................................................. 235
logging web activity .................................... 218
WCS session variables ......................................... 27
tracking ......................................................... 28
WCSHOST variable, CGI Web Connector ......... 308
WCSHosts
Apache ........................................................307
NSAPI Web Connector ................................ 307
WCSPATHMAP variable, CGI Web Connector .... 308
WCSPathMap, NSAPI Web Connector............... 307
web activity, logging .......................................... 218
and security................................................... 19
metrics ........................................................197
Web Component Server. See WCS
Web Connectors ................................................ 190
CGI virtual paths .........................................308
configuring
NAT ....................................................... 263
SOCKS....................................................266
virtual path mappings .................................. 304
web distribution, Crystal Reports 8..................... 320
web farm, load balancing .................................. 322
345
web servers ........................................................ 189

application mappings ..................................300
performance, NT Single Sign On ................... 22
securing......................................................... 29
using multiple..............................................322
virtual directories......................................... 298
Windows
Crystal Configuration Manager ...................... 11
Event Log.....................................................234
Local System account ..................................227
server dependencies .................................... 239
Windows 2000
mapping accounts ......................................... 45
unmapping accounts ..................................... 47
Windows 2000 Active Directory .......................... 22
346
Windows NT
mapping accounts......................................... 44
unmapping accounts ..................................... 47
Windows NT Challenge/Response
authentication........................................... 22, 29
Windows NT security plug-in .............................. 22
and UNIX...................................................... 22
Windows NT Single Sign On, and ePortfolio ..... 322
Windows web servers
configuring virtual paths.............................. 305
X
XML................................................................... 228

Crystal Enterprise 8.5 - Administrator's Guide PDF

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Crystal Enterprise 8.5 - Administrator's Guide PDF

Enviado por

Direitos autorais:

Formatos disponíveis

Crystal Enterprise 8.

Crystal Decisions, Inc.

Product registration .......................................................................... 5

Chapter 2: Administering Crystal Enterprise

Working with the Crystal Configuration Manager .......................... 11

Making initial security settings ........................................................ 13

Crystal Enterprise Administrators Guide

Chapter 3: Crystal Enterprise Security Concepts

Security management components ................................................. 19

Active trust relationship .................................................................. 25

Sessions and session tracking .......................................................... 27

Environment protection .................................................................. 28

Auditing web activity ...................................................................... 29

Chapter 4: Managing User Accounts and Groups

Crystal Enterprise Administrators Guide

Default users ....................................................................................................... 34

Available authentication types ........................................................ 36

Managing NT accounts ................................................................... 44

Managing LDAP accounts ............................................................... 54

Crystal Enterprise Administrators Guide

Using account aliases for LDAP ........................................................................... 59

Chapter 5: Managing Folder Objects

Copying and moving folders ........................................................... 66

Chapter 6: Publishing Objects to Crystal Enterprise

Publishing with the Crystal Publishing Wizard ................................ 75

Crystal Enterprise Administrators Guide

Setting parameters ............................................................................................... 81

Publishing with the Crystal Management Console .......................... 82

Chapter 7: Importing Objects to Crystal Enterprise

Importing with the Crystal Import Wizard ...................................... 89

Chapter 8: Controlling Users Access to Objects

Using inheritance to your advantage ............................................ 103

Customizing a top-down inheritance model ............................... 108

Crystal Enterprise Administrators Guide

Chapter 9: Managing Report Objects and Instances

Report object management ........................................................... 139

Managing a report object and its instances ................................... 146

Chapter 10: Managing Events

Crystal Enterprise Administrators Guide

Chapter 11: Crystal Enterprise Architecture

Intelligence tier ............................................................................. 189

Processing tier ............................................................................... 192

Data tier ........................................................................................ 193

Chapter 12: Managing and Configuring Servers

Crystal Enterprise Administrators Guide

Viewing and changing the current status of servers ...................... 199

Configuring the intelligence tier ................................................... 204

Configuring the processing tier ..................................................... 221

Logging server activity .................................................................. 234

Chapter 13: Scaling Your System

Crystal Enterprise Administrators Guide

Live data ........................................................................................................... 243

Common configurations ................................................................ 243

General scalability considerations ................................................ 245

Adding and deleting servers .......................................................... 249

Chapter 14: Managing Server Groups

Chapter 15: Working with Firewalls

Configuring Crystal Enterprise to work with firewalls ................... 263

Crystal Enterprise Administrators Guide

Chapter 16: Licensing Information

Appendix A: Object Rights and Access Levels

Appendix B: UNIX Tools