Configuring HTTP Access to SQL Server 2008 Analysis Services on Microsoft Windows Server 2008

Since Team Foundation Server (TFS) uses SQL Server Analysis Services (SSAS) as its repository for all kinds of info, people are interested to expose the data through Excel or SQL Server Reporting Services (SSRS). SSAS doesn’t expose itself through the HTTP protocol by default, but this can be configured using this paper. I didn’t created the complete document myself but used this paper from Edward Melomed as start. The paper on Microsoft TechNet uses SSAS 2005 and Windows Server 2003. Both products are still widely used, but 2008 is the magic word nowadays. By the way, I can’t wait till his new book Microsoft SQL Server 2008 Analysis Services Unleashed is released.

Summary:  This paper is intended for anyone who is interested in providing access to SQL Server 2008 Analysis Services through HTTP protocol.The paper explains the steps required to set up HTTP access and discusses different performance and security settings. All the instructions in this paper are specific to the Microsoft Windows® Server™ 2008 operating system.

Overview

Microsoft® SQL Server™ 2008 Analysis Services uses the same architecture for providing HTTP access as did SQL Server 2005 Analysis Services.

The pump component is loaded into IIS (Internet Information Services) and serves as an ISAPI extension, pumping data from the client to an Analysis Services server and back.

This white paper walks you through the process of setting up HTTP access to Analysis Services when using Microsoft Windows Server™ 2008.

httpssas01_big

Figure 1 provides a high-level overview of the component architecture.

Getting binaries

To get binaries:

Copy the contents of the %Installation folder%OLAPbinisapi directory into the folder you would like to become the base for the virtual directory in IIS.

In this example, we are going to copy all the files from the C:Program FilesMicrosoft SQL ServerMSAS10.MSSQLSERVEROLAPbinisapi folder into the C:inetpubwwwrootolap directory.

Notes:  To take advantage of the full set of security settings, it is important to make sure that the folder to become the base for the virtual directory is located on the drive formatted for the NTFS file system.

Due to IIS limitations, the path to your directory should not contain spaces.

If you are planning to run the HTTP pump on a different server than the Analysis Services server, please make sure that you also install OLEDB for Analysis Redistributable package.

Creating an application pool

To create an application pool:

1.

To open the Computer Management console, open Control Panel, then Administrative Tools, then Computer Management.

(Or, right-click the My Computer icon and select Manage on the shortcut menu.)

2.

In the Computer Management console, expand the Roles node and then the Web Server (IIS) and Internet Information Services node.

If you can’t find the Internet Information Services node, IIS is probably not installed on your machine. To install it, open Add or Remove Programs in Control Panel. Select Add/Remove Windows Components. Then add IIS to Windows.

3.

Right-click the Application Pools to open the shortcut menu and select Add Application Pool...

4.

Name the application pool. In this example, we call it OLAP. (See Figure 2.)

httpasws02
Figure 2

Setting up an application

To use the application pool:

1.

To open the Computer Management console, open Control Panel, then Administrative Tools, then Computer Management.

(Or, right-click the My Computer icon and select Manage on the shortcut menu.)

2.

In the Computer Management console, expand the Roles node and then the Web Server (IIS) and Internet Information Services node.

If you can’t find the Internet Information Services node, IIS is probably not installed on your machine. To install it, open Add or Remove Programs in Control Panel. Select Add/Remove Windows Components. Then add IIS to Windows.

3.

Right-click the OLAP directory in your Web site to open the shortcut menu and select Convert to Application. Choose the application pool as one you’ve just created. (See Figure 3.)

httpasws03
Figure 3

Setting up directory properties

To set properties for the directory:

1.

Click your virtual directory node and select Handler Mappings from the menu. (See Figure 4.)

httpasws04
Figure 4

2.Make sure the directory has Read and Script permissions. This can be checked by clicking the “Edit Feature Permissions…” in

the top right corner of the Handler Mappings screen as shown in Figure 5.

httpasws04a
Figure 5

3.

In the top right corner of the Handler Mappings screen click the option ” Add Script Map…“.

4.

Enter *.dll in the Request path text box.

In the Executable option, enter the full path name to msmdpump.dll. In this example, it would be: C:wwwrootolapmsmdpump.dll

5.

Name the Script Map. In this example, we call it OLAP.

Your screen should look something like the dialog box shown in Figure 6.

httpasws05
Figure 6

6.

Click the OK button to accept the settings.

7.

When you hit OK to add the script mapping you will be prompted if you want to enable the ISAPI extension. (See Figure 7.)

httpasws06
Figure 7

8.

Click the Yes button to accept the settings.

9.The configuration of this decision can be found under ISAPI and CGI Restrictions of the server. (See Figure 8.)

httpasws07
Figure 8

10.Search for your extension and name it as shown in Figure 9.

httpasws08
Figure 9

11.

Click the OK button to accept the settings.

Selecting security settings

To select security settings:

1.

Click your virtual directory node and select Autentication from the menu. (See Figure 10.)

httpasws09
Figure 10

2.

You are presented with three options. Choose one of them. (See Figure 11)

httpasws10
Figure 11

This section briefly describes these options, citing the advantages, disadvantages, and security concerns of each one. All other options are not discussed in the paper. You can use Help for IIS to read more about it.

Anonymous access

When this mode is selected, the pump (msmdpump.dll) is running with credentials; in our case, these are the credentials of IUSR_MACHINENAME user. Therefore, every connection to Analysis Services is opened as IUSR user. When this mode is selected, there is no distinction between which user is connecting to IIS and which to Analysis Services. There is no way to distinguish between users.

This mode is to be used when the security infrastructure does not take advantage of the security functionality of Analysis Services. This is most likely an extremely controlled environment, where users are given or denied access to the virtual directory.

Windows authentication

This is the most secure and the recommended mode.

It requires that IIS Server be able to access user domain credentials. This could be done using Microsoft Active Directory® or another mechanism. It is beyond the scope of this paper to discuss all the possible configurations.

Basic authentication

This mode requires that the user enter a user name and password. The user name and password are transmitted over the HTTP connection to IIS. IIS will try to impersonate the user using the provided credentials.

Please note that it is absolutely imperative for anyone building a system where the password is transmitted to have ways of securing the communication channel. IIS provides a great set of tools for setting up and requiring that all communications be encrypted using HTTPS protocol.

3.For configuring anonymous authentication right-click Anonymous Authentication and then click Edit. You will see a dialog box similar to the one in Figure 12 Here you can configure a specific account which will be used to logon SSAS.

httpasws11
Figure 12

Selecting the target Analysis Services server

As you can see in the architectural diagram in Figure 1, every pump component uses its own configuration file.

Open the msmdpump.ini file located in your folder and take a look at the contents of this file. It should look like the following:

    1 <ConfigurationSettings>

    2     <ServerName>localhost</ServerName>

    3     <SessionTimeout>3600</SessionTimeout>

    4     <ConnectionPoolSize>100</ConnectionPoolSize>

    5     <MinThreadPoolSize>0</MinThreadPoolSize>

    6     <MaxThreadPoolSize>0</MaxThreadPoolSize>

    7     <MaxThreadsPerClient>4</MaxThreadsPerClient>

    8 </ConfigurationSettings>

The only setting you are interested in at this point is <ServerName>.

If the Analysis Services instance that you need to provide access to is located on the local machine and installed as a default instance, there is no reason to change this setting. Otherwise, you need to specify the machine name and instance name ( mymachineinst1).

It is also possible to specify a pointer to the virtual directory on another IIS server that is set up for HTTP access to Analysis Services.

For example, you could have <ServerName>http://secondmachine/olap/msmdpump.dll</ServerName>

Getting it all together

At this point you should have configured your HTTP pump and should be ready to connect from your application.

If your application provides you with a way to specify the server name, all you need to do is to substitute your server name with the path to your virtual directory concatenated with “msmdpump.dll”.

As in SQL Server 2005 Analysis Services, the MSOLAP OLEDB provider will understand that the server name includes an URL path and will automatically start using HTTP protocol.

For example, to connect to “MyMachine” from the MDX sample application, you should be able to connect to the Analysis Services server using “http://MyMachine/olap/msmdpump.dll” as a server name.

 

15 thoughts on “Configuring HTTP Access to SQL Server 2008 Analysis Services on Microsoft Windows Server 2008”

  1. Hi

    Thanks for writing this blog which is really very helpful. well as per your blog I have did all steps to establish http connection to Analysis server 2008 on Windows Server 2008 OS but whenever I am trying to open the connection I am getting following Error

    Exception :The connection either timed out or was lost.
    Inner Exception Msg :The remote server returned an error: (500) Internal Server Error.

    Conn string used:PROVIDER=MSOLAP.3;DATA SOURCE=http:///OLAP/msmdpump.dll;INITIAL CATALOG=

    Config file setting:
    timeout setting set 0

    IIS Setting: Anonymous access available with IUSR user

  2. I have followed these steps but when I try to connect I get:

    Cannot connect to http://localhost/olap/msmdpump.dll.

    ADDITIONAL INFORMATION:
    The connection either timed out or was lost. (Microsoft.AnalysisServices.AdomdClient)

    The remote server returned an error: (500) Internal Server Error. (System)

    My IIS is on a separate box from my SSAS, but I can access SSAS from my IIS box.

    Any ideas?

  3. Hi Mike, thanks for writing this, as I’ve been wanting to do this with AS2008. One problem though, is I cannot find the OLAPISAPI folder for AS2008. Does this folder exist in AS2008, or is it called something different?

    Please advise.

    Thanks!
    -Dan

  4. Hi, thank you very much for your article, saved my life today, I was going nuts trying to install Report Portal in Windows Server 2008 with Analysis Services 2008.

    Just a quick note, I think you made a typo, where it says “In this example, it would be: C:wwwrootolapmsmdpump.dll” I think the correct path should be “C:inetpubwwwrootolapmsmdpump.dll”

    Cheers,

    mprost

  5. 99% of this content is a verbatim copy/paste from the MS White Paper. 3 different screenshots doesn’t constitute “i only used it as a start”.
    Srsly.

  6. Good afternoon, I have the same problem

    ADDITIONAL INFORMATION:

    The connection either timed out or was lost. (Microsoft.AnalysisServices.AdomdClient)

    The remote server returned an error: (500) Internal Server Error. (System)

    Someone managed to solve?

    Thanks

  7. This has been very helpful. Is there an easy way to script this out once it is set up? I need to repeat on a few servers and want them all exactly the same. Any links to samples in C# would be fantastic.

  8. I wanted to add in a comment on 64-bit vs. 32-bit. I am running Vista Business on a 64-bit machine. I kept getting “405.0 – Method not allowed” errors when trying the http URL to the msmdpump.dll. The error seemed as though it was not accepting the POST method, but in fact the issue was that my OLAP application pool should not be enabled for 32-bit applications. If you go to the advanced settings on the OLAP application pool, the 2nd setting from the very top is, “Enable 32-Bit Applications” and it must be set to “False” since I am running on a 64-bit machine.

    - Andy

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>