Embed Size (px)
DESCRIPTION
Excel Services Overview
Citation preview
xcel Services overview (SharePoint Server 2010)SharePoint 2010Other Versions
Updated: October 11, 2011
Excel Services in Microsoft SharePoint Server 2010 is a shared service that you can use to publish Microsoft Excel 2010 workbooks on SharePoint Server. The published workbooks can be managed and secured according to your organizational needs and shared among SharePoint Server 2010 users, who can render the workbooks in a browser. Excel Services was introduced in Microsoft Office SharePoint Server 2007 and is available only in the Enterprise edition of SharePoint Server 2010.
Note:
Microsoft Excel Web App, part of Microsoft Office Web Apps, also supports Excel workbooks in the browser. For more information about Excel Web App, see Getting started with Excel Web App (http://go.microsoft.com/fwlink/p/?LinkId=230604).
Note:
While users can interact with Excel workbooks through Excel Services, the workbooks cannot be edited by using Excel Services.
Excel Services consists of Excel Calculation Services, the Microsoft Excel Web Access Web Part, and Excel Web Services for programmatic access. It supports sharing, securing, managing, and using Excel 2010 workbooks in a browser by providing the following:
Global settings for managing workbooks, which include settings for security, load balancing, session management, memory utilization, workbook caches, and external data connections.
Trusted file locations (which allow you to define which document libraries are trusted by Excel Services) together with session management, workbook size, calculation behavior, and external data settings of workbooks stored in those locations.
An extensive list of trusted data providers for connecting to your data, plus the ability to add your own trusted data provider.
Trusted data connection libraries, which allow you to define which data connection libraries in your farm are trusted by Excel Services.
The ability to add your own user-defined function assemblies.Looking at several specific scenarios can help you understand how best to take advantage of Excel Services:
Sharing workbooks through the browser Users can save Excel 2010 workbooks to a SharePoint Server document library to give other users browser-based access to the server-calculated version of the workbook. When the workbook is accessed, Excel Services loads the workbook, refreshes the external data if it is necessary, calculates it if it is necessary, and sends the resulting output view back through the browser. A user can interact with Excel-based data by sorting, filtering, expanding, or collapsing PivotTables, and by passing in parameters. This provides the ability to perform analysis on published workbooks. A user does not have to have Excel 2010 installed to view the workbook. Users will always view the latest version of a workbook, and they can interact with it in a browser. Security permissions can be set to limit what access is provided to which user.
Building business intelligence (BI) dashboards Browser-based dashboards can be created by using Excel and Excel Services together with the Excel Web Access Web Part. PerformancePoint Services can also use Excel Services workbooks as a data source.
Reuse of logic encapsulated in Excel workbooks in custom applications Besides a browser-based interface with the server, Excel Services provides a Web-service–based interface so that a published workbook can be accessed programmatically by any application that uses Web services. The Web service applications can change values, calculate the workbook, and retrieve some or all of the updated workbook by using that interface according to what security permissions are set for the published workbook.
Report Building One of the most useful features of Excel Services is report building. By publishing data-connected workbooks to a SharePoint document library and making them available through Excel Services, you can make reports that you have created in Excel available to others in your organization. Instead of multiple users having separate copies of the workbooks on their computers, the workbooks can be created and changed by a trusted author in a central location that is trusted by Excel Services. The correct version of the worksheet is easier to find, share, and use from Excel, SharePoint Server, and other applications.
Overview of Excel Services architecture (SharePoint Server 2010)SharePoint 2010
5 out of 10 rated this helpful - Rate this topic
Published: May 8, 2010This article describes Excel Services architecture. Excel Services is built on the Microsoft SharePoint Server 2010 platform. Consequently, Excel Services uses SharePoint Server authentication and authorization.
Excel Services componentsExcel Services in Microsoft SharePoint Server 2010 can be deployed on a stand-alone SharePoint Server (for evaluation/test environments) or in a SharePoint farm, a typical production environment. Both the SharePoint Server 2010 and Excel Services architecture is designed to meet the deployment needs ranging from a department setup inside an organization to a global enterprise scenario. Excel Services includes three core components:
Excel Calculation Services is the main Excel Services component that loads the spreadsheet and workbook, calculates the spreadsheets, refreshes external data, and maintains session state for interactivity.
Excel Web Access is a Web Part that displays data and charts from Excel workbooks. Excel Web Services is a Web Service hosted in SharePoint that provides various methods for developers to
calculate, set, and extract values from workbooks, and to refresh external data connections.These three Excel Services components reside either on the Web front end server or on the back end application server. A standard Excel Services production environment that has many users uses two or more Web front end and application servers. A test or development environment typically hosts all Excel Services components on a single server.The following diagram shows the Excel Services basic 2010 architecture as related to the Microsoft SharePoint 2010 Products content database and the external data sources.
Performance and scalabilityScalability for an Excel Services production environment can be achieved by adding more memory or higher-powered processors to the servers. Also, more Web front end servers or application servers can be added to the farm to address any instances that relate to server loads and performance. You can run the Excel Calculation Services service on multiple application servers if it is necessary. You can add more Web front end and application servers independently. For example, you can add many Web front end servers and use a single application server or add many applications servers and only deploy one or two Web front end servers.If you have more large workbooks, or if your workbooks contain many calculations and use lots of external data, then you may want to add more application servers that are running Excel Calculation Services to your farm. If you have basic or simple workbooks and many users view them or the workbooks contain many charts, or on the other hand, if you have dashboards with many workbooks, you might consider adding more Web front end servers to your farm.The largest Excel Services performance factor depends on the type, size of the workbooks, and external data connections in the workbooks used with Excel Services. See Plan Excel Services authentication (SharePoint Server 2010) for more information about how to configure the Excel Services settings.
Plan Excel Services data sources and external
connections (SharePoint Server 2010)SharePoint 2010
1 out of 3 rated this helpful - Rate this topic
Published: May 12, 2010To configure Microsoft SharePoint Server 2010 to enable workbooks rendered in a browser by Excel Services to successfully refresh external data, you must understand the relationships and dependencies between SharePoint Server 2010 and Excel Services.In this article:
Connections and Excel workbooks Data providers Authentication to external data Trusted data connection libraries and managed connections Excel Services security and external data
Connections and Excel workbooksEvery Excel workbook that uses external data contains a connection to a data source. Connections consist of everything that is required to establish communications with, and retrieve data from, an external data source. This includes the following:
A connection string (a string that specifies which server to connect to and how to connect to it). A query (a string that specifies what data to retrieve). Any other specifics required to get the data.
Embedded and linked connectionsExcel workbooks can contain embedded connections and can link to external connections. Embedded connections are stored internally as part of the workbook. External connections are stored in the form of Office Data Connection (ODC) files that can be referenced by a workbook.Embedded and external connections function the same way. Both will correctly specify all the required parameters to connect to data successfully. External connection files can be centrally stored, secured, managed, and reused. They are a good choice when planning an overall approach to getting a large group of users connected to external data. For more information, see Trusted data connection libraries and managed connections.For a single connection, a workbook can have both an embedded copy of the connection information and a link to an external connection file. The connection can be configured to always use an external connection file to refresh data from an external data source. In this case, if the external connection file cannot be retrieved, or if it does not establish a connection to the data source, the workbook cannot retrieve data. If the connection is not configured to use only an external connection file, Excel attempts to use the embedded copy of a connection. If that fails, Excel attempts to use the connection file to connect to the external data source.For security purposes, Excel Services can be configured to enable only connections from connection files. In this configuration, all embedded connections are ignored for workbooks loaded on the server, and connections are tried only when there is a link to a valid connection file that is trusted by the server administrator. For more information, see Trusted data connection libraries and managed connections.Data providersData providers are drivers that applications (such as Excel and Excel Services) use to connect to specific data sources. For example, a special MSOLAP data provider is used to connect to Microsoft SQL Server 2008 Analysis Services (SSAS). The data provider is specified as part of the connection string when you connect to a data source.Data providers handle queries, parsing connection strings, and other connection-specific logic. This functionality is not part of Excel Services. Excel Services cannot control how data providers behave.Any data provider that is used by Excel Services must be explicitly trusted by Excel Services. For information about how to add a new data provider to the trusted providers list, see Manage Excel Services connections (SharePoint Server 2010).By default, Excel Services trusts many well-known data providers. In most cases, you do not have to add a new data provider. Data providers are typically added for custom solutions.Authentication to external dataData servers require a user to be authenticated, that is, identify oneself to the server. The next step is authorization, communicating to the server the permitted actions associated with the user. Authentication is required for the data server
to perform authorization, or to enforce security restrictions that prevent data from being exposed to anyone other than authorized users.Excel Services has to communicate to the data source which user is requesting the data. In most scenarios, this is going to be the user viewing an Excel report in a browser. This section explains authentication between Excel Services and an external data source. Authentication at this level is shown in the following diagram. The arrow on the right side shows the authentication link from an application server that runs Excel Calculation Services to an external data source.
Note:
Excel Services accesses external data sources by using a delegated Windows identity. Consequently, external data sources must reside within the same domain as the SharePoint Server 2010 farm or Excel Services must be configured to use the Secure Store Service. If the Secure Store Service is not used and external data sources do not reside within the same domain, authentication to the external data sources will fail. For more information, see Planning considerations for services that access external data sources in “Services Architecture Planning.”
Excel Services supports the following authentication options: Windows Authentication Excel Services uses Integrated Windows authentication and attempts to connect to
the data source by using the Windows identity of the user who is displaying the workbook. SSS Excel Services will use the credentials associated with the specified Secure Store target application. None Excel Services will impersonate the unattended service account and pass the connection string to the data
source.The authentication option is configured in Microsoft Excel and is a property of the external data connection. The default value is Windows Authentication.Integrated Windows authenticationIf you choose the Windows Authentication option, Excel Services attempts to pass the Windows identity of the user viewing the Excel workbook to the external data source. Kerberos delegation is required for any data source that is located on a different server than the server where Excel Calculation Services is running, if that data source is using Integrated Windows authentication.In most enterprise environments, Excel Calculation Services will be running on a different computer from the data source. This means that Kerberos delegation (constrained delegation is recommended) will be required to enable data connections that use Windows authentication. For more information about how to configure Kerberos constrained delegation for Excel Services, see Configure Kerberos authentication for SharePoint 2010 Products (white paper).Secure Store ServiceSecure Store is a SharePoint Server 2010 service application that is used to store encrypted credentials in a database for use by applications to authenticate to other applications. In this case, Excel Services uses Secure Store to store and retrieve credentials for use in authenticating to external data sources.If you choose the SSS (Secure Store Service) option, you must then specify the application ID of a Secure Store target application. The specified target application serves as a lookup that is used to retrieve the appropriate set of credentials. Each target application can have permissions set so that only specific users or groups can use the stored credentials.When provided with an application ID, Excel Services retrieves the credentials from the Secure Store database for the user who is accessing the workbook (either through the browser, or using Excel Web Services). Excel Services then uses those credentials to authenticate to the data source and retrieve data.
For information about how to use Secure Store with Excel Services, see Use Excel Services with Secure Store (SharePoint Server 2010).NoneWhen you select the None option, no credential retrieval occurs, and no special action is taken for authentication for the connection. Excel Services does not try to delegate credentials, and does not try to retrieve credentials that are stored for the user from the Secure Store database. Instead, Excel Services impersonates the unattended service account and passes the connection string to the data provider that handles authentication.The connection string may specify a user name and password to connect to the data source or may specify that the Windows identity of the user or computer that is issuing the request be used to connect to the data source. In either case, the unattended account is impersonated first and then the data source connection is made. The connection string and the provider determine the authorization method. Additionally, authorization can be based on either the credentials found in the connection string or the impersonated unattended account's Windows identity. For more information, see Unattended service account.Excel Services security and external dataExcel Services manages workbooks and external data connections by using the following:
Trusted file locations Locations designated by an administrator from which Excel Services can load workbooks Trusted data connection libraries SharePoint Server 2010 data connection libraries that have been explicitly
trusted by an administrator from which Excel Services can load data connection files Trusted data providers Data providers that have been explicitly trusted by an administrator Unattended service account A low-privileged account that Excel Services can impersonate when it makes
data connectionsTrusted file locationsExcel Services only loads workbooks from trusted file locations. A trusted file location is a SharePoint Server location, network file share, or Web folder address that the administrator has explicitly enabled workbooks to be loaded from. These directories are added to a list that is internal to Excel Services. This list is known as the trusted file locations list.Trusted locations can specify a set of restrictions for workbooks loaded from them. All workbooks loaded from a trusted location adhere to the settings for that trusted location. Here is a short list of the trusted location settings that affect external data:
Allow External Data Defines how external data can be accessed. The options for this include the following:o No data access allowed (default).
o Only connection files in a trusted SharePoint Server 2010 data connection library are allowed.
o Connections embedded in workbooks allowed in addition to connection files from a trusted data
connection library. Warn on Refresh Defines whether to show the query refresh warnings or not.
Stop When Refresh on Open Fails Defines whether to fail the workbook load if external data does not refresh when the workbook opens. This is used in scenarios where the workbook has cached data results that will change depending on the identity of the user viewing the workbook. The objective is to hide these cached results and make sure that any user who views the workbook can see only the data that is specific to that user. In this case, if the workbook is set to refresh on open and the refresh fails, the workbook is not displayed.
Note:
This only works if the user does not have Open Items permissions on the workbook, because a user who can open the workbook directly in Excel can always see the cached data results. You can prevent the user from opening the workbook in Excel by making sure that the user only has Viewers permissions in the document library.
External Data Cache Lifetime Defines external data cache expiration times. Data is shared among many users on the server to improve scale and performance, and these cache lifetimes are adjustable. This accommodates scenarios in which query execution should be kept to a minimum because the query might take a long time to execute. In these scenarios, the data often changes only daily, weekly, or monthly instead of by the minute or every hour.
Trusted data connection libraries and managed connectionsA data connection library is a SharePoint Server 2010 library that is designed to store connection files, which can then be referenced by Office 2010 applications, such as Excel and Microsoft Visio. Excel Services only loads connection files from trusted SharePoint Server 2010 data connection libraries. A trusted data connection library is a library that the server
administrator has explicitly added to an internal trusted list. For information about how to trust a data connection library for use with Excel Services, see Manage Excel Services connections (SharePoint Server 2010).Data connection libraries let you centrally manage, secure, store, and reuse data connections.Reusing connectionsUsers can reuse connections that were created by other users and create different reports that use the same data source. You can have the IT department or a business intelligence expert create connections, and other users can reuse them without having to understand the details about data providers, server names, or authentication. The location of the data connection library can even be published to Office clients so that the data connections are displayed in Excel or in any other client application that uses the data connection library. For more information, see Manage Excel Services connections (SharePoint Server 2010).Managing connectionsBecause workbooks contain a link to the file in a data connection library, if something about the connection changes (such as a server name or a Secure Store application ID), only a single connection file has to be updated instead of potentially many workbooks. The workbooks will obtain the connection changes automatically the next time that they use that connection file to refresh data from Excel or Excel Services.Securing connectionsThe data connection library is a SharePoint library, and it supports all the permissions that SharePoint Server 2010 does, including per-folder and per-item permissions. The advantage that this provides on the server is that a data connection library can become a locked-down data connection store that is highly controlled. Many users may have read-only access to it. This enables them to use the data connections. But they can be prevented from adding new connections. By using access control lists (ACLs) with the data connection library, and letting only trusted authors upload connections, the data connection library becomes a store of trusted connections.Excel Services can be configured to load connection files only from data connection libraries that are explicitly trusted by the server administrator, and to block loading of any embedded connections. In this configuration, Excel Services uses the data connection library to apply another layer of security around data connections.Data connection libraries can even be used together with the new Viewer role in SharePoint Server 2010 that enables those connections to be used to refresh workbooks rendered in a browser by Excel Services. If the Viewer role is applied, users cannot access the connection file contents from a client application, such as Excel. Therefore, the connection file contents are protected but still can be used for workbooks refreshed on the server.Trusted data providersExcel Services only uses external data providers that are on the Excel Services trusted data providers list. This is a security mechanism that prevents the server from using providers that the administrator does not trust. For information about how to trust a data provider, see Manage Excel Services connections (SharePoint Server 2010).Unattended service accountExcel Services runs under a highly privileged account. Because Excel Services has no control over the data provider and does not directly parse provider-specific connection strings, using this account for the purposes of data access would be a security risk. To lessen this risk, Excel Services uses an unattended service account. This is a low-privileged account that is impersonated by Excel Services if either of the following conditions are true:
Any time that it is trying a connection where the None authentication option is selected. Whenever the SSS (Secure Store Service) option is selected and the stored credentials are not Windows
credentials.If the None option is selected and the unattended account does not have access to the data source, Excel Services impersonates the unattended service account and uses information that is stored in the connection string to connect to the data source.If the None option is selected and the unattended account has access to the data source, a connection is successfully established using the credentials of the unattended service account. Use caution when you design solutions that intentionally use this account to connect to data. This is a single account that potentially can be used by every workbook on the server. It is possible for any user opening a workbook with an authentication setting of None using Excel Services to view that data by using the server. In some scenarios, this might be needed. However, Secure Store is the preferred solution for managing passwords on a per-user or per-group basis.If the SSS (Secure Store Service) option is selected and the stored credentials are not Windows credentials, Excel Services impersonates the unattended service account and then attempts to connect to the data source by using the stored credentials.If the Windows Authentication option is selected, or if the SSS option is selected and the stored credentials are Windows credentials, then the unattended service account is not used. Instead, Excel Services impersonates the Windows identity and attempts to connect to the data source.
Plan Excel Services authentication (SharePoint Server 2010)SharePoint 2010
2 out of 4 rated this helpful - Rate this topic
Published: May 12, 2010Excel Services in Microsoft SharePoint Server 2010 gives you a significant level of precise control for the processing and displaying of Excel workbooks. You can control how workbooks are opened on the server and the specific capabilities that are enabled for each workbook. This article describes the security and authentication settings for Excel Services and related components that you must consider when planning a deployment. This article also contains prescriptive guidance for using Excel Services to help secure and manage access to workbooks on the server.In this article:
About Excel Services security Plan user authentication Communication among servers Plan external data authentication
About Excel Services securityThe security model for Excel Services is based on the concept that to make sure of data integrity and quality, an administrator must be able to centrally manage shared resources and user access to corporate intellectual property contained in workbooks. To do this you can use Excel Services to specify:
Trusted file locations These are SharePoint document libraries, UNC paths, or HTTP Web sites that have to be explicitly trusted before Excel Services can access them. Excel Services opens workbooks that are stored in trusted file locations only.
Trusted data providers These are data providers that Excel Services is explicitly configured to trust when it is processing data connections in workbooks. Excel Services attempts to process a data connection only if the connection uses a trusted data provider.
Trusted data connection libraries These are SharePoint document libraries that contain Office data connection (.odc) files. The .odc files are used to centrally manage connections to external data sources. Instead of allowing embedded connections to external data sources, Excel Services can be configured to require that you use .odc files for all data connections. The .odc files are stored in data connection libraries, and the data connection libraries have to be explicitly trusted before Excel Services will allow workbooks to access them.By default, cross-domain workbook and data connection access is not enabled. To allow workbooks in trusted file locations (and data connections in trusted data connection libraries) to be accessed across domains by Web Parts, Web pages, or Web services, run the Windows PowerShell cmdlets, as shown in the examples in Manage Excel Services with Windows PowerShell (SharePoint Server 2010).
The requesting Web pages and the workbooks or data connections must live in the same farm.
Note:
When you open a workbook in Excel Services, a temporary file is stored in the %TEMP% folder of the application server that is running Excel Services.
Plan user authenticationWe recommend that you store Excel workbooks you will use with Excel Calculation Services in SharePoint Server 2010 document libraries, because SharePoint Foundation 2010 maintains an access control list (ACL) for these files. Excel Services can also open workbooks from UNC paths and HTTP Web sites.
Authentication for user access to a SharePoint site is performed by SharePoint Server 2010. By default, SharePoint Server uses Integrated Windows authentication.In addition to the listed authentication methods, Excel Services also supports generic forms-based authentication. However, configuring SharePoint Server to use generic forms-based authentication is not discussed here.
Communication among serversClaims-based authentication is the authentication mechanism used by SharePoint Server 2010 within the farm. It is a Microsoft and industry standard with broad support. Claims authentication helps improve security and authentication when you deploy farms, Office Business Applications, and SharePoint services in different environments. Excel Services uses claims-based authentication for all deployment scenarios, whether in a single server installation or in a farm environment. Additionally, the authentication and authorization of users to all content and resources within SharePoint Server 2010 is much more secure with claims-based authentication.
Plan external data authenticationExcel Services supports three data authentication options: Windows Authentication, SSS (Secure Store Service), and None. The data authentication setting is configured as part of the data connection properties in an Excel workbook or in an external Office Data Connection (ODC) file.Integrated Windows authenticationIf you choose the Windows Authentication option, Excel Services will attempt to pass the Windows identity of the user viewing the Excel workbook to the external data source. Kerberos delegation is required for any data source that is located on a different server than the server where Excel Calculation Services is running, if that data source is using Integrated Windows authentication.In most enterprise environments, Excel Calculation Services will be running on a different computer from the data source. This means that Kerberos delegation (constrained delegation is recommended) will be required to enable data connections that use Integrated Windows authentication. For more information about how to configure Kerberos constrained delegation for Excel Services, see Configure Kerberos authentication for SharePoint 2010 Products (white paper).Secure Store Service authenticationSecure Store is a SharePoint Server 2010 service application that is used to store encrypted credentials in a database for use by applications to authenticate to other applications. In this case, Excel Services uses Secure Store to store and retrieve credentials for use in authenticating to external data sources.If you choose the SSS (Secure Store Service) option, you must then specify the application ID of a Secure Store target application. The specified target application serves as a lookup that is used to retrieve the appropriate set of credentials. Each target application can have permissions set so that only specific users or groups can use the stored credentials.Excel Services supports both individual and group mappings. With individual mappings, a single user is mapped to a single set of credentials stored in Secure Store. With group mappings, a group of users is mapped to a single set of credentials stored in Secure Store.For more information about how to use Excel Services with Secure Store, see Use Excel Services with Secure Store (SharePoint Server 2010).NoneWhen you select the None option, no credential retrieval occurs and no special action is taken for authentication for the connection. Excel Services does not try to delegate credentials, and it does not try to retrieve credentials that are stored for the user from the Secure Store database. Instead, Excel Services impersonates the unattended service account and passes the connection string to the data provider that handles authentication.The connection string may specify a user name and password to connect to the data source or it may specify that the Windows identity of the user or computer that is issuing the request be used to connect to the data source. In either case, the unattended account is impersonated first and then the data source connection is made. The connection string and the provider determine the authorization method. Additionally, authorization can be based on either the credentials found in the connection string or the impersonated unattended account's Windows identity. For more information, see Unattended service account.Unattended service accountExcel Services runs under a highly privileged account. Because Excel Services has no control over the data provider and does not directly parse provider-specific connection strings, using this account for the purposes of data access would be a security risk. To lessen this risk, Excel Services uses an unattended service account. This is a low-privileged account that is impersonated by Excel Services if either of the following conditions are true:
Any time that it is trying a connection where the None authentication option is selected. Whenever the SSS (Secure Store Service) option is selected and the stored credentials are not Windows
credentials.You can configure the unattended service account either as a domain account or as a local computer account. If the unattended service account is configured as a local computer account, make sure that the configuration is identical on every application server that runs Excel Calculation Services.The credentials for the unattended service account are cached on the connection and on each workbook session. Each time that a workbook is loaded that has a data connection that uses the unattended service account and if the credentials are not already cached for that connection, the unattended service account is obtained from Secure Store and used. In other
words, the unattended service account credentials are not cached globally but are instead taken from Secure Store as needed for each session or data connection.Restrict the permissions of the unattended service account to enable only logging on to the network. Verify that the unattended service account does not have access to any SharePoint Server 2010 databases.Security settingsTo configure administrative settings for Excel Services, including security settings, open the SharePoint Central Administration Web site and access the Excel Services Global Settings page. See Excel Services administration (SharePoint Server 2010) for more information.The Excel Services Global Settings page provides configuration settings for the following security options:
File Access Method Connection Encryption
File access methodOn the Excel Services Global Settings page, in the Security section, under File Access Method, select either Impersonation or Process account.
Impersonation This enables a thread to run in a security context other than the context of the process that owns the thread. Select Impersonationto require Excel Calculation Services to authorize users when they try to access workbooks that are stored in UNC and HTTP locations. Selecting this does not affect workbooks that are stored in SharePoint Server 2010 databases. In most server farm deployments in which front-end web servers and Excel Calculation Services application servers run on different computers, impersonation will require constrained Kerberos delegation.
Process account If Excel Calculation Services application servers are opening workbooks from UNC shares or HTTP Web sites, the user account will not be impersonated, and the process account will be used.
Connection encryptionYou can use Internet Protocol Security (IPsec) or Secure Sockets Layer (SSL) to encrypt data transmission among Excel Calculation Services application servers, data sources, client computers, and front-end web servers. To require encrypted data transmission between client computers and front-end web servers, click the Connection Encryption setting Required. Not required is the default setting. If you change the Connection Encryption setting to Required, the Excel Calculation Services application server will only enable data transmission between client computers and front-end web servers over SSL connections.If you decide to require encrypted data transmission, you will have to manually configure IPsec or SSL. You can require encrypted connections between client computers and front-end web servers while enabling connections that are not encrypted between front-end web servers and Excel Calculation Services application servers.Trusted file locationsTrusted file locations are SharePoint sites, UNC paths, or HTTP Web sites from which Excel Services is permitted to access workbooks.In the Location section of the Excel Services Add Trusted File Location page, you can configure the address, the location type, and whether child libraries of trusted file locations are also trusted. By selecting Trust Children you can improve manageability. However, you can also create a potential security issue by enabling subsites and subdirectories of trusted locations to be automatically trusted as soon as they are created.In the Session Management section, you can configure settings to help conserve resource availability and improve Excel Services performance and security. Performance can decrease when many users have multiple Excel Services sessions open at the same time. You can control resource consumption and limit the duration of open Excel Services sessions by configuring two time-out settings for open sessions.The Session Timeout setting determines the time that an Excel Services session can remain open and inactive after each user interaction. The Short Session Timeout setting determines how long an Excel Services session can remain open and inactive after the initial session request. The New Workbook Session Timeout setting determines how long an Excel Services session for a new workbook can remain open and inactive before it is shut down. You can also control the number of seconds allowed for any single session request by configuring a Maximum Request Duration value. By limiting how long sessions remain open, you can help reduce the risk of denial-of-service attacks.
In the Workbook Properties section, you can configure a maximum size of any workbook, chart or image that is permitted to be opened in an Excel Services session. Performance and resource availability can be compromised when users open extremely large workbooks. Unless you control the allowable size of workbooks running in open Excel Services sessions, you risk users exceeding your resource capacity and causing the server to fail.
Note:
If an application server that runs Excel Calculation Services fails or is shut down, all open sessions on the
server are lost. In a stand-alone installation, Excel Services will no longer be available. This means that workbooks cannot be loaded, recalculated, refreshed, or retrieved by . In a server farm deployment that includes multiple application servers that run Excel Calculation Services, shutting down one server does not affect open sessions that are running on other servers. Users with sessions running on a server that is shut down are prompted to reopen their workbooks. When users start a new session, they are automatically routed to active application servers that are running Excel Calculation Services.
In the External Data section, you can determine whether workbooks stored in trusted file locations and opened in Excel Services sessions can access an external data source. You can designate whether Allow External Data is set to None, Trusted data connection libraries only, or Trusted data connection libraries and embedded. If you select either Trusted data connection libraries only or Trusted data connection libraries and embedded, the workbooks stored in the trusted file locations can access external data sources.External data connections can be accessed only when they are embedded in or linked from a workbook. Excel Services checks the list of trusted file locations before it opens a workbook. If you select None, Excel Services will block any attempt to access an external data source. If you manage data connections for many workbook authors, consider specifying Trusted data connection libraries only. This ensures that all data connections in all of the workbooks generated by authenticated workbook authors have to use a trusted data connection library to access any external data sources.If you manage data connections for only a few workbook authors, consider specifying Trusted data connection libraries and embedded. This enables workbook authors to embed direct connections to external data sources in their workbooks, but still have access to trusted data connection libraries if the embedded links fail.In the Warn on Refresh area of the External Data section, you can specify whether a warning is displayed before a workbook updates from an external data source. By selecting Refresh warning enabled, you ensure that external data is not automatically refreshed without user interaction.In the Display Granular External Data Errors option, if you enable the Granular External Data Errors setting it provides descriptive error messages to display that provide helpful information for troubleshooting and fixing connection problems.In the Stop When Refresh on Open Fails area, you can specify if Excel Services stops opening a workbook if the workbook contains a Refresh on Open data connection that fails. By selecting Stopping open enabled, you ensure that cached values are not displayed if an update operation fails when the workbook is opened by any user having View Only permissions to the workbook. When Refresh on Open is successful, cached values are purged. By clearing theStopping open enabled check box, you risk displaying cached values if Refresh on Open fails.In the External Data Cache Lifetime area of the External Data section, you can specify the maximum time that cached values can be used before they expire, and the maximum number of external data queries that can execute at the same time in a single session.To make sure that only trusted users have access to workbooks stored in trusted locations, it is important to enforce ACLs on all trusted file locations.There are three core scenarios to deploy Excel Services: enterprise, small department, and custom.In an enterprise deployment, consider the following guidelines:
Do not configure support for user-defined functions. Do not enable workbooks to use embedded data connections to directly access external data sources. Limit the use of data connection libraries for external data source access from workbooks. Restrict the size of workbooks that can be opened in Excel Services. Selectively trust specific file locations and do not enable Trust Children for trusted sites and directories.
In a small department deployment, consider the following guidelines: Enable trust for all file locations that are used by department members to store workbooks. Enable Trust Children for all trusted sites and directories. Selectively restrict access to specific file locations if problems occur.
In a custom deployment, consider the following guidelines: Enable Excel Services to open large workbooks. Configure long session time-out settings. Configure large data caches. Create a single trusted location for this deployment. Do not enable Trust Children for this trusted location.
Trusted data providersYou can control access to external data by explicitly defining the data providers that are trusted and adding them to the list of trusted data providers. The list of trusted data providers designates specific external data providers to which workbooks opened in Excel Services are permitted to connect.Before instantiating a data provider to enable a workbook to connect to an external data source, Excel Services checks the connection information to determine whether the provider appears on the list of trusted data providers. If the provider is listed, a connection is tried; otherwise, the connection request is ignored.
Trusted data connection librariesA trusted data connection library is a data connection library from which you have determined that it is safe to access .odc files. Data connection libraries are used to help secure and manage data connections for workbooks that are accessed by Excel Services. You can designate a data connection library as trusted by adding it to the Excel Services trusted data connection libraries list.If a data connection is linked from a workbook that is accessed by Excel Services, the server checks the list of trusted data connection libraries. If the data connection library is listed, a connection is tried by using the .odc file from the data connection library; otherwise, the connection request is ignored.View Only permissionsYou can specify users who are only permitted to view workbooks by adding them to the SharePoint Server 2010 Viewers group or by creating a new group configured to use View Only permissions. By default, the Viewers group is configured to use View Only permissions. Users added to a group configured to use View Only permissions can view, open, interact with, refresh, and recalculate workbooks. But they are prevented from accessing the source file in any way, other than by using Excel Services. This helps you protect your proprietary information.Workbooks and workbook data objects configured to use View Only permissions cannot be opened in Microsoft Excel 2010. However, a snapshot of the workbook, displaying only values and formatting of the server-viewable ranges, can be rendered in Excel 2010.You can configure site settings in SharePoint Server 2010 to control access to workbook data by setting View Only permissions on centrally managed workbooks that are rendered in a web browser. You can also configure site settings in SharePoint Server 2010 to enable workbooks to refresh external data on the server, and to help secure and manage external data connections. See Excel Services administration (SharePoint Server 2010) for more information about how to save specified data objects as View Only items.External data connectionsThe Excel Calculation Services component of Excel Services is used to connect to external data sources. Excel Calculation Services processes external data connection information that contains everything the server must have in order to connect to a data source. This includes how to authenticate, which connection string to use, which query string to use, and where and how to collect credentials to use for the connection. These connections can be defined in two locations: embedded within workbooks and in .odc files. The connection information is identical in both locations. The .odc files are small files that contain connection information in plain text. Each .odc file can be used by multiple workbooks.You use Excel 2010 to author and edit .odc files and connections embedded in workbooks. In the Excel 2010 client, you can run the Data Connection Wizard or configure the settings in the Connections properties page. You can also export an .odc file that is based on these settings. The Connections properties page shows connection information, including Excel Services authentication settings..odc filesWorkbooks can contain both links to an .odc file and embedded connection information. This enables workbooks to retrieve the .odc file, read the contents, and attempt to connect to an external data source if the embedded connection information fails.You can also configure Excel Services to use connection information from the .odc file exclusively instead of first trying to connect by using the embedded information. This approach enables administrators to deploy a set of managed .odc files that provide connection information to many workbooks.Managing .odc filesData connection libraries provide a repository for collections of .odc files. Administrators can manage data connections on the server by creating a trusted data connection library and .odc files that require workbooks to always use a connection file.If data source information changes (for example, the server name), you only have to update one .odc file in the data connection library and all of the workbooks that consume the .odc file will be automatically updated the next time that they refresh. You can also use View Only permissions to restrict access to .odc files.User-defined function assembliesIf your deployment scenarios include workbooks that contain user-defined functions to extend the capabilities of Excel Calculation Services, you must configure Excel Services to support user-defined functions.To configure this support, you must enable user-defined functions on trusted file locations that contain workbooks that require access to user-defined functions. In addition, you must register user-defined function assemblies on the Excel Services user-defined function assembly list. See Excel Services administration (SharePoint Server 2010) for more information about how to enable user-defined functions.
Excel Services capacity planning (SharePoint Server 2010)SharePoint 20100 out of 1 rated this helpful - Rate this topic
Published: June 10, 2010Many factors, including Excel Services in Microsoft SharePoint Server 2010, can affect the performance and availability of your Microsoft SharePoint Server 2010 deployment. These include network bandwidth and resource consumption. Excel Services can affect system performance, depending on the volume of client connections and the number of concurrent Excel Calculation Services session requests. Calculation size and complexity can also affect Excel Calculation Services resource consumption.The scope and complexity of calculations in a Microsoft Excel workbook rendered using Excel Services can affect the performance and availability of Excel Services in a SharePoint Server 2010 deployment. As calculation volume, complexity, and frequency increase, more system resources are consumed. We recommend that you define baseline hardware requirements for system memory and CPU capacity for each application server that runs Excel Calculation Services.For detailed information about how to estimate performance and capacity requirements for Excel Services, see Estimate performance and capacity requirements for Excel Services in SharePoint Server 2010.
High Performance Computing Services for Excel 2010You can now run Microsoft Excel 2010 workbooks and user-defined functions on a Windows HPC cluster by using Windows HPC Server 2008 R2. For information about how to use Windows HPC Server 2008 R2 with Microsoft Excel 2010, see HPC Services for Excel.
Using SharePoint lists as data sources with Excel Services (SharePoint Server 2010)SharePoint 20101 out of 4 rated this helpful - Rate this topic
Published: January 20, 2011If you have ever tried to use Microsoft SharePoint Server 2010 lists as a data source for Excel Services in SharePoint, you know that it does not work. Natively, Excel Services in Microsoft SharePoint Server 2010 is unable to consume SharePoint Server 2010 lists as data sources. However, there are ways to work around this situation.In this article:
Microsoft SQL Server 2008 R2 PowerPivot for Microsoft Excel 2010 User-defined functions (UDFs) Web Services API Java Script Object Model (JSOM)
PowerPivot for ExcelPowerPivot for Excel is an add-in to Microsoft Excel 2010 that provides tools that can help consume SharePoint Server 2010 lists. For more information, seePowerPivot for Excel in SQL Server Books Online.
With PowerPivot for Excel you can use the Export as Data Feed command in a SharePoint Server 2010 list and then save this as a data feed to a new or existing PowerPivot for Excel workbook. You can then publish this PowerPivot for Excel workbook to SharePoint Server 2010 by using Excel Services.
Important:
You must install ADO.NET Data Services Update for the .NET Framework 3.5 SP 1. You can download it by using one of the following links:
ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows Server 2008 (http://go.microsoft.com/fwlink/p/?LinkId=209118)
ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows 7 and Windows Server 2008 R2 (http://go.microsoft.com/fwlink/p/?LinkId=209119)
User-defined functionsUser-defined functions extend the Microsoft Excel 2010 and Excel Services functionalities to work with SharePoint Server 2010 lists. For information about how to use user-defined functions together with SharePoint Server lists and Excel Services, see Consuming SharePoint Lists in Excel Services(http://go.microsoft.com/fwlink/p/?LinkId=209143). Note that this blog post was published for Excel Services in Microsoft Office SharePoint Server 2007 but is still relevant for Excel Services in Microsoft SharePoint Server 2010.For information about how to use user-defined functions, see "Consuming SharePoint Lists" in the MSDN Library article, Extending the Excel Services Programmability Framework (http://go.microsoft.com/fwlink/p/?LinkId=209145). Also, see Understanding Excel Services UDFs(http://go.microsoft.com/fwlink/p/?LinkId=209146 ) for detailed information about how to use user-defined functions with Excel Services.
Web Services APIThe Web Services API can be used to push data from a database and then refresh the data in a SharePoint Server list by using Excel Services. In the Excel Web Services API methods, you can use GetRange and SetRange to select specific
information from lists that you want to compare or analyze in an Excel 2010 workbook and then use Excel Services to expose it in SharePoint Server 2010. For more information, see the following articles on the Excel Developer Roadmap for Excel Services (http://go.microsoft.com/fwlink/p/?LinkId=209137) site:
How to: Refresh Data (http://go.microsoft.com/fwlink/p/?LinkId=209139) Walkthrough: Developing a Custom Application Using Excel Web Services (http://go.microsoft.com/fwlink/p/?
LinkId=209140) Accessing the SOAP API (http://go.microsoft.com/fwlink/p/?LinkId=209142)
JavaScript Object ModelThe JavaScript Object Model for Excel Services in Microsoft SharePoint Server 2010 provides many solutions for Excel Services. By using the JavaScript Object Model, you can refresh an Excel workbook that is published as a SharePoint Server list.Using the JavaScript Object Model, you can access complete lists or ranges and then set and retrieve values from individual cells or ranges. Additionally, the JavaScript Object Model can be used to scroll to a different region and to switch the displayed spreadsheet or named item.For detailed information about the JavaScript Object Model, see the blog post Introducing the JavaScript Object Model for Excel Services in SharePoint 2010(http://go.microsoft.com/fwlink/p/?LinkId=209147).
Change History
Date Description
January 20, 2011 Initial publication
Did you find this helpful? Yes No
