Tuesday, September 4, 2018

Configure Excel Services settings

Configure Excel Services settings

  1. Open the administration page for the Shared Services Provider (SSP).

    To open the administration page for the SSP, do the following:

    1. On the top navigation bar, click Application Management.

    2. On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.

    3. On the Manage this Farm's Shared Services page, click the SSP for which you want to open the administration page.

  2. On the Shared Services Administration Home page, in the Excel Services Settings section, click Edit Excel Services settings.

  3. On the Excel Services Settings page, in the Security section, under File Access Method, select one of the following:

    1. Impersonation. Impersonation enables a thread to run in a security context other than the context of the process that owns the thread. Select this option to require Excel Calculation Services to authorize users who try to access workbooks stored in UNC and HTTP locations.

      Note: Selecting Impersonation has no effect on workbooks that are stored in Microsoft Office SharePoint Server 2007 databases. In most server farm deployments in which front-end Web servers and Excel Calculation Services application servers run on different computers, impersonation requires constrained Kerberos delegation.

    2. Process account. If Excel Calculation Services application servers are opening workbooks from UNC shares or HTTP Web sites, the user account cannot be impersonated, and the process account must be used.

      Under Connection Encryption, select Not required if you do not want to encrypt communications with the front-end of Excel Services, or select Required to use encryption for all communication with the front-end of Excel Services.

      Consider deploying Internet Protocol security (IPsec) or Secure Sockets Layer (SSL) to encrypt data transmission between Excel Calculation Services application servers, data sources, client computers, and front-end Web servers. If you decide to require encrypted data transmission, you will have to manually configure IPsec or SSL. You can require encrypted connections between client computers and front-end Web servers while allowing unencrypted connections between front-end Web servers and Excel Calculation Services application servers.

  4. In the Load Balancing section, under Load Balancing Scheme, select one of the following:

    1. Workbook URL. A URL in the workbook is used to specify which Excel Calculation Services (ECS) process opens the workbook. This ensures that requests from a particular workbook are always routed to the same ECS session.

    2. Round-Robin. The ECS process used to open a workbook is selected using the round-robin load balancing scheme.

    3. Local. If an ECS process that is local to the computer where the workbook is being open is available, it is used. If a local ECS process is not available, an ECS process is assigned using the round-robin load balancing scheme.

      In the Retry Interval box, type a value in seconds for the maximum number of seconds to wait before connecting to an ECS session again. This ensures that a connection attempt is made at least once every retry interval that you specify.

  5. In the Session Management section, in the Maximum Sessions Per User box, type the maximum number of sessions with Excel Services that an individual user is allowed (type -1 for no limit).

    You can help to conserve resource availability and improve Excel Calculation Services performance and security by by restricting the maximum number of sessions per user to a small amount. Performance can suffer when many users have multiple Excel Calculation Services sessions open concurrently.

  6. In the Memory Utilization section, in the Maximum Private Bytes box, type a value in megabytes (MB) for the maximum number of MB that an ECS process can use (type -1 for the value to equal 50% of physical memory on the computer hosting the ECS process).

    1. In the Memory Cache Threshold box, type a value from 0 to 95 that represents the percentage of the Maximum Private Bytes that can be allocated to inactive objects.

    2. In the Maximum Unused Object Age box, type the maximum time (in minutes) that inactive objects remain in the memory cache.

  7. In the Workbook Cache section, in the Workbook Cache Location box, type a path for the workbook file cache on the computer hosting the ECS server. If the box is left empty, a subdirectory in the system temporary directory will be used.

    1. In the Maximum Size of Workbook Cache box, type a value in MB that can be allocated to workbooks that are being used by Excel Services. Recently used files that are not currently open count against this value.

    2. To cache objects that are not being used in any sessions, select the Caching Enabled check box.

  8. In the External Data section, in the Connection Lifetime box, type a value in seconds for the maximum time for a connection to remain open. Connections that expire are re-opened when the next query is received (type -1 to never close and re-open connections).

    You can reduce the risk of a denial-of-service attack by limiting the amount of time that sessions remain open.

  9. In the External Data section, in the Unattended Service Account section, provide credentials in the Name, Password, and Retype Password boxes for a default Windows account for Excel Calculation Services to use for connecting to data sources that require account credentials for authentication.

    The unattended service account is a low-permissions account that Excel Calculation Services can impersonate when establishing a data connection that uses a non-Windows SSO authentication method or no authentication method. If an unattended service account is not configured, data connections that use a non-Windows SSO authentication method or no authentication method will fail.

    Impersonating the unattended account protects Office SharePoint Server 2007 databases, and any other data sources that Excel Services can directly access, from unauthorized connections by client computers that are using Excel Calculation Services to open external data connections. When an unattended service account is impersonated, the credentials associated with an Excel Calculation Services application thread cannot be used to access any other databases. Also, when an unattended service account is impersonated, external data queries are run under the security context of a low-permissions account, instead of running under the security context of an Excel Calculation Services application thread that has greater permissions.

    You can configure the unattended service account either as a domain account or as a local computer account. If the unattended service account is configured as a local computer account, ensure that the configuration is identical on every Excel Calculation Services application server. Restrict the permissions of the unattended service account to enable only logging on to the network. Verify that the unattended service account does not have access to any data sources or Office SharePoint Server 2007 databases.

  10. Click OK.

Top of Page

No comments:

Post a Comment