Enhanced Security and Integration of Microsoft BI Solutions with Kerberos

When developing Microsoft Business Intelligence solutions we frequently need to rely on tight security integration between various tools. The NTLM protocol provides enough features for simple implementations, but when we need to provide enterprise-class solutions we invariably feel constrained by it. With Windows 2000 and later versions Microsoft provides an alternative security protocol - Kerberos, which addresses certain limitations of NTLM, provides improved security and better performance. The implementation of Kerberos could be fairly simple or very complex depending on the requirements. Configuring a few default server instances with no constraints on their services secured through Kerberos could be almost trivial, while for some more specific cases it could be a major cause of frustration.

Table of Contents
1 Overview
2 The Double Hop
3 The NTLM Protocol
4 The Kerberos Protocol
5 Business Intelligence Case
6 Implementation
 6.1 Considerations:
 6.2 Implementation
  6.2.1 Getting Started
  6.2.2 Configure Clients for Kerberos Authentication
  6.2.3 Defining SPNs
  6.2.4 Using Negotiation
  6.2.5 Enable Impersonation and Delegation
 6.3 Checking that it all works
7 Conclusion