QlikSense TopologiesV0 - 18
QlikSense TopologiesV0 - 18
QlikSense TopologiesV0 - 18
Visual interface
Sheet with
Stories with
Bookmarks
v isualizations
Foundation
Data model
Measures
Script
Fx
www
Custom
ERP
Cloud
Big Data
Streams
ETL is a standard process which describes the moving and transformation of data from multiple data sources
to more comprehensive views into a final sort of star schema model. By splitting the process into parts,
roles and responsibilties can be divided and each layer can have its own Sense Dashboard to monitor
correctness of data and processes.
key features
Extraction
QVF
SALES
Enrich master
data QVF
EVERYONE
Create
business model
QVF
Dashboard
QVF
Contributor
Developer
Scalability
Virtual Topologies
Virtualized topologies are supported. Application behaviour depends on the capacity of
physical hosts, desired ratio or virtual machines to hosts, and the underlying virtualization
technology. This design model illustrates a fully fault-tolerant, virtual environment (VMs)
and a plan for scaling out different Qlik Sense roles.
https:/ /server/hub
User types
Consumer
Contributor
Developer
Authentication
Providers
https:/ /portal.com
Sense Server
Oth er
computer
system
Qlik Admin
Qlik Manage ment
Console
Qlik Proxy
QIX Engine
Qlik creates an associative data
model, whic h acts as a full outer
join between all sources based on a
matching key field which occurs in
both or multiple sources: No data is
lost in this process.
Scheduler Repository
DMZ
Firewall
Server security
Qlik Sense uses the servers operating system
security layer to control and protect Qlik Sense
resources (files, memory, processes, and
certificates) on the server.
Application
Delivers only the dashboard app relevant for
users to consume
In-Memory, Associative Data Indexing Engine
Application security
Combined with the security that Qlik Sense
provides authentication, rules based content
security, and dynamic data reduction, the result
is an integrated, flexible and robust security
model we call Qlik Sense Security This layer is
the core of the platforms protection, comprised
of authentication, authorization, auditing,
confidentiality and availability.
Continuous security test and enhancement
This layer of the security model focuses on
ensuring that the Qlik software is thoroughly
analyzed from a security perspective by using
rugged development practices as well as threat
analysis and exploratory security and
penetration testing. - Being Rugged is
about staying ahead of a threat. Using
experimental approach to learn and improve
while actively seeking out threats and creating
defenses.
Host B
Proxy nod e
Host D
Host C
ETL process
After successful reload only sync
dashboard(QVF) to application tier
Consume Node 2
Consume Node 1
Contains
Co ntains
Published apps
Published apps
QIX Application
Processing
Host E
www
Source
Systems
ODBC
QVX
XML
LDAP
Tivoli Software
IBM
Microsoft Active
Dire ctory
Contains
Co ntains
Published apps
Published apps
Scheduled reloads: No
Scheduled reloads: No
Scheduled reloads: No
Allow development: No
Allow development: No
Function
Consume node
Func tion
Consume node
Central node
Function
Reload node
Serves users: No
NODE NAME /
SERVER ROLE
PROXY
SERVICE
Scheduler Node
Allow development: No
Synchronization
Security
Server B
Web Server
IIS
If the transaction log only contains entity data (that is, changes in the repository database), every 15 seconds an
entity data synchronization is performed. The changes are applied immediately in the repository database on the
receiving node. If a conflict occurs, the latest transaction is used.
Manage Persistance
QlikView
Server A
Consume Node
Qlik Sense
Proxy
QlikView Server
Qlik associative
in-memory
technology
QlikView Distribution Services
QlikView Publisher
Qlik Scheduler
QIX Engine
Serves users: No
Users
Collaborative environment
This hybrid solution allows customers to reuse information generated by QlikView guided
analytics. Qlik Sense can read Qlikview QVDs and QVWs (binary load) into Qlik Sense to
be used for self-service visualization users.
The table above lists the Qlik Sense services that are
deployed on each node in this site. Each node
requires a QRS and QRD
Scheduled reloads: No
Users
Consume
Publish
Hybrid Solution
Proxy Node
Entity Sync
License
Function
Proxy to engine
nodes
Extend
Libary
Central Node
The Qlik
dashboards will
be consumed
from the QIX
engine
Co ntains
All apps
Engine node
configured for
load balancing
over 2 nodes and
node for
development
Host E
XLSX
CSV
CRM
ERP
SQL
Engine node 3
Published apps
MetaData
Data Access
Dell
Boomi
Sybase
Host D
Contains
Allow development: No
Central node
Dashboard
Engine node 2
Host F
Data Model
Firewall
QIX Application
Processing
No Apps, No Engine
Host C
Engine node 1
Contains
Proxy node
Host B
Proxy node
Function
Proxy to engine
nodes
Host A
Firewall
Data Access
Host A
Installation concept
Windows Server 2012 R2
Define business
rules for process
analysis. (e.g. 3
way match:
Invoice without
goods receipt)
Web
Delivers the end user interface Hub
https://servername/hub
Authenticate user against external providers
Verify relationships
between table/
entities. Invoices
without customer
Select chart type, dimension and the measure. (Definitions "can not" be changed)
MY WORK
Consumer
Multi-Layer Security
FINANCE
Transformation
QVF
User Consumer
Windows Services
Qlik Senses services are the cornerstones of the Qlik
Sense architecture and is configured to support a variety
of enterprise-ready deployment scenarios, including
those that are geographically disbursed and with
multiple data centers. A node in a Qlik Sense site runs a
set of Qlik Sense services.
By configuring which windows services to run on a
node, it can be set up to perform a specific role (for
example, as a proxy node or a reload node) within a site.
Deployment of these components requires planning.
CRM
Acts as a webserver
Entry point into Qlik Sense for
users and Administrators.
Entry point for external system
integration by using the mashup,
authentication, session and load
balancing APIs
Dimensions
Data integration
the ability for
cleansing,
transforming, and
unifying multiple, disparate data sources for analysis, without
requiring external tools or data repositories. This includes
databases, web content, and big data sources. (Similar to the
activities which are normally done in a datawarehouse)
Data Warehouse
Apps
As QVDs are Qlik proprietary way of staging and storing data it can provide a logical
data tier as a solution. In certain cases it could remove the need for a data warehouse.
Using QVDs you can share data between multiple applications without having to keep
going back to the source data. In depicted scenario the Qlikview QVD shares the
source data with Qlik Sense.
App synch ron ization make use of peer-to-peer replication to speed up the synchronization of large apps and prevent
network bottlenecks. If the transaction log contains binary data (that is, changes to app data files), a binary data
synchronization, during which the receiving node obtains the updated data, is initiated. Only the components that have
changed will be copied.
Binary Sync
Stores App s structure
Authorization Flow
Data Reduction
In the past, IT would create a reporting environment and the business users would just be able
to read what IT delivered. But by definition, people learn and always want something else
when they see the result. Qlik Sense has been developed with this is mind. Sense enables the
IT / Reporting team to create a starting template by filling "a library of master items" with 80%
of the functionality and let the business create the remaining 20% in a controlled way.
Context sharing between host website and Qlik Sense (e.g. share a session, share variables, transfer selections made) by making use
of the "Session API" and "Mashup API. Integrate security to provide single sign on using web tickets, header authentication or SAML.
Integrate the management/maintenance processes by using the API's
Unrealiable reporting
Multiple versions of the truth
Users requirements are not met, causing additional decentralized and
ungoverned tools (like Excel) to be used, e,g, not sufficient Self
Service capabilities
Performance issues
Information is disclosed to unauthorized persons
IT / Reporting team
Se lf Service BI Process
Build template s heets with dimension, measures and charts
Database specialist
Reporting team
Des ign Charts
in different
roles
Business users View or dup lica te the sheets or charts to build new visualizations
Consumer
Complete
Administrative
Access
Application Validation
Validate correctness
and publish app into
stream to make it
available for the public
Application will only be visible in personal
Own work stream
Administrative Roles
Administration
of the security
system
Manager
Contributor
Displa y Only
Display only
No Sheet creation
Manages the
content
Developer
Full Self Service
Create new Apps and sheets
which are only visible for me
Use all dimensions
Use predefined measures
Create new measures
Load extra data
Users
Data reduction
Answers the question: What data are you
allowed to see given your userId or group?
The resource access control system in Qlik
Sense is based on attributes. This means that
the access is based on rules that refer to
attributes connected to resources and users
in Qlik Sense.
Proxy
Rules engine
Enforces
resource access
control
Authentication
Authorization
Sales.qvf
AD MIN
All Data
Role
NTNAME or
Username &
Password
User B
USERS
User A
Sales.qvf
Reduced
Data A
Sales.qvf
Reduced
Data B
Sales.qvf
Reduced
Data C
User C
Web Portal
Developer
Who are you: Authentication
Active Directory
SAML
HTTP Headers
Ticket / Session API
Repository
QIX Engine
Data reduction
per QVF
Using an authentication
method. The user and
groups (like customer
name) are passed onto
Qlik
API / URL
Bi-directional communication of
selections, content and user credentials.
CEO
Can see the
whole company
Self Servic e BI
on mobile devices
1 Why is margin low?
2 Is it a specific , manager, region or
product group?
Regional Manager
See his or her departments
Users
Only see his department,
company or cost center
(Hierarchy)
Invoi ce
Cu stomer
Order
Server
Department
Authentication Module
5
4
Session Module
Proxy
6
Authenticated