TM1 Forum

Hi All,

Can we add multiple TM1 servers with different security modes, under same application server ?
Why IBM discourages this practices ?
Are there any known issues having multiple security TM1 servers under single application server ?

Thanks.

By application server I assume you are meaning the one that governs all the web gui based stuff such as modern style contributor and what not from V10 onwards.
If you have one user that belongs to 2 services they will need the same password etc in both in order to be able to use both. Or at least that's the way it worked when I tested it last year.

declanr wrote:By application server I assume you are meaning the one that governs all the web gui based stuff such as modern style contributor and what not from V10 onwards.
If you have one user that belongs to 2 services they will need the same password etc in both in order to be able to use both. Or at least that's the way it worked when I tested it last year.

Thanks Declan,

But can we add two TM1 servers, one with CAM security and one with TM1 security into the same Application server ?

IBM link says not to, but does not state what could be the problems if we do that, as it is possible to create such a combination. The issue is, when we add CAM security TM1 server first and then TM1 standard security TM1 server later, whenever we try to add users in 2nd TM1 server, instead of presenting TM1 login page, it gives BI login page, as if we are adding users to first TM1 server.

Thanks

tm1novice wrote:whenever we try to add users in 2nd TM1 server, instead of presenting TM1 login page, it gives BI login page, as if we are adding users to first TM1 server.

I'm not sure whether you actually can or cannot use TM1 Applications day to day with multiple security modes but if the actual issue you are having is simply with adding users:

The TM1p.ini file holds a parameter that off the top of my head reads .... if it's not "allowcamclientimports" it is something like that and you should be able to see which one I meant, this dictates whether Architect and Perspectives will redirect to the CAMs screen or not when you try adding new users.
If you want to continue using both services with differing modes, you can just keep swapping that parameter when you need to and it should allow you to add users into both.


Note, I would always recommend using a single security method per customer just to keep things simple, especially if IBM say to do so for the components you are using. Also, although the above should allow you to add users, you may still encounter a number of other issues further down the line because of the dual security.

tm1novice wrote:Can we add multiple TM1 servers with different security modes, under same application server ?
Why IBM discourages this practices ?
Are there any known issues having multiple security TM1 servers under single application server ?

IBM is not discouraging this practice, according to the product manual TM1 10.1.1 Installation and Configuration Guide it is not supported:

http://pic.dhe.ibm.com/infocenter/ctm1/ ... _svrs_N395
TM1 Installation and Configuration Guide 10.1.1 > Advanced configuration > Cognos TM1 Applications advanced configuration

Configuring Cognos TM1 Applications to use Multiple Cognos TM1 Servers

Important:
In order to use multiple Cognos TM1 servers in Cognos TM1 Applications, they must all use the same security authentication (either Cognos TM1 standard authentication or Cognos BI security) and include the same administrator user name and password. For details, see Security considerations for Cognos TM1 Applications.



http://pic.dhe.ibm.com/infocenter/ctm1/ ... _mode_N258
TM1 Installation and Configuration Guide 10.1.1 > Deployment > Deploying Cognos TM1 Applications

Security considerations for Cognos TM1 Applications

You can use either IBM Cognos TM1 standard security authentication or IBM Cognos security for the Cognos TM1 servers you use with Cognos TM1 Applications.

Do not use a combination of different security authentication modes for the same installation of Cognos TM1 Applications.

Determine the security mode before you configure Cognos TM1 Applications to use a Cognos TM1 server and use that same security mode with any additional servers you add.


Configuring Cognos TM1 Applications security for multiple Cognos TM1 Servers

If you want to use multiple Cognos TM1 servers with Cognos TM1 Applications, they must all be configured to use the same security authentication (either Cognos TM1 standard authentication or Cognos security) and include the same administrator user name and password.

For more details, see Configuring Cognos TM1 Applications to use Multiple Cognos TM1 Servers.

Has this changed in newer versions of TM1?

Also, if I don't want to use Application Web for a particular instance/dataserver, can I run mode = 5 while all the other as 1 ? The reason for this is that I want to create an instance dedicated for reporting from Cognos BI, because trying to manage element security with mode = 1 and multiple BI users/groups gets hairy...