I have been working a fairly complicated case over the last year that involved running Reporting Services Reports through a Universal Access Gateway (UAG) to publish a SharePoint Site. I worked with an engineer (Alejandro Lopez) in the SharePoint Support Group as well as two folks (Prateek Gaur and Billy Price) in the Security Team along with an individual (Ben Satzger) on the Reporting Services Product Team. This will be a series of 4 different posts. This post, the first post, will be a high level description of what the problem was along with a highlight of the environment that we used to reproduce the issue locally. The subsequent posts will go into the three different main issues that we worked through.
Operational Reports (Classic RDL reports)
The original issue was that when the customer went to run a report in this environment, from an external client machine, the reports would get into a loop.
Power Pivot Gallery/Power View Reports (Silverlight)
We then had issues with getting the Power Pivot Gallery Library to load as well as hitting issues whenever we tried to run a Power View Report. I group these together as the issue was really specific to Silverlight and not those individual elements.
Export a Power View Report to PowerPoint
This was an issue with the Silverlight ActiveX control within PowerPoint. This is used when exporting a Power View Report to PowerPoint.
This was a complex setup that involved 8 or so VMs. The environment was rebuilt once and in that rebuild it was scaled down a little bit. Here is the diagram for the original environment we had put together to reproduce the customer’s issues.
NOTE: I am not an expert in WAP (see below) or UAG. The Security engineers configured the environment for me to get it up and running.
This involved a private domain environment, a SharePoint 2013 Farm (consisting of 2 SharePoint boxes), a SQL Server, a Server for the PowerPivot instance of SSAS, the UAG server, an ADFS Server and a Client machine that was in a different subnet and not joined to a domain.
Web Application Proxy (WAP)
We also looked at this from a Web Application Proxy (WAP) perspective as an alternative to the UAG setup. This requires a Windows 2012 R2 server. We used the SQL and Power Pivot Servers for this, giving them a little double duty. Of note, this deployment was much cleaner than the UAG deployment, and caused for much less issues. Of the problems noted above, the only issue that surfaced with the WAP deployment was the last one (Export to PowerPoint). If you are looking at doing a UAG deployment and using Reporting Services, I would highly recommend you looking to see if a WAP deployment is doable for you. I will call out why WAP was a better fit here in the following Blog Posts. Here is some information about WAP.
Web Application Proxy (WAP) Information:
Working with Web Application Proxy
Installing and Configuring Web Application Proxy for Publishing Internal Applications
Plan to Publish Applications through Web Application Proxy
Step 3: Plan to Publish Applications using AD FS Preauthentication
These TechNet articles include links to a complete walk-through guide to deploy a lab or POC environment with AD FS 2012 R2 and Web Application Proxy.
Getting Started with AD FS 2012 R2
Overview: Connect to Applications and Services from Anywhere with Web Application Proxy
Adam W. Saxton | Microsoft SQL Server Escalation Services