PreEmptive Analytics Workbench User Guide

Third-Party Credentials

The Workbench relies on two third-party components: RabbitMQ and MongoDB. After following the installation instructions, these components will only be accessible from within the host, and use a default set of credentials. This page describes how to change those credentials to further increase security.

Page Contents

RabbitMQ

In the default configuration, RabbitMQ is set up with one admin account with default credentials, which both the Data Hub and Workbench use to interact with the queues. Even though the Data Hub installation, by default, limits RabbitMQ access to the local host (127.0.0.1), because these default credentials are well-known, you may wish to replace this default user with other users with unique passwords.

While referring to the Data Hub User Guide's RabbitMQ page to learn how to create and remove users in RabbitMQ:

  1. Using the default credentials of guest with a password of guest, add an admin user.
  2. Using the admin user you just created, add an application user.
  3. Open Services (Run > services.msc) and stop the following services:
    • PreEmptive Analytics Data Hub Dispatch Service
    • PreEmptive Analytics Workbench Computation Service
  4. Open the IIS Manager (Run > inetmgr) and stop the following sites:
    • PreEmptive Analytics Data Hub
    • PreEmptive Analytics Workbench Endpoint
  5. In the <appSettings> section of the following files, set the RabbitServerUsername and RabbitServerPassword values to the credentials of the application user (adding the keys if they do not exist):
    • [Data Hub install folder]\Web\Endpoint\Web.config
    • [Data Hub install folder]\DispatchService\HubDispatchService.exe.config
    • [Workbench install folder]\IIS\Endpoint\Endpoint\Web.config
    • [Workbench install folder]\Windows\Computation Service\WorkbenchComputationService.exe.config
  6. Start the sites mentioned in step 4.
  7. Start the services mentioned in step 3.
  8. Verify the Data Hub and Workbench are operating correctly under this new user, and check the Windows Event Log for any errors or warnings.
  9. Using the admin user, remove the guest user.

MongoDB

MongoDB, as installed per the recommended procedure, is set up to only be accessible locally, with no credentials. These instructions enable authentication for the MongoDB instance, and configure the Workbench to use those credentials.

  1. Generate two passwords, referred hereafter as ADMIN_PASSWORD and WB_PASSWORD.
    • These passwords cannot contain special XML characters (<, >, &, ', or ").
    • Make sure to record these passwords in compliance with your organization's security policy.
  2. From a command line window, run C:\mongodb\bin\mongo.exe.
  3. Switch to the admin database by running the database command use admin.
  4. Create an administrator user, dbadmin, by running the following database command, substituting the value of ADMIN_PASSWORD appropriately:
    db.createUser(
    {
    user : "dbadmin",
    pwd : "ADMIN_PASSWORD",
    roles : [
    {
    role : "dbAdminAnyDatabase",
    db : "admin"
    },
    {
    role : "readWriteAnyDatabase",
    db : "admin"
    },
    {
    role : "userAdminAnyDatabase",
    db : "admin"
    }
    ]
    }
    )
  5. Create an application user, wbuser, by running the following database command, substituting the value of WB_PASSWORD appropriately:
    db.createUser(
    {
    user : "wbuser",
    pwd : "WB_PASSWORD",
    roles : [
    {
    role : "clusterMonitor",
    db : "admin"
    },
    {
    role : "dbAdmin",
    db : "BinRepository"
    },
    {
    role : "dbAdmin",
    db : "PreEmptiveWorkbench"
    },
    {
    role : "dbAdmin",
    db : "WorkbenchShared"
    },
    {
    role : "dbAdmin",
    db : "FacJson"
    },
    {
    role : "readWrite",
    db : "BinRepository"
    },
    {
    role : "readWrite",
    db : "PreEmptiveWorkbench"
    },
    {
    role : "readWrite",
    db : "WorkbenchShared"
    },
    {
    role : "readWrite",
    db : "FacJson"
    }
    ]
    }
    )
  6. From this point until the end of the instructions, the Portal will not be accessible.
  7. Add the following lines to the end of C:\mongodb\mongod.cfg file, taking care to use spaces for indentation instead of tabs:
    security:
    authorization: enabled
  8. Open Services (Run > services.msc) and stop the PreEmptive Analytics Workbench Computation Service.
  9. Open the IIS Manager (Run > inetmgr) and stop the following sites:
    • PreEmptive Analytics Workbench Endpoint
    • PreEmptive Analytics Workbench Portal
  10. In the <appSettings> section of the following files, set the MongoConnectionString value to the string mongodb://wbuser:WB_PASSWORD@localhost:27017, substituting the value of WB_PASSWORD appropriately (adding the key if it does not exist):
    • [Workbench install folder]\Windows\Computation Service\WorkbenchComputationService.exe.config
    • [Workbench install folder]\IIS\Interaction\Web.config
  11. In the <appSettings> section of the following file, set the MongoServer value to the string mongodb://wbuser:WB_PASSWORD@localhost:27017, substituting the value of WB_PASSWORD appropriately (adding the key if it does not exist):
    • [Workbench install folder]\IIS\FacJSON\Web.config
  12. Open Services (Run > services.msc) and:
    • Restart the MongoDB service.
    • Start the PreEmptive Analytics Workbench Computation Service.
  13. Open the IIS Manager (Run > inetmgr) and start the following sites:
    • PreEmptive Analytics Workbench Endpoint
    • PreEmptive Analytics Workbench Portal


Workbench Version 1.2.0. Copyright © 2016 PreEmptive Solutions, LLC