Planning for Reporting in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Reporting in System Center 2012 Configuration Manager provides a set of tools and resources that help you use the advanced reporting capabilities of SQL Server Reporting Services. Use the following sections to help you plan for reporting in Configuration Manager.
Determine Where to Install the Reporting Services Point
When you run Configuration Manager reports at a site, the reports have access to the information in the site database in which it connects. Use the following sections to help you determine where to install the reporting services point and what data source to use.
Note
For more information about planning for site systems in Configuration Manager, see Planning for Site Systems in Configuration Manager.
Supported Site System Servers
You can install the reporting services point on a central administration site and primary sites, and on multiple site systems at a site and at other sites in the hierarchy. The reporting services point is not supported on secondary sites. The first reporting services point at a site is configured as the default report server. You can add more reporting services points at a site, but the default report server at each site is actively used for Configuration Manager reports. You can install the reporting services point on the site server or a remote site system. However, as a best practice for performance reasons, use Reporting Services on a remote site system server.
Data Replication Considerations
Configuration Manager classifies the data that it replicates as either global data or site data. Global data refers to objects that were created by administrative users and that are replicated to all sites throughout the hierarchy, while secondary sites receive only a subset of global data. Examples of global data include software deployments, software updates, collections, and role-based administration security scopes. Site data refers to operational information that Configuration Manager primary sites and the clients that report to primary sites create. Site data replicates to the central administration site but not to other primary sites. Examples of site data include hardware inventory data, status messages, alerts, and the results from query-based collections. Site data is only visible at the central administration site and the primary site where the data originates.
Consider the following factors to help you determine where to install your reporting services points:
A reporting services point with the central administration site database as its reporting data source has access to all global and site data in the Configuration Manager hierarchy. If you require reports that contain site data for multiple sites in a hierarchy, consider installing the reporting services point on a site system at the central administration site and use the central administration site’s database as the reporting data source.
A reporting services point with the child primary site database as its reporting data source has access to global data and site data for only the local primary site and any child secondary sites. Site data for other primary sites in the Configuration Manager hierarchy is not replicated to the primary site, and therefore Reporting Services cannot access it. If you require reports that contain site data for a specific primary site or global data, but you do not want the report user to have access to site data from other primary sites, install a reporting services point on a site system at the primary site and use the primary site’s database as the reporting data source.
Network Bandwidth Considerations
Site system servers in the same site communicate with each other by using server message block (SMB), HTTP, or HTTPS, depending on how you configure the site. Because these communications are unmanaged and can occur at any time without network bandwidth control, review your available network bandwidth before you install the reporting services point role on a site system.
Note
For more information about planning for site systems, see Planning for Site Systems in Configuration Manager.
Planning for Role-Based Administration for Reports
Security for reporting is much like other objects in Configuration Manager where you can assign security roles and permissions to administrative users. Administrative users can only run and modify reports for which they have appropriate security rights. To run reports in the Configuration Manager console, you must have the Read right for the Site permission and the permissions configured for specific objects.
However, unlike other objects in Configuration Manager, the security rights that you set for administrative users in the Configuration Manager console must also be configured in Reporting Services. When you configure security rights in the Configuration Manager console, the reporting services point connects to Reporting Services and sets appropriate permissions for reports. For example, the Software Update Manager security role has the Run Report and Modify Report permissions associated with it. Administrative users who are only assigned the Software Update Manager role can only run and modify reports for software updates. Reports for other objects are not displayed in the Configuration Manager console. The exception to this is that some reports are not associated with specific Configuration Manager securable objects. For these reports, the administrative user must have the Read right for the Site permission to run the reports and the Modify right for the Site permission to modify the reports.
Starting in System Center 2012 R2 Configuration Manager, reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles.
For more information about security rights for reporting, see the File Installation and Report Folder Security Rights section in the Configuring Reporting in Configuration Manager topic.
For more information about role-based administration in Configuration Manager, see the Planning for Role-Based Administration section in the Planning for Security in Configuration Manager topic.
Supplemental Planning Topics for Reporting
Use the following additional topics to help you plan for reporting in Configuration Manager: