Planning for Intranet Deployment
Reporting Services is most often deployed in intranet network topologies, where report access and processing occurs within the context of a corporate network, usually within the same domain or within trusted domains. For intranet deployment, you can typically use default security features and the tools and applications that are included in Reporting Services with minimal configuration. This topic describes the characteristics of intranet deployment so that you can better understand how default features are used across the installation.
You can use Setup and server configuration tools for all installation and configuration steps. Although you can use additional technologies and third-party products, it is more likely that you will fully deploy Reporting Services using the tools and applications that are provided. For an intranet deployment, you have the option of installing the default configuration that installs the report server in an operational state, assuming that Setup can use default values to configure the report server instance.
You can access the report server and the Database Engine using network computer names. To configure access to report server, you can specify role assignments that map Windows domain user or group accounts to specific roles.
Windows integrated security is the default security extension. The report server is preconfigured to use that extension. All users can be authenticated using the existing security infrastructure in your domain.
Delegation and impersonation are additional features that might also be available. In Reporting Services, delegation and impersonation can be used to retrieve data from external data sources using the security identity of the user who requested the report. If your domain configuration does not support those features, you will encounter access denied features if the report data source properties specify the Windows integrated security option and delegation and impersonation are not enabled in your domain.
When the report server begins processing a subscription, the subscription owner is authenticated to verify the user is still a valid Windows user in the domain. The report server then checks role assignments to verify that the user still has access to the report prior to running the report and delivering it to a target location. If you deploy Reporting Services in an intranet environment, these authentication checks occur automatically using the security infrastructure in your network.
When defining delivery options for file share delivery, you can specify target servers using network computers. When configuring report server e-mail, you can use an SMTP server or gateway on the network, with e-mail alias resolution to Active Directory users.