Thursday, June 9, 2011

Access Hyperion Applications on Amazon EC2 from your local computer

In this post you will learn how to access Hyperion Workspace and other Hyperion applications located on an Amazon Cloud server from your local Internet Browser.

Important note: following the below steps at your own risk only. This setup was just a test to play around with the functionality and can cause serious consequences because it exposes your system to potential intruders and other undesired situations. Please consult additional resources to find out about the associated risks and how to mitigate them correctly.

Amazon Web Services (AWS) and its Elastic Compute Cloud (EC2) have found a lot of followers in the Hyperion space. A few of the many benefits are flexibility to start up multiple instances within mere seconds, usage as a service reduces costs, hardware maintenance through Amazon, save snapshots of images to test changes and revert back if needed, and many more.

Development of Hyperion applications on the cloud has gained a lot of trust, especially as it makes it possible to jump start an implementation while the IT department might still be in the purchasing and setup cycle. We've been using this in various situations at MindStream Analytics. A common approach to access servers on the cloud is via Remote Desktop connection, however, by default there is a limitation to only 2 connections at a time. With more than 2 developers or testers, this will obviously cause difficulties. A great way to get around this is to open up the ports for the web components of Hyperion to access applications via the Internet browser on the local computer and thus no need to use a Remote Desktop Connection.

Four configuration steps are required:
1) Create Security Group
2) Open ports for applications to be published
3) Launch instance and assign security group
4) Configure Windows Firewall to open ports

Create Security Group

Security Groups can be maintained on the EC2 tab. They appear underneath the Network & Security section.

Create a Security Group which you will be using for the Hyperion Server.

Open ports for applications to be published

In order to access applications on the Amazon Cloud from a local web browser or other client tool, the relevant ports need to be opened. This can be done as part of a Security Group. Switch to the Inbound tab where you will see the following screen.

As a first step we will grant access to the server for a Remote Desktop connection (RDP). Select "RDP" from the drop-down list, then click on "Add Rule" and "Apply Rule Changes". This will assign the rule to the Security Group and thus opens the RDP port for access from the outside world.

Now add two more rules: HTTP (port 80) and a Custom TCP rule for port 19000 (which is commonly used for Workspace). Our Security Group now looks like this:

Launch instance and assign security group

Now launch your Hyperion image on a new instance and assign the created Security Group during the configuration process of the Request Instance Wizard.

Configure Windows Firewall to open ports

Log on to the server and configure the Windows Firewall to accept connections at the required ports. This can be done via Control Panel > Windows Firewall. Click on Change Settings.

The Windows Firewall Settings window comes up. Switch to the Exceptions tab and click on "Add Port…"

Type in a meaningful name and the port number (protocol is usually TCP):

Verify that the Exception has been added.

This is all that needs to be done from a setup perspective. Go to the Instances screen and click on your running instance. The lower section of your screen lists information to determine the IP address through which the server is available.

In the example you can see above, the server can be reached via IP address If Hyperion Workspace is listening at port 19000, you can access it from any browser at .

Note: the instance I started up for this blog post has been shutdown again. Therefore, the above URL will not work (unless someone else is using the exact same server instance with the same address, has Hyperion running and opened the ports). Be aware that a setup like this has advantages and disadvantages. Especially if you are dealing with sensitive information on the cloud server, you should find out about the risks of using publicly available servers.

Feel free to contact us at MindStream Analytics to help you answer specific questions about your needs around Hyperion on the Cloud


  1. Hello
    Nice post and very informative for me. All points are good. keep sharing. I have you bookmarked to check out new stuff you post. I need a good, reliable Cloud Server. I can use personally and recommend to others. Any ideas?

  2. Hi,
    Have you ever come across this scenario "SAP ECC in Enterprise whereas HFM on AWS-EC2". We are considering this as a interim approach to get on HFM in a short time frame.

  3. Bluehost is ultimately the best hosting company for any hosting plans you require.

  4. You might be qualified to receive a $1,000 Amazon Gift Card.