The following issue is a problem in SSAS that you might run into either in test or deployment environments (see references). 

In a nutshell, when a client session running Vista or Windows 2008 talks over the network to an SSAS server running on Windows 2008, and they use Kerberos for authentication, there likely will at some point be connectivity problems that resemble timeout or firewall blocking problems. 

Errors might look like one of the following:

The connection either timed out or was lost.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host

The two places we’ve observed these problems are:

1.       MDX queries submitted to the server that are reasonably large, such as those PPS submits, or perhaps those coded by hand that become large.  “Large” might be something like 1000 bytes or so.

2.       Deploying databases over the network from a Vista/2008 client to a 2008 server.

This problem still exists as of SQL 2008 SP1, so applying that update isn’t a resolution. This problem definitely exists when client & server are on different machines; may not be a problem when client/server are on the same computer (e.g. VPC or BIDS on a remote desktop session). 

From what I understand, MS is aware of this and we should expect a post-SP1 CU soon.  Whether this is to be resolved as a Windows patch or a SSAS patch is unclear to me. 

The following are work-arounds in the mean-time:

1.       If either the server or client is running XP or Windows 2003, the problem should not occur in any case.

2.       If you can edit the connect string (e.g. SSRS/Excel), specify ;SSPI=NTLM as a parameter.    Be advised that user security delegation will not succeed if this workaround is used.

3.       Connect with the IP address instead of machine name or FQDN.  Since Kerberos is unsupported with IP address connections, this also forces a fallback to NTLM.  Kerberos delegation also will not succeed when this workaround is used.

 Of particular note is that if SSAS is to be deployed on a Windows 2008 server, all available workarounds currently imply kerberos delegation will be impossible (a short-term driver for SSAS deployment on Server 2003?). 

 References:

http://blogs.msdn.com/psssql/archive/2009/04/03/errors-may-occur-after-configuring-analysis-services-to-use-kerberos-authentication-on-advanced-encryption-standard-aware-operating-systems.aspx

http://denglishbi.spaces.live.com/Blog/cns!CD3E77E793DF6178!1214.entry

http://sqlblogcasts.com/blogs/drjohn/archive/2009/03/28/kerberos-kills-large-mdx-queries-on-windows-server-2008-ssas.aspx

I've been heavily involved in PerformancePoint implementations since the beginning of that product's lifecycle...our company has done many deployments for clients.  It's a great dashboarding technology, and I'm continually amazed how quickly we can put together compelling solutions with it.  The efficiency and elegance of the underlying design strikes a great balance between power and simplicity of use. 

 Recently Microsoft folded this product into SharePoint as part of the Enterprise CAL.  The net effect for eCal customers is a "free" enterprise-class BI platform; and for customers that would have invested in the BI platform anyway--all the benefits of eCal, including Business Data Catalog, Excel Services and so on.

Here's a Silverlight video going into some additional detail of the benefits of combining PerformancePoint's monitoring & analytics with SharePoint:

 

 

Server core is a lightweight, capable edition of Windows Server 2008.  A lot of baggage isn't there, making more resources available for network applications, while reducing the attack surface area.

 Some GUI tools are still available, but one of them that's not is a facility to manage the Windows Update process on the server console.  Arguably a sophisticated infrastructure wouldn't need this, and could use WSUS instead.  However there are those servers that need some administrative looking-after.

 A script to manually drive the windows update process for critical updates is available from Microsoft--follow this link.

 The script is dead easy to use, just copy to a server core machine and run using cscript.

A while ago Ken Schaefer posted some great documentation on Kerberos delegation.  His series is titled IIS (Internet Information Services) and Kerberos FAQ.  This is a great backgrounder, and a nice guide on advanced delegation concepts.