Professional Documents
Culture Documents
Course Notes
SAS® Platform Administration: Fast Track Course Notes was developed by Sheila Riley and Christine
Vitron. Additional contributions were made by Marty Flis, John Hall, Dave Naden, Gerry Nelson, and
Raymond Thomas. Editing and production support was provided by the Curriculum Development and
Support Department.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of
SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product
names are trademarks of their respective companies.
Copyright © 2017 SAS Institute Inc. Cary, NC, USA. All rights reserved. Printed in the United States of
America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written
permission of the publisher, SAS Institute Inc.
Book code E71018, course code LWSPAFM4/SPAFM4, prepared date 17May2017. LWSPAFM4_001
ISBN 978-1-63526-179-0
For Your Information iii
Table of Contents
Chapter 1 Reviewing the Platform for SAS® Business Analytics ...................... 1-1
1.1 Exploring the Platform for SAS Business Analytics Overview ....................................... 1-3
Demonstration: Accessing the Classroom Environment ......................................... 1-14
Exercises.................................................................................................................. 1-17
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks ................... 1-23
Exercises.................................................................................................................. 1-33
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks ............................... 1-37
Demonstration: Accessing SAS Management Console and SAS Environment
Manager......................................................................................... 1-49
Exercises.................................................................................................................. 1-55
Chapter 3 Understanding SAS® Metadata and the Metadata Server ................. 3-1
3.1 Exploring the SAS Metadata Server and Metadata Repositories..................................... 3-3
Exercises.................................................................................................................. 3-11
4.4 Exploring Internal Accounts and Internal Authentication Mechanisms ........................ 4-35
Exercises.................................................................................................................. 4-42
8.1 Monitoring a SAS Environment with SAS Environment Manager ................................. 8-3
Demonstration: Viewing Analyze Pages and Creating an Alert in
SAS Environment Manager........................................................... 8-13
Exercises.................................................................................................................. 8-20
To learn more…
For information about other courses in the curriculum, contact the SAS
Education Division at 1-800-333-7660, or send e-mail to training@sas.com.
You can also find this information on the web at
http://support.sas.com/training/ as well as in the Training Course Catalog.
For a list of other SAS books that relate to the topics covered in this
course notes, USA customers can contact the SAS Publishing Department
at 1-800-727-3228 or send e-mail to sasbook@sas.com. Customers outside
the USA, please contact your local SAS office.
Also, see the SAS Bookstore on the web at http://support.sas.com/publishing/
for a complete list of books and a convenient order form.
viii For Your Information
Chapter 1 Reviewing the Platform
for SAS® Business Analytics
1.1 Exploring the Platform for SAS Business Analytics Overview .................................. 1-3
Demonstration: Accessing the Classroom Environment...................................................... 1-14
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks ............. 1-23
Exercises .............................................................................................................................. 1-33
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks .......................... 1-37
Demonstration: Accessing SAS Management Console and SAS Environment
Manager ..................................................................................................... 1-49
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-3
Objectives
3
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Foundation
Platform for SAS Business Analytics
4
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-4 Chapter 1 Reviewing the Platform for SAS® Business Analytics
SAS Foundation is the traditional SAS installation, which enables you to write SAS programs or use
a point-and-click application such as SAS Enterprise Guide to assist with creating programs.
The platform for SAS Business Analytics is enterprise software that uses multiple machines throughout
the organization. This SAS platform consists of applications that help you accomplish the various tasks
for accessing and creating information, as well as performing analysis and reporting.
SAS Viya is a new computing platform from SAS. It offers a rich set of data mining and machine-learning
capabilities that run on a robust, in-memory, distributed-computing infrastructure. This platform provides
an environment that is unified, open, powerful, and adaptive.
Note: SAS Viya and SAS 9 represent an “and” strategy. Each is designed to solve different use cases.
For more information about SAS Viya: http://support.sas.com/documentation/onlinedoc/viya/
SAS Foundation
• The SAS windowing environment is used to develop and run SAS programs.
• SAS Enterprise Guide is a point-and-click interface that can also develop SAS
programs.
• SAS Studio is a development application for SAS that you access through
your web browser.
5
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Studio supports multiple web browsers, such as Microsoft Internet Explorer, Apple Safari, Mozilla
Firefox, and Google Chrome.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-5
6
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The platform for SAS Business Analytics is also known as the SAS Enterprise Intelligence Platform
and the SAS Intelligence Platform.
The platform for SAS Business Analytics consists of several software offerings, including the following:
SAS BI Server
SAS Enterprise BI Server
SAS Enterprise Data Integration Server (for renewals only) and SAS Data Integration Server
SAS Data Management (Standard or Advanced)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-6 Chapter 1 Reviewing the Platform for SAS® Business Analytics
SAS ANALYTICS
Client
7
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Apache Hadoop on Commodity Hardware
The SAS In-Memory Analytics Server divides analytic processes into manageable pieces and distributes
them in parallel across a dedicated set of blade servers, either Hadoop or commercial databases such as
Greenplum and Teradata.
SAS procedures, DS2 thread programs, formatted SQL queries, and scoring models are run inside the
database.
Here are the SAS In-Memory Analytics product solutions:
SAS High-Performance Analytics products
SAS Visual Analytics: web-based solution for exploring large data volumes
SAS In-Memory Statistics: delivers statistical modeling and machine learning capabilities in a
programming environment
SAS Code Accelerator for Hadoop (DS2)
Hadoop is an open-source software framework that provides distributed storage and processing of large
amounts of data. The data is divided into blocks and stored across multiple connected nodes (computers)
that work together.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-7
The Grid
SAS Grid
Manager
…
Set of Servers
8
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Data Management
9
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Data management components in SAS enable a data warehouse developer to create and manage metadata
objects that define sources, targets, and the sequence of steps for the extraction, transformation,
and loading of data.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-8 Chapter 1 Reviewing the Platform for SAS® Business Analytics
SAS Data Integration Studio provides a powerful visual design tool for building, implementing, and
managing data integration processes regardless of data sources, applications, or platforms. An easy-to-
manage, multiple-user environment enables collaboration on large enterprise projects with repeatable
processes that are easily shared. The creation and management of data and metadata are improved with
extensive impact analysis of potential changes made across all data integration processes.
SAS Data Quality Server enables you to cleanse data and execute jobs and services on the DataFlux Data
Management Server to improve data quality. It is part of a number of SAS software offerings, including
SAS Data Quality and SAS Data Management.
SAS Data Quality Solution includes the following features:
business rule validation – ensures that data meets organizational standards for data quality
and processes.
data profiling – examines the structure, completeness, and suitability of your information assets.
data quality – improves the quality of your enterprise information.
entity resolution – matches data and identifies potential relationships across sources.
master data management foundation – creates a hub of master data based on a subset of your existing
data through a phased MDM approach.
DataFlux Data Management Studio is a data management suite that combines data quality, data
integration, and master data management. It is the main administrative interface for DataFlux Data
Management Servers, DataFlux Authentication Servers, and other optional components.
DataFlux Data Management Server provides a scalable server environment for large Data Management
Studio jobs. Jobs can be uploaded from Data Management Studio to the Data Management Server where
the jobs are executed.
Advanced Analytics
SAS offers a rich and expansive portfolio of analytic products. The portfolio
includes products for predictive and descriptive modeling, data mining, text
analytics, forecasting, optimization, simulation, data visualization, model
management, and experimental design.
• SAS Enterprise Miner
• SAS Forecast Server
• SAS Model Manager
• JMP
10
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-9
SAS Enterprise Miner enables analysts to create and manage data mining process flows. These flows
include steps to examine, transform, and process data to create models that predict complex behaviors
of economic interest. The SAS Intelligence Platform enables SAS Enterprise Miner users to centrally
store and share the metadata for models and projects. In addition, SAS Data Integration Studio provides
the ability to schedule data mining jobs.
SAS Forecast Server enables organizations to plan more effectively for the future by generating
large quantities of high-quality forecasts quickly and automatically. This solution includes the
SAS High-Performance Forecasting engine, which selects the time series models, business drivers,
and events that best explain your historical data, optimizes all model parameters, and generates high-
quality forecasts. SAS Forecast Studio provides a graphical interface to these high-performance
forecasting procedures.
SAS Model Manager supports the deployment of analytical models into your operational environments.
It enables registration, modification, tracking, scoring, and reporting on analytical models that have been
developed for BI and operational applications.
JMP is interactive, exploratory data analysis and modeling software for the desktop. JMP makes data
analysis—and the resulting discoveries—visual and helps communicate those discoveries to others.
JMP presents results both graphically and numerically. By linking graphs to each other and to the data,
JMP makes it easier to see the trends, outliers, and other patterns that are hidden in your data.
The business intelligence components enable users with various needs and
skill levels to create, produce, and share their own reports and analyses.
The software tools in the business intelligence category address two main
functional areas: information design and self-service reporting and analysis.
SAS Enterprise
BI Server
SAS Business
Intelligence SAS Office Analytics
11
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The SAS platform applications were created to organize the functions of various job roles into the
different applications. Instead of having one large client application that does everything for all people
across the organization, there are several applications to accomplish these tasks.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-10 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Some of the applications are installed on each user’s machine; others are accessed using a web browser.
SAS Add-In for The SAS Add-In for Microsoft Office enables business users to
Microsoft Office transparently leverage the power of SAS analytics, reporting, and data
access directly from Microsoft Office via integrated menus and toolbars.
SAS Data SAS Data Integration Studio enables a data warehouse developer to create
Integration Studio and manage metadata objects that define sources, targets, and the sequence
of steps for the extraction, transformation, and loading of data.
SAS Enterprise SAS Enterprise Guide provides a guided mechanism to exploit the power
Guide of SAS and publish dynamic results throughout the organization. SAS
Enterprise Guide can also be used for traditional SAS programming.
SAS Information The SAS Information Delivery Portal is a web application that can surface
Delivery Portal the different types of business analytic content such as information maps,
stored processes, and reports.
SAS Information SAS Information Map Studio is used to build information maps, which
Map Studio shield business users from the complexities of the underlying data by
organizing and referencing data in business terms.
SAS Management SAS Management Console provides a single interface for administrators to
Console manage the metadata and servers in the SAS platform. Specific
administrative tasks are supported by plug-ins to the SAS Management
Console.
SAS OLAP Cube SAS OLAP Cube Studio is used to create OLAP cubes, which are
Studio multidimensional structures of summarized data. The Cube Designer
provides a point-and-click interface for cube creation.
SAS Web Report SAS Web Report Studio provides intuitive and efficient access to query and
Studio reporting capabilities on the web.
Note: The applications listed above are not all of the applications available with the SAS platform.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-11
The SAS Visual Analytics infrastructure includes some of the same software components that are
included in the SAS platform. However, SAS Visual Analytics is installed in a dedicated environment that
includes specialized hardware and its own instances of SAS software and servers.
SAS Solutions
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-12 Chapter 1 Reviewing the Platform for SAS® Business Analytics
14
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Information Map Studio JMP SAS Add-In for Microsoft Office
15
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-13
Classroom Environment
sasclient
Windows 2008 Server
sasserver
16 Linux Server
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-14 Chapter 1 Reviewing the Platform for SAS® Business Analytics
This demonstration illustrates how to access your two-machine collection and verify that the SAS servers
are started.
1. Access your Windows client machine.
Use the URL in step 6 of the email that you Use a remote desktop connection with the IP
received from Live Web Administration. address that is given to you by your instructor.
Log on with these credentials:
User: Student
Password: Metadata0
2. Connect to the server machine and check the status of SAS servers.
For
Linux Server
2. Navigate to /opt/sas/config/Lev1. Use the sas.servers script to verify the status of the
SAS servers: ./sas.servers status
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-15
3. If the servers are not started, enter the command ./sas.servers start. (The valid commands are
stop, start, restart, and status.)
2. Click the Services button in the system tray. With Services selected, scroll down to the
SAS services. Verify that the status for all the SAS services is Started.
Note: In a typical deployment, the Windows services would have a start-up type of
Automatic. The classroom image uses a batch file to start services.
3. If the SAS services are not started, open a CMD window under Start Command Window.
5. Enter cd scripts.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-16 Chapter 1 Reviewing the Platform for SAS® Business Analytics
6. Enter stopSAS.
Enter Y when prompted.
This displays the services that are being stopped. Enter Y again when prompted.
7. Start the servers with the startSAS script. This displays the services as they are starting.
8. Click OK.
9. Click OK.
A message is displayed when the script is done. (You can start the Task Manager to watch the
CPU activity.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-17
Exercises
Use the URL in step 6 of your email that Use a remote desktop connection with the IP
you received from Live Web address that is given to you by your instructor.
Administration.
Log on with these credentials:
User: Student
Password: Metadata0
b. Connect to the server machine and check the status of SAS servers.
For
Linux Server
2. Navigate to /opt/sas/config/Lev1. Use the sas.servers script to verify the status of the
SAS servers: ./sas.servers status
3. If the servers are not started, enter the command ./sas.servers start. (The valid commands
are stop, start, restart, and status.)
Note: The SAS Web Application Server might take as many as 15 minutes to start.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-18 Chapter 1 Reviewing the Platform for SAS® Business Analytics
2. Click the Services button in the system tray. With Services selected, scroll down to the
SAS services. Verify that the status for all the SAS services is Started.
Note: In a typical deployment, the Windows services would have a start-up type of
Automatic. The classroom image uses a batch file to start services.
4. If they are not started, open a CMD window under Start Command Window.
6. Enter cd scripts.
7. Enter stopSAS.
Enter Y when prompted.
This displays the services that are being stopped.
Enter Y again when prompted.
A message is displayed when the script is done.
8. Start the servers with the startSAS script. This displays the services as they are starting.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-19
A message is displayed when the script is done. (You can start the Task Manager to watch
the CPU activity.)
Note: The SAS Web Application Server might take as many as 15 minutes to start.
c. Locate and open the Instructions.html document. In a default deployment, it is located under the
configuration directory in the Levn/Documents subdirectory.
2. Right-click Instructions.html and select Open. (Double-clicking the file renders it in the
WinSCP editor, not Internet Explorer.).
d. Click SAS Web Applications in the Overview list at the top of the page.
e. Review the URLs of the SAS web applications. Scroll to SAS Studio Mid-Tier and click the
URL for the SAS Studio web application.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-20 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Note: The page request is going through the SAS Web Server. The port for the SAS Web Server
differs on Windows and Linux environments.
f. The SAS Logon Manager appears initially. The purpose of the SAS Logon Manager is to
authenticate and direct a successful sign-in to the appropriate web application. It enables the user
to access all SAS web applications without a credential change.
Sign in as Eric and use the password: Student1.
g. Enter the following code in the Program Editor:
proc setinit;
run;
Note: This procedure writes site information to the log, such as site number, expiration
of license, and the SAS products that are licensed.
h. Click Run (the running person icon) located above the code to submit the program.
i. The Log window appears. It contains a note that includes a list of the SAS software products that
are licensed in this environment. Review the information.
On what operating system are these products licensed?
What products listed pertain to data access?
j. Close out of Internet Explorer.
2. Looking Up the SAS Software Components That Are Licensed and Installed
a. On the client machine, open SAS Enterprise Guide. Select Start All Programs SAS
SAS Enterprise Guide 7.1. (Close the Welcome window.)
b. On the Resources pane in the bottom left of SAS Enterprise Guide, expand Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.1 Exploring the Platform for SAS Business Analytics Overview 1-21
c. Expand SASApp.
d. Right-click SASApp and select Properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-22 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-23
Objectives
22
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The SAS software life cycle involves planning, deploying, and administering
SAS software.
23
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-24 Chapter 1 Reviewing the Platform for SAS® Business Analytics
The SAS administrator might be responsible for planning, designing, deploying, monitoring, and
maintaining a SAS environment—whether it is in the cloud or in a data center.
During the development phase:
A customer’s requirements are gathered to understand how the features and behaviors of SAS can
support the objectives of the organization.
A design is created with the detailed requirements of the business and IT stakeholders regarding
security, scalability, availability, integration with third-party technology, installation specifications,
monitoring and auditing, configuration management, disaster management, and performance.
A plan to build and test the SAS platform is performed. With pre-installation, the infrastructure is
prepared for SAS software. SAS software is installed and configured and validated.
During the operational phase:
Activities to bring on board the end user and administration stakeholders are performed, to include
training and identifying efficient SAS administration practices.
The SAS administrators will perform tasks to keep the system healthy and available for the SAS users.
Continue to strengthen and optimize business analytics service capabilities and capacity by evolving
the SAS environment.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-25
Some of these tasks occur once. Others occur on a daily, weekly, or monthly basis. Administrators are
asked to perform a wide variety of tasks that can be grouped in the following ways:
Deployment Administration Tasks: Immediately after a deployment, initial administration tasks
might include activities necessary to protect the integrity of your system, such as configuring
encryption, authentication, and authorization, and establishing a regular backup schedule. These tasks
can be performed only once and perhaps updated occasionally, or revisited if major elements of the
SAS platform or the business requirements change.
Client Application Provisioning
Ensuring that pre-install requirements are met
Adding SAS desktop applications to users
Adding third-party components like Adobe Flash to enable web application usage for some SAS
offerings
Updating clients for hotfixes and maintenance releases
Authentication
There is no single mechanism that is applicable to all authentication events throughout a typical
deployment. Each deployment uses some combination of authentication processes, trust relationships,
and single sign-on technologies.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-26 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Encryption
The platform offers encryption features that help protect information about disk and in transit. Here is
an overview of encryption support:
Passwords in configuration files and the metadata are encrypted or encoded. Most other metadata is
not encrypted.
Passwords in transit to and from SAS servers are encrypted or encoded. You can choose to encrypt
all such traffic, instead of encrypting only credentials.
When you obtain and implement certificates for SAS Web Server and other middle-tier components,
you can use auto-generated certificates from SAS Deployment Wizard or provide your own.
Backups and Recovery
Backups of your SAS platform are scheduled by default at deployment, but they can be modified
anytime after in SAS Management Console, SAS Environment Manager, or with scripting tools.
Maintenance Administration Tasks: These tasks are performed at the time of a major upgrade of
the software, such as a maintenance release or adding products, license renewals, and applying
hotfixes.
Metadata Administration Tasks: These tasks include setting up user access to data and metadata
resources, set and manage metadata security, ensure that metadata is being backed up, and promotion
metadata.
Ongoing Administration Tasks: These tasks are performed on an ongoing basis to keep the SAS
Intelligence Platform operational. When a deployment is up and running, it requires regular
management and maintenance such as monitoring servers and activity.
For detailed information about administration tasks, view the Checklist of SAS Platform Administration
Tasks: http://support.sas.com/resources/papers/Platform-Administration-Tasks.pdf
A first step for any SAS administrator is to know his or her SAS environment.
Know where your installation depot and all corresponding documents are.
Know which SAS products are installed, and which SAS versions and releases.
Key management and maintenance tasks also vary based on characteristics
of the SAS deployment:
• Licensed products and solutions
• Volume and type of users
• IT requirements such as uptime, change management, security, auditing
All relevant documentation describing your SAS platform should be stored,
for use by all SAS or IT administrators, in one central location. This includes
installation checklists, post-install docs,26 security models, and log locations.
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-27
The SAS Software Depot is the central location from which you update your
SAS software. The depot contains
• SAS Deployment Wizard executable
• a collection of SAS installation files
• one or more orders
• your initial SAS 9.4 software order
and additional orders that you
make in the future.
27
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
A single depot maintains disk copies of installation media for all of your orders, optimizing space by
storing a single copy of any product that appears in multiple orders. The SAS Deployment Wizard is
located at the root of the SAS Software Depot alongside folders that contain license files, third-party
support files, various deployment utilities, and the packages from which products are installed and
configured.
Here are the benefits:
With a centralized SAS Software Depot, you can run the SAS Deployment Wizard on each of your
machines directly from this network-accessible depot.
You can apply maintenance and upgrades easier.
You can save time and disk space if you maintain all of your SAS orders in a single depot. You save
space by sharing content across orders, and you save download time by downloading only the product
content that has not already been downloaded as part of another order.
Hotfixes, license keys, plan files, and so on, are all organized in one designated location.
SAS 9.4 Intelligence Platform: Installation and Configuration Guide:
http://support.sas.com/documentation/cdl/en/biig/63852/HTML/default/titlepage.htm
SAS Deployment Wizard and SAS Deployment Manager 94: User’s Guide
http://support.sas.com/documentation/installcenter/en/ikdeploywizug/66034/PDF/default/user.pdf
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-28 Chapter 1 Reviewing the Platform for SAS® Business Analytics
The SAS Deployment Wizard is used to install and deploy all SAS 9.4 software.
It provides a broad range of installations:
• on a single machine
• on many machines across several tiers
• silently or interactively
29
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-29
Before updating your SAS products or applying hotfixes, you need the
product release numbers for all SAS products at your site. To determine these
product release numbers for each machine in your SAS deployment, generate
a deployment registry report and save it for future reference.
The installation of SAS products is logged in the SAS Deployment Registry. ViewRegistry is a reporting
utility that processes the deployment registry to generate a report. This report identifies all SAS 9.2 and
later software that is installed in the current SASHOME location. Installed hot fixes are also logged in the
SAS Deployment Registry and reported in DeploymentRegistry.html.
Beginning with SAS 9.4 M3, the default output reports only the current release of product components
that are installed in the current SASHOME. Duplicate product component entries appear only for
products that support side-by-side deployment (for example, SAS Enterprise Guide and SAS Add-In for
Microsoft Office). The -all option can be used to report on all product components that have been
installed in SASHOME.
The ViewRegistry report is generated by executing the JAR file sas.tools.viewregistry.jar. This JAR file
is located in the SASHOME/deploymntreg directory and must be executed from this directory.
Two output files are produced by the reporting utility: DeploymentRegistry.html and
DeploymentRegistry.txt. The HTML and TXT output files are written in the SASHOME/deploymntreg
directory. Note that in order to run the reporting utility, Windows users must have Write permissions for
the deploymntreg directory (the default location is D:\Program Files\SASHome\deploymntreg)
because the resulting reports are written to this location. UNIX users must have Write permission to the
SASHOME location.
For more information about using the ViewRegistry report, see Usage Note 35968, “Using the
ViewRegistry Report and other methods to determine the SAS 9.2 and later software releases and hot
fixes that are installed”: http://support.ss.com/kb/35/968.html.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-30 Chapter 1 Reviewing the Platform for SAS® Business Analytics
SAS Deployment Manager is a graphical user interface that enables you to do the following:
update passwords for the service accounts that were configured when you ran the SAS Deployment
Wizard
rebuild and redeploy web applications that have previously been configured but whose configuration
has changed
remove one or more components of a SAS Intelligence Platform configuration from your environment
update setinit (license) information in metadata for some SAS solutions that depend on a SAS middle
tier
manage the default associations between file types and SAS software
change the host names (including the network domains to which they belong) of server machines in
your deployment
apply downloaded hotfixes to your SAS software
update existing configuration for SAS products that have been updated or upgraded
change the passphrase that is used to encrypt stored passwords
configure the language and region for SAS Foundation and certain SAS applications
configure autoload directory for SAS Visual Analytics
uninstall SAS software
configure and manage the SAS Deployment Agent service
configure certain SAS/ACCESS products to include Hadoop configurations
manage Trusted CA Bundle
For details, see “Overview of SAS Deployment Manager” in SAS® 9.4 Intelligence Platform: System
Administration Guide, Third Edition
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-31
The SAS Deployment Manager includes a task to update the license file in the metadata.
http://support.sas.com/documentation/cdl/en/bisag/68240/HTML/default/viewer.htm#n1dkjbmslqht
w2n1rfte1g05py2h.htm
You can update your existing SAS Software by doing the following:
• Installing and configuring a SAS product that is new to your system.
• Applying maintenance. Maintenance releases provide updates and new
functionality for SAS products and solutions
• Installing hotfixes. Hotfixes repair problems that have been identified in
SAS product code.
Chapter 9
32
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Here are two common scenarios for adding to your SAS deployment:
You ordered the SAS product but did not install it.
You are deploying new products from a new SAS order.
There are two types of maintenance releases:
A SAS maintenance release is a maintenance release for SAS Foundation. This type of maintenance
release includes software changes for multiple SAS products, such as Base SAS and SAS/GRAPH.
A product-specific maintenance release is a maintenance release for a specific product, such as the first
maintenance release for SAS Forecast Server. This type of maintenance release includes software
changes for a single SAS product.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-32 Chapter 1 Reviewing the Platform for SAS® Business Analytics
33
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-33
Exercises
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-34 Chapter 1 Reviewing the Platform for SAS® Business Analytics
5) The Checking System page opens as the installer ensures that the machine has the resources
necessary. Click Next to continue.
6) Click Cancel because the same version of SAS Enterprise Guide is already installed on this
machine.
Note: Command line options all work with the independent installers, which allows for quiet
deployment. All responses are created in a response file using Record mode and then use
Quiet Playback mode to perform the quiet deployment on the target machine.
Refer to Appendix A of SAS® Deployment Wizard and SAS® Deployment Manager 9.4: User’s Guide,
available at http://support.sas.com/deploywizug94.html.
6. Accessing Deployment Manager
Access SAS Deployment Manager and review the tasks. Also, view the internal service accounts that
would be updated with this application. However, do not be update passwords at this time.
a. On the server machine, navigate to SAS Deployment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.2 Reviewing Platform Administration Deployment and Maintenance Tasks 1-35
3. Open DeploymentRegistry.html in the same directory. (You can use the WinSCP application
that has a shortcut on your desktop or use Firefox on your Linux server.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-36 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Which of the following tasks are performed using SAS Deployment Manager?
36
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
1.02 Poll
True
False
38
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-37
Objectives
41
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
42
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-38 Chapter 1 Reviewing the Platform for SAS® Business Analytics
In order to make access distinctions and track user activity, create SAS
identities for your users.
User management is
Users
covered in Chapter 4.
Groups
Ellen
Henri
Sales
Marketing
43
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The initial SAS folder structure provides private folders for individual users. Within the SAS folders,
you should create a customized folder structure that meets your specific needs.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-39
In order to make data available to most SAS applications, you need to register
data sources in the metadata, including these listed below:
Information maps
Hadoop (HDFS)
Metadata Security
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-40 Chapter 1 Reviewing the Platform for SAS® Business Analytics
The SAS administrator should write and maintain a security policy to include
• authorization (access rights and permissions) in SAS
• any data or databases accessed via SAS
• OS-managed assets.
47
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-41
To ensure the integrity of the content that is created and managed by the
SAS platform, the following are recommended best practices:
• Always use the metadata server backup facility to back up the repository
manager and metadata repositories.
• Perform regularly scheduled full backups.
• Perform backups before and after major changes.
• Specify a reliable backup destination that is included in daily system backups.
Have a disaster recovery plan in place (which includes Backups are covered
the SAS recovery tools) as part of a larger scheme of in Chapter 3.
recovering all of your SAS software.
48
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
In addition to performing regular full backups, in some situations, it might be appropriate to back up
specific objects or folders in the metadata folders (SAS Folders) tree. In these situations, you can use the
promotion tools, which include the Export SAS Package Wizard, the Import SAS Package Wizard, and
the batch export and import tools.
Note: You should synchronize the backups with the backup of other physical files.
Moving Metadata
As an administrator, you might need to move metadata either within the same
deployment or across different deployments.
Promotion is the process of copying selected metadata and associated content
within or between planned deployments of SAS.
49
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-42 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Objects can be promoted from one location in the SAS Folder tree to another location in the same tree.
For example, you might want to promote a newly created or modified object from a user’s home folder to
a shared location.
Promotion can also be used to create a backup of specific folders and objects.
Among the promotion tools are the following:
the Export SAS Package and Import SAS Package Wizards in SAS Management Console, SAS Data
Integration Studio, and SAS OLAP Cube Studio. However, SAS Data Integration Studio and SAS
OLAP Cube Studio can export and import only the objects that pertain to the application.
the batch export tool and the batch import tool. The batch import tool and export tool are called
ImportPackage and ExportPackage and are located in SAS-installationdirectory
\SASPlatformObjectFramework\9.4
The package format is the same regardless of the host machine’s operating system or the tool (wizard or
batch tool) used to create it.
continued...
SAS Tools for Metadata Management
50
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Management Console provides a single interface for administrators to manage the metadata
and servers in the SAS platform. Specific administrative tasks are supported by plug-ins to
SAS Management Console.
Another tool, SAS Web Administration Console, is a web-based interface that enables you to do the
following:
monitor which users are logged on to SAS web applications
view audit reports of logon and logoff activity
manage notification templates and letterheads
manage web-layer authorization (including privileges, roles, and permissions)
access the SAS Content Server Administration Console
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-43
51
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Note: You can use Help in the SAS Environment Manager Administration interface.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-44 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Comparison of SAS Management Console and the Current Version of SAS Environment Manager
Start, stop, and restart the SAS Web Application Server; and start,
stop, and reload web applications
Back up and restore the metadata server, and create and administer
metadata repositories
Monitor the operation of grids, and administer grid hosts, queues,
and jobs
Schedule flows to run on a scheduling server
Browse the contents of SAS folders, view and update properties of
folders and objects, and rename and delete objects
Create, rename, and delete SAS folders
Create and modify metadata definitions for users, groups, and
roles; and manage memberships, logins, and internal accounts
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-45
Define metadata access rules, and create and update access control
templates (ACTs)
Browse any type of library or server that has been defined in
SAS metadata
Create and modify metadata definitions for Base SAS libraries,
SAS LASR Analytic Server libraries, and SAS LASR Analytic
Servers
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-46 Chapter 1 Reviewing the Platform for SAS® Business Analytics
52
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS provides a number of tools that you can use to determine the status,
operation, and monitoring of your servers and spawners, including the following:
• SAS Environment Manager
• SAS Management Console
• scripts
• third-party monitoring tools
Each server has a logging configuration file that controls the destination,
contents, and format of the log for that server.
Server monitoring is covered
in Chapters 2, 5, and 8.
53
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Solution-specific administration interfaces are available, such as SAS Visual Analytics Administrator.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-47
There are also some optional setup tasks that might be necessary for you to modify your initial
configuration to meet specific requirements in your environment. Optional administration and
configuration tasks include the following:
install sas.servers as a boot script
optimize performance of the metadata server
modify the configuration of your processing servers
optimize web application performance
adjust server logging
enable job and report scheduling
increase Java head memory allocation for desktop applications
set up change management for SAS Data Integration Studio jobs
collect ARM log information for SAS Data Integration Studio batch use
For additional information, see “Optional Setup Tasks” in SAS® 9.4 Intelligence Platform: System
Administration Guide, Fourth Edition.
continued...
SAS Environment Manager
SAS Environment Manager is an operational monitoring and management system for SAS deployments.
SAS Environment Manager incorporates some of the Hyperic technology from VMware in order to offer
enterprise-class operational features. It incorporates plug-ins that are designed for administration,
management, and monitoring of SAS technologies.
Beginning with SAS Environment Manager 2.4, the component SAS Environment Manager Data Mart
Performance and Usage Reporting is also included. Extract, transform, and load (ETL) processes obtain
metric information from the SAS Environment Manager agent and from SAS logs, standardize the data,
and store the data in the SAS Environment Manager Data Mart. From there, the data is used to produce
predefined reports in the Report Center.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-48 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-49
This demonstration introduces SAS Management Console and SAS Environment Manager.
1. On the client machine, start SAS Management Console by selecting Start SAS Management
Console. When the Connection Profile window appears, click OK to connect with the My Server
connection profile. Log on as Ahmed using the password Student1.
Note: Ahmed is the SAS administrator in our classroom environment.
2. Because we are logged on as Ahmed, we can see all three tabs: Plug-ins, Folders, and Search.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-50 Chapter 1 Reviewing the Platform for SAS® Business Analytics
A plug-in is an application module that is designed to create and maintain metadata for a specific type
of resource.
Only certain users can view and use plug-ins. A user’s access depends on which roles the user is
assigned to and which capabilities are assigned to those roles. We cover roles in Chapter 4.
These are some of the plug-ins:
Authorization Manager: used to define and maintain access rules to control how users and groups
can access metadata definitions.
Data Library Manager: used to create and maintain definitions for SAS libraries and database
schemas.
Metadata Manager: used to perform administration tasks related to the SAS Metadata Server.
Server Manager: used to create and maintain server definitions.
User Manager: used to create and maintain definitions for users, groups, and roles.
3. The Folders tab displays the SAS Folders hierarchy. Metadata is organized and viewed through
the folders.
You can keep SAS Management Console minimized on your desktop because you use the application
throughout class.
4. Open Internet Explorer or Google Chrome from the client machine using the taskbar. Click SAS
Environment Manager on the Favorites bar.
Note: To access SAS Environment Manager, use your web browser to got to
http://<localhost>:7080, where localhost is the machine on which the SAS Environment
Manager server is installed.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-51
6. Your initial view will be the dashboard. Click Resources Browse, or click Resources and that
takes you to the Resources page. Your SAS resources can be viewed and monitored from here. These
resources are categorized by Platforms, Servers, and Services. There are other groupings that can be
used for ease of access to resources.
8. Metrics are displayed that are relevant to this resource, and you can navigate to Inventory to see
configuration details; Alerts to see alerts for this resource, modify existing alerts, or create new alerts;
or Control to perform or schedule a control action, such as starting, stopping, or restarting the object
spawner.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-52 Chapter 1 Reviewing the Platform for SAS® Business Analytics
10. The Administration page is where you can manage SAS metadata. The application provides these
functions through the use of modules. Each module manages a specific type of SAS metadata.
Initially, the application displays the Folders module. This view enables you to view and manage
SAS folders and the metadata objects that they contain.
11. To switch to a different module, click the Side menu icon to open the side menu, which displays
a list of all of the available modules. Click a module name to open it and view the specific objects that
the module manages.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-53
13. Expand SASApp SASApp - Logical Workspace Server SASApp - Workspace Server.
14. Right-click SASApp - Workspace Server and select Open to see the metadata properties. (You can
also double-click on the metadata object.)
15. Object definitions open on the Basic Properties page. The title of the page is displayed at the top of
the page, next to the entry’s name. To view other property pages for the definition, click the page title
to display a menu of the page titles.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-54 Chapter 1 Reviewing the Platform for SAS® Business Analytics
16. As you open object definitions in the modules, the object counter icon on the toolbar keeps
track of the definitions that are open and provides easy access to an open definition. The counter on
the icon indicates the number of object definitions that are open. Click the icon to display a menu of
all open definitions. Select an item in the menu to go to that definition. An asterisk beside an entry in
the menu indicates that the definition has been changed but not yet saved.
Note: It is a good idea to not have many definitions open, because it causes erroneous views of
metadata definitions.
17. You can keep SAS Environment Manager and SAS Environment Manager Administration minimized
throughout class, although you will need to log back in each day because the time-out interval of
cached credentials for SAS web applications is 12 hours, by default.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-55
Exercises
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-56 Chapter 1 Reviewing the Platform for SAS® Business Analytics
d. In SAS Management Console, right-click Object Spawner – sasserver and select Properties.
Click the Servers tab.
In SAS Environment Manager Administration, right-click Object Spawner – sasserver and
select Open. (You can also double-click Object Spawner – sasserver to open up the metadata
definition.)
From the drop-down menu, select Servers. (Click the down arrow next to Basic Properties.)
What servers are the object spawner responsible for?
e. You are viewing SAS server metadata in SAS Management Console and SAS Environment
Manager.
You can also monitor your SAS compute servers and middle tier servers in SAS Environment
Manager. In SAS Management Console, you can monitor usage on your SAS compute servers
only. (This is covered in later chapters.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-57
59
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
61
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-58 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Writing a SAS security policy should include input from which of the
following?
a. database administrators
b. system administrators
c. users
d. managers
63
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
1.06 Quiz
65
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.3 Reviewing Platform Administration Metadata and Ongoing Tasks 1-59
How often do you need to check the status of your SAS servers?
a. never
b. at installation time and as needed thereafter
c. as needed
d. daily
67
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
a. never
b. at installation time and as needed thereafter
c. as needed
d. daily
69
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-60 Chapter 1 Reviewing the Platform for SAS® Business Analytics
1.4 Solutions
Solutions to Exercises
1. Locating and Opening the Instructions.html Document
This exercise illustrates how to find SAS web application URLs for our SAS environment, which
are documented in Instructions.html.
Instructions.html is the reference document for your SAS deployment and would contain any
manual configuration steps that must be performed. It provides an overview of your deployment,
including the web application URLs. It is located under the SAS configuration directory in the
Levn/Documents subdirectory (for example: D:\SAS\Config\Lev1\Documents).
Note: An Instructions.html document is created on each machine that executes the
SAS Deployment Wizard.
a. Access your Windows client machine.
Use the URL in step 6 of your email that Use a remote desktop connection with the IP
you received from Live Web address that is given to you by your instructor.
Administration.
Log on with these credentials:
User: Student
Password: Metadata0
b. Connect to the server machine and check the status of SAS servers.
For
Linux Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-61
2. Navigate to /opt/sas/config/Lev1. Use the sas.servers script to verify the status of the
SAS servers: ./sas.servers status
3. If the servers are not started, enter the command ./sas.servers start. (The valid commands
are stop, start, restart, and status.)
Note: The SAS Web Application Server might take as many as 15 minutes to start.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-62 Chapter 1 Reviewing the Platform for SAS® Business Analytics
2. Click the Services button in the system tray. With Services selected, scroll down to the
SAS services. Verify that the status for all the SAS services is Started.
Note: In a typical deployment, the Windows services would have a start-up type of
Automatic. The classroom image uses a batch file to start services.
4. If they are not started, open a CMD window under Start Command Window.
6. Enter cd scripts.
7. Enter stopSAS.
This displays the services that are being stopped. A message is displayed when the script is
done.
Enter Y when prompted.
This displays the services that are being stopped. Enter Y again when prompted.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-63
8. Start the servers with the startSAS script. This displays the services as they are starting.
A message is displayed when the script is done. (You can start the Task Manager to watch
the CPU activity.)
Note: The SAS Web Application Server might take as many as 15 minutes to start.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-64 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c. Locate and open the Instructions.html document. In a default deployment, it is located under the
configuration directory in the Levn/Documents subdirectory.
2. Right-click Instructions.html and select Open. (Double-clicking the file renders it in the
WinSCP editor, not Internet Explorer.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-65
d. Click SAS Web Applications in the Overview list at the top of the page.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-66 Chapter 1 Reviewing the Platform for SAS® Business Analytics
e. Review the URLs of the SAS web applications. Scroll to SAS Studio Mid-Tier and click the
URL for the SAS Studio web application.
Note: The page request is going through the SAS Web Server. The port for the SAS Web Server
will differ on Windows and Linux environments.
f. The SAS Logon Manager appears initially. It is a web application that handles all authentication
requests for SAS web applications. Users see the same logon page when they access any
SAS web application. It is a global single sign-in session. It enables the user to access all
SAS web applications without a credential change.
Sign in as Eric and use the password Student1.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-67
i. The Log window appears. It contains a note that includes a list of the SAS software products that
are licensed in this environment. Review the information.
What products listed pertain to data access? SAS/ACCESS Interface products, such
as the following:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-68 Chapter 1 Reviewing the Platform for SAS® Business Analytics
b. On the Resources pane in the bottom left of SAS Enterprise Guide, expand Servers.
c. Expand SASApp.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-69
This view shows licensed and installed products for the SASApp server context. When you run
the SETINIT procedure, which was done in the demonstration and exercise, the list produced
in the log is only what is licensed.
g. Close the SAS Server Products window and the SASApp Properties window.
3. Using the SAS Installation Reporter Program
You run the program identified below to generate a report that shows which SAS components (for
example, software, client applications, and hot fixes) are installed.
a. Use SAS Enterprise Guide or SAS Studio to run the sasinstallreport.sas program located in the
following directory on your client machine: D:\Workshop\spaft
b. Review the results in the log.
The report includes the following information:
licensed SAS software (for example, Base SAS, SAS/STAT, and so on)
installed SAS software
installed SAS clients or applications (for example, SAS Enterprise Guide, the SAS System
Viewer, and so on)
installed SAS hotfixes (along with cursory status).
other versions of SAS software (only in Windows environments and when the XCMD system
option is enabled)
information about your deployment, including orders and configured servers
installed and running SAS Windows services (when the XCMD system option is enabled)
Note: To download the program in your environment, see Usage Note 20390, “The SAS
Installation Reporter program creates a report showing which applications, clients, and
hotfixes are installed”: http://support.sas.com/techsup/notes/v8/20/390.html
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-70 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Note: There are two SAS procedures that will give you similar information:
The SETINIT procedure tells you what is licensed and the expiration dates and
works in all versions of SAS.
The PRODUCT_STATUS procedure tells you what is installed. Some products
might be licensed but not installed. For example, if you are not actively using the
product, you might not want to use disk space.
4. Considering Users and Applications
What types of users do you have at your site and which SAS applications are used by these users?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-71
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-72 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-73
For Linux Server: Do not open the executable through WINSCP, but navigate to the executable
through Windows Explorer on the client machine.
d. Follow the SAS Deployment Wizard instructions but do not start the install because those
products are already installed.
Note: If you are installing to a system that has a previous version of an independent product
already installed, the executables will update the product to the version used in the name
of the file.
1) Click Install on the Ready to Install page to continue.
2) The Initializing and Installing page opens. When the files have been moved, the Choose
Language page opens. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-74 Chapter 1 Reviewing the Platform for SAS® Business Analytics
3) The Select Enterprise Guide Mode page opens. Click Next to continue.
4) The Select Language Support page opens. You can click Clear All to remove the selection
from all of the languages except English. Click Next to continue.
5) The Checking System page opens as the installer ensures that the machine has the resources
necessary. Click Next to continue.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-75
6) Click Cancel because the same version of SAS Enterprise Guide is already installed on this
machine.
Note: Command line options all work with the independent installers, which allows for quiet
deployment. All responses are created in a response file using Record mode and then use
Quiet Playback mode to perform the quiet deployment on the target machine.
Refer to Appendix A of SAS® Deployment Wizard and SAS® Deployment Manager 9.4: User’s Guide,
available at http://support.sas.com/deploywizug94.html.
6. Accessing Deployment Manager
You will access the SAS Deployment Manager and review the tasks. Also, view the internal service
accounts that would be updated with this application. However, do not update passwords at this time.
a. On the server machine, navigate to the SAS Deployment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-76 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c. Scroll through the list of tasks that are performed in SAS Deployment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-77
e. Click Next to move through the selection of configuration directory and level.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-78 Chapter 1 Reviewing the Platform for SAS® Business Analytics
h. Review the list of internal service accounts that were created at SAS deployment. Click Cancel
because no passwords need to be updated.
Note: Passwords for any service accounts that you introduce in SAS Management Console are
not managed by this tool. For example, if you designate a new logon as the launch
credential for a server, that launch credential is not automatically added to the list of
accounts that the SAS Deployment Manager can update.
7. Generating the Deployment Registry Report
The installation of SAS products is logged in the SAS Deployment Registry. The deployment
registry report processes the deployment registry and identifies all SAS 9.2 and later software
that is installed in the current SASHOME location. Installed hot fixes are also logged in the
SAS Deployment Registry and reported in DeploymentRegistry.html.
Note: For details about running the ViewRegistry report, see Usage Note 35968:
http://support.sas.com/kb/35/968.html.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-79
The ViewRegistry utility that is used to generate the report is installed in SASHome/deploymntreg.
3. Open DeploymentRegistry.html in the same directory. (You can use the WinSCP application
that has a shortcut on your desktop or use Firefox on your Linux server.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-80 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c. Right-click Sales Analysis Library and select Properties to see the metadata definition.
The answers to the questions can be found on the Properties tabs.
Where is the location of this library definition in the metadata folder structure?
/Orion Star/Marketing Department/Data
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-81
Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-82 Chapter 1 Reviewing the Platform for SAS® Business Analytics
d. Navigate to the metadata folder location of the Sales Analysis Library and SALES_ANALYSIS
table.
Note: The table is stored in the same metadata folder as the library to which it is registered.
Registering libraries and its registered tables to the same metadata folder is a good
practice due to the metadata access controls. This is discussed in a later chapter.
9. Comparing Server Hierarchy in SAS Management Console and SAS Environment Manager
Compare the server hierarchy in the Server Manager plug-in in SAS Management Console
to the Server module in SAS Environment Manager Administration.
a. In SAS Management Console, on the Plug-ins tab, expand Server Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-83
b. Open Internet Explorer or Google Chrome, located on the taskbar of your client machine. Click
SAS Environment Manager on the Favorites bar. Sign in as sasadm@saspw and use the
password Student1.
3) Select Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-84 Chapter 1 Reviewing the Platform for SAS® Business Analytics
c. Do the server hierarchies in SAS Management Console and SAS Environment Manager
Administration differ?
No. It is a different tool displaying the same metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-85
e. You are viewing SAS server metadata in SAS Management Console and SAS Environment
Manager.
You can also monitor your SAS compute servers and middle tier servers in SAS Environment
Manager. In SAS Management Console, you can monitor usage on your SAS compute servers
only. (This is covered in later chapters.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-86 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Which of the following tasks are performed using SAS Deployment Manager?
37
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
True
False
39
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-87
60
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
62
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-88 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Writing a SAS security policy should include input from which of the
following?
a. database administrators
b. system administrators
c. users
d. managers
64
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
66
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1.4 Solutions 1-89
How often do you need to check the status of your SAS servers?
a. never
b. at installation time and as needed thereafter
c. as needed
d. daily
68
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
a. never
b. at installation time and as needed thereafter
c. as needed
d. daily
70
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
1-90 Chapter 1 Reviewing the Platform for SAS® Business Analytics
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 2 Reviewing SAS Platform
Architecture
2.1 Exploring the Platform Architecture ......................................................................... 2-3
Exercises............................................................................................................. 2-15
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-3
Objectives
3
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Best Practice:
Know the Components of Your SAS Platform
Ensure that you can identify the components of your SAS platform and the
hosts on which they are installed and configured. Ensure that you have a
basic awareness of what each component does.
For a secure deployment, the configuration directory on each server machine
must be protected by operating system controls. These controls will prevent
inappropriate access to repository data sets, server scripts, server logs, and
configuration files.
4
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-4 Chapter 2 Review ing SAS Platform Architecture
The platform for SAS Business Analytics consists of a multiple-tier environment that is typically
represented by the following:
Client Tier: SAS client software is installed on users’ desktops. SAS client applications cannot execute
SAS code on their own. They must request code submission and other services from a SAS server. A web
browser is all that is necessary for SAS web applications.
Middle Tier: The middle tier is where the web applications reside and execute. The middle tier also
contains the infrastructure that supports the execution of the web browser applications, including a Java
servlet container (or web application server), the Java Runtime Environment, the JMS Broker, the Cache
Locator, the SAS Web Infrastructure Platform, the Content Server.
Server Tier: SAS Servers: The server tier consists of one or more machines where the SAS servers are
installed and accessed by the SAS platform applications. Several types of SAS servers are available to
handle different workload types and processing intensities, including the metadata server, the workspace
servers, the stored process servers, and the object spawner.
Server Tier: SAS Metadata Server: The SAS platform uses the metadata server and metadata
repositories to manage information about the entire environment, including server definitions, data
definitions, users and groups, security settings, and business intelligence content.
Data Tier: Data sources store your enterprise data. All of your existing data assets can be used, whether
your data is stored in third-party database management systems, SAS tables, or enterprise resource
planning (ERP) system tables.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-5
continued...
SAS Platform Architecture
Metadata Server Cl i ent Tier
Mi ddle Tier
Da ta Sources
SA S Servers SAS Web Application Server
Web Applications: SAS Management Console
SAS Workspace Server SAS Enterprise Guide
SAS Studio
SAS Data Sets SAS Pooled Workspace SAS Web Report Studio SAS Add-In for Microsoft
SAS OLAP Cubes Server SAS Information Delivery Office
Third-Party Data Stores SAS Stored Process Portal SAS Enterprise Miner
Enterprise Resource Server SAS Web Report Studio SAS Data Integration Studio
Planning (ERP) Systems SAS Grid Servers SAS Visual Analytics SAS Information Map Studio
SAS OLAP Server Other SAS Web Applications
SAS OLAP Cube Studio
SAS LASR Analytics and Solutions
SAS Solution Applications
Server
SAS Web Infrastructure SAS Web Infrastructure
Platform Web Browser
Platform Data Server
(Logon Manager)
SAS Environment
Manager Agent SAS Environment SAS Web Server Mobile Devices (to view
Manager Agent (http server) some types of reports)
The four tiers listed above represent categories of software that perform similar types of computing tasks
and require similar types of resources. The tiers do not necessarily represent separate computers or groups
of computers.
For a large company, the tiers can be installed across a multitude of machines with different operating
systems. For prototyping, demonstrations, or very small enterprises, all of the tiers can be installed
on a single machine.
continued...
Clients
Cl i ent Tier
Desktop clients run on Windows
SAS Management Console
desktops.
SAS Enterprise Guide Some of these clients are native
SAS Add-In for Microsoft
Office
Windows applications and others
SAS Web Applications:
SAS Enterprise Miner are Java applications.
SAS Data Integration Studio
SAS Logon Manager Some clients require only a web
SAS Information Map Studio
SAS Environment Manager
SAS OLAP Cube Studio browser to be installed on each
SAS Studio
SAS Solution Applications
SAS Information Delivery Portal client machine.
SAS Web Report Studio Web Browser
SAS Visual Analytics
Mobile Devices (to view
some types of reports)
7
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-6 Chapter 2 Review ing SAS Platform Architecture
The client tier provides users with desktop access to intelligence data and functionality through easy-to-
use interfaces. For most information consumers, reporting and analysis tasks can be performed with only
a web browser. For more advanced design and analysis tasks, SAS client software is installed on users’
desktops.
continued...
SAS Servers: Metadata Server
continued...
SAS Servers
SA S Servers
Metadata Server
SAS servers execute
SAS analytical and reporting
C l ient Tier
SAS Workspace Server
processes for distributed clients.
SAS Management Console
SAS Enterprise Guide
SAS Add-In for Microsoft
SAS Pooled Workspace These servers are typically
Of f ice
SAS Enterprise Miner
Server accessed either by desktop
SAS Data Integration Studio SAS Stored Process
SAS Inf ormation Map Studio
SAS OLAP Cube Studio Server
clients or by web applications
SAS Solution Applications
SAS Grid Servers that run in the middle tier.
Web Browser SAS OLAP Server
SAS Web Applications:
SAS Logon Manager
SAS Environment Manager SAS LASR Analytic
SAS Studio
SAS Inf ormation Delivery Portal Server N ote: The term server refers to a
SAS Web Report Studio
SAS Visual Analytics
process or processes.
9
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
On the platform, the term server refers to a process or processes that wait for and fulfill requests from
client programs for data or services. The term server does not necessarily refer to a specific computer,
because a single computer can host one or more servers of various types.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-7
The SAS servers use the SAS Integrated Object Model (IOM). The IOM is a set of distributed object
interfaces that make SAS software features available to client applications when SAS is exec uted
on a server. Each server uses a different set of IOM interfaces and has a different purpose.
continued...
Data Sources
S A S S ervers
Da ta Sources
Metadata Server
The platform includes several
SAS Workspace Server
options for data storage, including
SAS Pooled Workspace
Server SAS Data Sets SAS data sets, SAS OLAP cubes, and
SAS Stored Process
Server SAS OLAP Cubes the SAS Web Infrastructure
SAS Grid Servers
SAS OLAP Server Third-Party Data Stores
Enterprise Resource
Platform Data Server.
SAS LASR Analytic
Server
Planning (ERP) Systems In addition, SAS provides products
that enable you to access data in
SAS Web Infrastructure
C l ient Tier
Platform Data Server
your existing third-party data stores
SAS Client Applications
SAS Web Applications
and ERP systems.
10
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-8 Chapter 2 Review ing SAS Platform Architecture
continued...
Middle Tier
Mi ddle Tier
SAS Web Server Cache Locator The middle tier includes
C l ient Tier
(http server)
JMS Broker the following:
SAS Client Applications SAS Web Application Server • SAS Web Server and
Web Browser Web Applications:
SAS Studio
SAS Web Application Server
SAS Web Report Studio
S A S S ervers SAS Information Delivery • a Java Runtime Environment
Portal
Metadata Server SAS Web Report Studio (JRE)
SAS Visual Analytics
SAS Servers
Other SAS web applications
and solutions
• SAS web applications
D ata Sources SAS Web Infrastructure • SAS Web Infrastructure
SAS Web Infrastructure Platform
Platform Data Server (Logon Manager) Platform
SAS Environment SAS Environment SAS Environment • SAS Environment Manager
Manager Agent Manager Server Manager Agent
Server and Agent
11
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The middle tier enables users to access intelligence data and functionality via a web browser. This tier
provides web-based interfaces for report creation and information distribution, while passing analysis
and processing requests to the SAS servers.
Beginning with the release of SAS 9.4, SAS includes an embedded middle-tier server called SAS Web
Application Server. SAS no longer requires nor supports external third-party application servers. SAS
also now includes several new middle-tier capabilities, including enhanced monitoring and management,
web-based administration, load balancing, and improved availability.
The SAS Web Infrastructure Platform includes the SAS Content Server and other infrastructure
applications and services.
A JMS broker provides distributed communication with Java Messaging Services. Some SAS web
applications use queues and topics for business logic.
A cache locator is used by SAS web applications to locate and connect to a distributed cache. The SAS
web applications use the cache to maintain awareness of user sessions and to share application data.
SAS Environment Manager Server is responsible for communicating with the agents. It collects information
about items such as discovered resources, metrics, and availability, and issues control actions received from
the SAS Environment Manager application. Collected data is stored in the SAS Environment Manager
database.
SAS Environment Manager Agent is a software process that runs on each platform (middle-tier and server-tier
machine) in a SAS deployment. The agent is responsible for tasks such as discovering software components on
its platform, gathering metric and availability data for the platform and components, and performing resourc e
control actions. The agents communicate with the management server. Plugins are used to provide the agents
with the information needed to discover SAS resources installed on a platform.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-9
13
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The location of the SASHOME directory is established at the initial installation of SAS software
by the SAS Deployment Wizard. That location becomes the default installation location for any other
SAS software that is installed on the same computer.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-10 Chapter 2 Review ing SAS Platform Architecture
14
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
15
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-11
These recommendations assume that your SAS servers and spawners run as services under the
Local System account. If servers and spawners run under a different account, then grant that account
the permissions that are recommended for SYSTEM.
If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Full Control of the central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users
of the workspace server Full Control of the log directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-12 Chapter 2 Review ing SAS Platform Architecture
On UNIX and z/OS systems, the SAS Deployment Wizard automatically applies
the permissions that give appropriate access to the configuration directory
of the following:
• SAS Installer account (typically sas)
• sas group (which includes sas and sassrv)
In addition to the default security, you might want to give administrators
access to the configuration directory so that they can modify files and run
backups.
16
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
On UNIX and z/OS systems, the SAS Deployment Wizard automatically applies the appropriate
permissions. The default permissions are shown below.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-13
If you selected the customer installation option to place all of your log files in a single directory, then you
will need to grant the SAS Spawned Servers (sassrv) user Read, Write, and Execute permission to the
central log destination.
If you enable logging for a standard workspace server, then you will need to grant all users of the
workspace server Read, Write, and Execute permission to the log directory.
Make sure the SAS Spawned Server (sassrv) account is a member of the sas group, which has the
necessary permissions to server configuration files and log directories.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-14 Chapter 2 Review ing SAS Platform Architecture
Environment Snapshot
The Environment Snapshot captures and reports information about the state
of all the machines in your SAS deployment at a single point in time. This can
assist in debugging issues in a SAS deployment.
17
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Environment Snapshot:
Collects and displays the most current performance measures and configuration parameters from the
SAS Environment Manager database.
Executes live queries and gathers real-time usage information.
Can save all of the data to a text file.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-15
Exercises
Note: The Levn subdirectory contains configuration information and other files for a particular
installation instance. Lev1 is generally used for production environments. Additional
levels such as Lev2 and Lev3 can be used for environments that you install for purposes
such as development and testing. During installation, the SAS Deployment Wizard
enables you to select the level number.
2. Examining details_diagram.html
A 9.4 Standard Deployment plan is an XML-based description of the topology for your SAS system.
Similar to an architect’s floor plan, the plan describes the intended final SAS software environment.
The plan is used in the SAS software deployment process to “tell” the SAS Deployment Wizard
which software components to install and configure on each machine. A diagram of your customized
deployment plan, called details_diagram.html (optimized for Firefox) or
details_diagram_for_ie7.mht (optimized for Internet Explorer), comes with your custom plan file.
Note: See Installation Note 44320, Using deployment plans during a SAS ® installation.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-16 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.1 Exploring the Platfor m Architecture 2-17
k. Return to Environment Snapshot on the Analyze tab and select sasserver.demo.sas.com as your
system. Click the Logs tab to see that the tc runtime SASServer1_1 now has the logging file
location.
l. Click the Snapshot environment under Create a Snapshot.
m. When the processing is complete, click the Snapshots tab. A text file is created. Where is the
physical location?
Take note of the snapshot location displayed on the screen. The path is on the middle-tier machine
where SAS Environment Manager Server is located and is relative to the SAS configuration
directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-18 Chapter 2 Review ing SAS Platform Architecture
c. Use the blank diagram to indicate where the components are installed in your environment.
Draw additional boxes if necessary.
SAS Servers Middle Tier Data Sources
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-19
The SAS configuration directory under Levn will include which of the
following subdirectories?
20
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Objectives
• Explore the recommended start-up order for the SAS servers and spawners.
• Examine the recommended method of starting up the SAS servers and
spawners.
• Use SAS Environment Manager to operate the servers and spawners.
23
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-20 Chapter 2 Review ing SAS Platform Architecture
Required Servers
In order for clients to access the SAS environment, the following components
must be running on network-accessible machines:
24
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The SAS Object Spawner acts as a listener for SAS Workspace Servers, SAS Pooled Workspace Servers,
and SAS Stored Process Servers.
You might also have the following components on network-accessible machines: a SAS OLAP Server, a
SAS/SHARE server, a SAS/CONNECT spawner, and SAS Distributed In-Process Scheduler Job Runner,
a SAS Deployment Tester server, which is used to run the SAS Deployment Tester utility.
SAS middle-tier servers include the SAS Web Application Server, SAS Web Server, SAS Environment
Manager Server, and the supporting JMS Broker and Cache Locator components.
Note: Because of dependencies, it is important to start the servers in the correct order. Processes on the
server tier need to be started before the middle tier. The recommended order is described on the
following slides.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-21
Note: All of the servers except the SAS Web Infrastructure Platform Data Server depend on the
metadata server.
Note: In clustered configurations, make sure that all the metadata server nodes are running before
you start dependent components.
By default, the SAS Web Infrastructure Platform Data Server is backed by PostgreSQL and is provided
as an alternative to using a third-party DBMS. The server cannot be used as a general purpose data store.
OLAP cubes are logical sets of data that are organized and structured in a hierarchical multidimensional
arrangement. Cubes are queried by using the multidimensional expression (MDX) language.
The SAS Object Spawner is a process that runs on workspace server, pooled workspace server, and stored
process server host machines. It listens for requests for these servers, authenticates clients, and launches
server processes as needed. In a pooled workspace server configuration, the object spawner maintains
a collection of reusable workspace server processes that are available for clients. If server load balancing
is configured, the object spawner balances workloads between server processes. The object spawner
connects to the metadata server to obtain information about the servers that it manages.
The SAS/SHARE server provides concurrent Read and Write access to tables.
SAS/CONNECT servers provide computing resources on remote machines where SAS Integration
Technologies is not installed.
The SAS Deployment Tester Server is a diagnostic tool used for assessing a SAS deployment. After
an installation or upgrade, you can use the Deployment Tester to ensure that your SAS software and
critical components have been installed and configured correctly. The Deployment Tester Server is
installed on each server tier machine in the SAS deployment.
The Job Execution Service provides a common, standardized way for web applications to create, submit,
store, retrieve, and queue jobs for SAS servers. The SAS Distributed In-Process Scheduler Job Runner
can be used for running these scheduled jobs.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-22 Chapter 2 Review ing SAS Platform Architecture
26
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Start-Up Parameters
Start-up parameters for SAS servers are stored in sasv9 configuration files.
These SAS system options take effect each time you invoke SAS.
27
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-23
On Windows, the SAS servers and services are installed as Windows services
that have these features:
• start automatically when you restart the machines
• are named S A S [deployment-name-and-level] <server-context -> server-name
• can be managed from a command line using SAS provided batch scripts:
n et start|stop|pause|continue “service-name”
• have built-in dependencies to ensure that they start up in the correct order
on each machine
28
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Note: In a typical deployment, the Windows services would have a start-up type of Automatic.
The classroom image uses a batch file to start services and has a start-up type of Manual.
Note: Service dependencies are not set up by the SAS Deployment Wizard for the SAS Web
Application Server. See Installation Note 52100: http://support.sas.com/kb/52/100.html.
29
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-24 Chapter 2 Review ing SAS Platform Architecture
The script is located in the top level of the configuration directory (for
example, SAS-configuration-directory/Lev1).
Some servers are started directly by the sas.servers script. Other servers are started by the sas.servers. pre
and sas.servers.mid scripts, which are called by sas.servers. The table below shows the script names,
the components that are included in each script, and the order in which the components are started.
Beginning with the first maintenance release for SAS 9.4, the sas.servers.mid script starts the SAS Web
Server before the SAS Web Application Server. This start-up order helps ensure optimum performance
when web applications are initialized.
Script Tier Start-up Order
sas.servers.pre (called by server tier SAS Web Infrastructure Platform Data Server
sas servers)
sas.servers server tier SAS Metadata Server, SAS OLAP Server, SAS Object
Spawner, SAS/SHARE server, SAS/CONNECT spawner,
and SAS Distributed In-Process Scheduler Job Runner
sas.servers.mid (called middle tier JMS Broker, Cache Locator, SAS Web Server, SAS Web
by sas.servers) Application Server, and SAS Environment Manager server
sas.servers.mid (called server and SAS Environment Manager Agent
by sas.servers) middle tier
If needed, you can use the sas.servers.pre or sas.servers.mid script to start a subset of servers. However,
make sure that you follow the start-up order that is shown in the preceding table.
Other servers might also be included in the scripts, depending on which SAS applications you configured.
Caution: You should not directly update the sas.servers script. If the script needs to be updated
(for example, to add new servers or remove servers), then regenerate the script by using
generate_boot_scripts.sh. For details, see “Regenerating a sas.servers Script” in SAS®
9.4 Intelligence Platform: System Administration Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-25
The s a s .servers script does not take into account the correct start-up order of
SAS servers across multiple machines. Technical Support does supply a utility
that manages multi-tiered SAS services for UNIX and Linux deployments.
1 2 3
Middle Tier
Me tadata Server S AS Servers
SAS Web Infrastructure Platform SAS Web Application Server
SAS Environment Data Server
Manager Agent SAS Object Spawner
SAS Environment SAS Web Server
SAS OLAP Server (http server)
SAS/CONNECT Spawner Manager Agent
SAS/SHARE Server SAS Environment
JMS Broker
SAS Environment Manager Server
Manager Agent
Cache Locator
31
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
See Usage Note 58231, “Utility that manages multi-tiered SAS services for UNIX and Linux
deployments” for more information: http://support.sas.com/kb/58/231.html
Also, see the SAS Global Forum paper “An Oasis of Serenity in a Sea of Chaos: Automating the
Management of Your UNIX/LINUX Multi-tiered SAS Services”:
http://support.sas.com/resources/papers/proceedings17/SAS0339-2017.pdf
You can start and stop the following servers from SAS Environment Manager:
• SAS Metadata Server
• SAS OLAP Server
• SAS Object Spawner
• SAS/CONNECT Spawner
• SAS Web Application Server
• SAS Web Server
• SAS Deployment Agent
32
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Note: In SAS Environment Manager, SAS Web Application Server appears as sasserver.demo.sas.com
tc Runtime SASServer[instance number].
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-26 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-27
5. In the list of servers, click sasserver.demo.sas.com Object Spawner - sasserver. You need to go to
the next page for the object spawner.
6. Click Control.
7. You can issue control commands from this location. You can schedule a control action. An example of
this is if you need to recycle a SAS Web Application Server at a low usage time.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-28 Chapter 2 Review ing SAS Platform Architecture
8. Check the status of that server from the main monitoring page. Select Resources Browse
Servers and verify that the Stop control action worked properly. The status of the object spawner
changes to not available. However, the change in status does not show up immediately.
Or you can see a bubble at the bottom of the monitoring page of the object spawner, which signifies
an event just occurred. Clicking the bubble shows the event.
9. Start the object spawner. (You can either use the Quick Control action in SAS Environment Manager
or perform the appropriate action on the server machine.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-29
Exercises
2. Navigate to /opt/sas/config/Lev1. Use the sas.servers script to verify the status of the
SAS servers: ./sas.servers status. (The valid commands are stop, start, restart, and
status.)
1. On your Windows Server machine, it is fastest to use the Windows Services application to
check status and to stop and start SAS servers. Click the Services icon in the system tray.
With Services selected, scroll down to the SAS services. Verify that the status for all the
SAS services is Started.
2. Check the built-in Windows Service dependencies for the SAS Metadata Server.
Right-click SAS[Config-Lev1] SASMeta-Metadata Server and select Properties.
Note: In a typical deployment, the Windows services would have a start-up type of
Automatic. The classroom image uses a batch file to start services.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-30 Chapter 2 Review ing SAS Platform Architecture
1. Note: You would use the Windows Services application to shut down and then restart all of
the servers in the correct order in a typical deployment.
The classroom image uses a batch file to start and stop Windows Services.
In order to make sure that servers in our environment are started up in the correct order, first
use the stopSAS script. The scripts are located here: D:\scripts.You can monitor the
stopping and then starting of the servers via the command window.
This displays the services being stopped. A message is displayed when the script is done.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.2 Operating SAS Servers and Spaw ners 2-31
Was the validation successful? If not, verify that the object spawner is running.
c. View the details of the validation. What autoexec file was executed at server initialization?
Note: An autoexec file contains SAS statements that are executed immediately after
SAS initializes the server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-32 Chapter 2 Review ing SAS Platform Architecture
Objectives
37
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
38
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Environment Manager surfaces the following key monitoring and management capabilities from
Hyperic:
Resource discovery automatically discovers resources and software, and enables the detailed and
customized monitoring of them.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-33
Personal dashboards can display summaries and high-level monitoring, based on user IDS or on role
memberships.
Metric collection collects a standard set of metrics that reflect availability, performance, utilization, and
throughput.
Event tracking monitors log and configuration files and records events of interest for most server types.
Resource control: You can use SAS Environment Manager for remote control and administration of
your software resources (for example, starting, stopping, or pausing a server).
Alerting and escalation: You can set alerts on metrics and configure actions to perform when an alert
fires. For example, when an alert fires, the system can issue email notifications, set SNMP traps,
perform a control action, or issue a communication to another management system.
Visualizations are in the form of graphic displays for server monitoring, memory/disk, and/or processor
usage.
Live data: Hyperic provides Live Exec views for all platform types. You can run a variety of real-time
system commands to obtain the live system status.
SAS Environment
Service C Manager web
SAS Environment application SAS Environment
Service D
Manager Agent Manager
SAS Servers Database
Object
Spawner
39
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-34 Chapter 2 Review ing SAS Platform Architecture
SAS Environment Manager Database is a repository for all of the resource information that is known to
SAS Environment Manager. It uses the SAS Web Infrastructure Platform Data Server, which is based on
PostgreSQL. After resources are discovered and added to your inventory, the database stores data that is
collected from the agents about the resources.
SAS Environment Manager Application is the web-based interface to the SAS Environment Manager
system. Administrators can use the web-based interface to view this data, and thereby obtain a host of
information about the various resources that are running in the system. The interface also enables
administrators to set up alerts when specified events occur, and generate reports that summarize the state
of the platform. SAS Environment Manager also enables administrators to control the servers, via the
agents, and perform such actions as starting and stopping servers and modifying the configurations of
various servers. The application also includes a framework to add functions specific to SAS, such as
server, library, and user administration.
Plug-ins enable agents to discover and monitor resources in a SAS environment. Each plug-in is
associated with a specific resource, and provides the agents with the instructions needed to recognize the
resource during auto-discovery and to monitor and collect metrics for the resource.
The basic architecture of SAS Environment Manager consists of an agent process running on each
platform in a SAS deployment that communicates to a central management server. Agents monitor
detected resources and periodically report resource metrics back to the server. The server provides an
interface for interacting with those agents, managing the data collected by the agents, distributing plug-
ins, creating alerts and escalation procedures based on collected metrics, and graphing the metrics
provided through the installed plug-ins.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-35
Metrics are the measurements taken by the SAS Environment Manager agents, on the various computing
resources being monitored. Metrics can be static numbers, frequencies over some time period,
percentages, or averages over some time period. They are periodically sent to the server, and stored in the
database.
P l atform Platform
Machine, OS, network
switch, or SAS deployment
Server
S erv er S er v ice
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-36 Chapter 2 Review ing SAS Platform Architecture
Compatible Groups These groups contain selected instances of a single type of resource (for
example, SAS Object Spawners or Visual Analytics nodes). Because every
member of a compatible group is uniform, the metrics collected across the group
can be aggregated for reporting purposes.
Mixed Groups These are user-created groups that can contain multiple types of resources, such
as other groups, platforms, servers, and services. Availability is the only metric
that is available for a mixed group.
I IApplication These groups are sets of selected services, usually running on different servers
on multiple platforms that together fulfill a single business purpose. Creating
application groups enables you to manage your infrastructure from an
application perspective, as opposed to a hardware perspective.
Metrics
43
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-37
The dashboard is your first view when you start SAS Environment Manager.
It provides a configurable graphical display of important items to be watched.
The administrator is able to do the following:
• focus on a few specific resources and their availability
• focus on specific metrics that are most important for a given resource
• compare similar resources on a specific metric
• organize alerts
• create multiple dashboards for different purposes (for example, a “basic
monitoring” dashboard or a “troubleshooting” dashboard
44
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Each user can access their own personal dashboard as well as a dashboard for each of the native roles of
which the user is a member. Each dashboard can be customized to meet the needs of the user or role.
The dashboard is divided into two columns. The portlets can be rearranged, deleted,
and added back in. Some portlets can appear only once, whereas other portlets can
appear more than once.
Left Column Only Right Column Only
Availability Summary * Auto-Discover
Saved Charts * Metric Viewer *
Summary Counts Group Alerts Summary *
Recently Added Control Actions
Search Resources Favorite Resources *
Recent Alerts *
Problem Resources *
45
No te: The portlets with an asterisk (*) are specifically for monitoring.
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The portlets that can appear more than once are ones that display information about a selec ted group of
resources. Each instance of the portlet displays information about different resources. The portlets that
can appear only once display information for the entire environment.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-38 Chapter 2 Review ing SAS Platform Architecture
Available Portlets
Auto- Lists new and changed resources and enables you to add them Right One
Discovery to the inventory. Check this portlet after you install a plug-in to
accept the newly discovered resources into the inventory.
Control Lists recently performed actions on managed resources and Right One
Actions upcoming scheduled actions. Also indicates which quick control
actions are most frequently performed.
Recent Lists the most recently triggered alerts for selected resources. Right Multiple
Alerts This portlet refreshes every minute.
Recently Lists platforms that have been recently added to inventory. Left One
Added
Search Enables you to search for resources. The search supports case- Left One
Resources insensitive, partial-term queries for a specified inventory type
Summary Displays a count of managed resources by inventory type. Only Left One
Counts those resources that you are allowed to access are displayed.
Group Displays traffic light indicators for resource alerts and group Right One
Alerts alerts for selected groups. To view a list of alerts that have fired
Summary for a group, click that group’s traffic light. To view a group
page, click that group’s name.
Metric Displays selected metrics for selected resources. This portlet Right Multiple
Viewer refreshes every minute.
Problem Lists all resources that have problem metrics and provides Right One
Resources details, including availability status, number of alerts per
resource, number of times the metric has been out of bounds,
and the most recent time that the out-of-bounds metric was
collected.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-39
Although native user definitions are internal to SAS Environment Manager, they are mapped to user
definitions created in SAS metadata. Native users are created by first creating the user definition in
metadata and then synchronizing the user information with SAS Environment Manager. You cannot
create or edit native user definitions in SAS Environment Manager directly.
Native roles enable you to grant capabilities and permissions for actions in SAS Environment Manager to
selected users. For example, an administrator role could be granted full permissions for all resource types
and the ability to acknowledge and fix alerts, whereas a guest role could be denied the ability to fix or
acknowledge alerts and have only Read permission for resources. Assigning a native role to a native user
determines the actions that the user can perform in SAS Environment Manager.
Each native role also has its own unique dashboard page. Each user has access to his or her own personal
dashboard page and to the dashboard pages of all native roles of which he or she is a member.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-40 Chapter 2 Review ing SAS Platform Architecture
/SASLogon
application Group: SAS EV
Super Users
(sasadm@saspw)
SAS EV Server
URL: http:<machine>:7080
47
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-41
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-42 Chapter 2 Review ing SAS Platform Architecture
3. Dashboard: The Dashboard page is the initial view when a user logs on. It contains two columns of
portlets. Each portlet contains the resources and metrics that are most important to your environment.
The Dashboard page is customized by deleting, adding back, or rearranging the various portlets
that you see.
Selecting an entry in a portlet takes you to more detailed information about the entry.
Each user can access his or her own personal dashboard as well as a dashboard for each
of the native roles of which the user is a member. Each dashboard can be customized to meet
the needs of the user or role. To choose a different dashboard, select the one that you want
to use from the Select a Dashboard field.
4. Resources: Click Resources Browse. The Resources page enables you to monitor, configure, and
manage inventory resources, organized by type (for example, Platforms, Servers, Services).
The buttons on the left of the resource name ( ) enable you to quickly jump to the Monitor,
Inventory, or Alerts page for the resource. You can also click the resource to open the Details page
that includes links to Monitor, Inventory, or Alerts pages.
The number of resources extends to two pages. You can change items per page in the bottom right
of the interface, or use the black arrow to move to the second page of resources.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-43
5. Click Platforms (2). In this installation, there are two platforms: the machine and the
SAS Application Server Tier.
6. Click sasserver.demo.sas.com. The details about this resource, the OS platform, are displayed. You
can get similar details for any resource (a platform, a server, or a service) by clicking it. The details
for each resource differ somewhat, depending on what type of resource it is.
Across the top, basic machine specifications are given: OS, CPU speed, architecture, IP address,
RAM, and more.
Notice the five links on the upper left: Monitor, Inventory, Alert, Control, and Views. By default,
you are on the Monitor page. A variety of metric data is displayed, both in numeric and graphic
format, to enable you to examine detailed information about the resource’s operation.
The fastest way to check the status of a resource is to use the availability bar, which is above the
indicator charts. The availability bar displays a color-coded dot that represents the availability
during a time slice. The length of each time slice depends on the display range that you select (for
example, if you display the past eight hours of data, each dot corresponds to approximately eight
minutes). The percentage of time that the resource was available is displayed at the end of the
availability bar.
The dots are color-coded using the following format:
Green = 100% availability
Yellow = Partial availability; between 0% and 100%
Red = 0% availability
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-44 Chapter 2 Review ing SAS Platform Architecture
To the left of the indicator charts, there are links to other resources that are under this resource in
the hierarchy.
The events bar is displayed below the indicator charts. It is similar to the availability bar, with dots
representing time slices. The bar displays a dot if an event occurs during a time slice. If no event
occurs, the bar remains black.
7. On the bottom left of the page, click the down arrow next to Problem Metrics and select All Metrics
to display a list of all available metrics for this resource. Click the arrow next to a metric to add the
chart to those displayed on the page.
8. Analyze: The Analyze pages contains the Alert Center, Report Center (only if you have enabled
SAS Environment Manager Service Architecture), Environment Snapshot, Event Center, and
Operations Center. (You might see a Monitoring Center, which is part of the Job Monitor service.
It would contain SAS jobs submitted by the Data Management solution.)
An event is any type of activity in a resource that you are monitoring.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-45
9. Administration: Click the Administration tab. This page enables you to manage resource
definitions in SAS metadata. The page contains a set of modules, each of which enables you to
manage a type of metadata definition. The application displays the Folders module by default.
10. To switch to a different module, click the Side menu button , which displays a list of all of the
available modules.
In the first exercise, you add Ahmed to a SAS Environment Manager group in metadata and then it is
synchronized to the corresponding role in SAS Environment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-46 Chapter 2 Review ing SAS Platform Architecture
13. Enter SAS in the Search field to get to SAS Environment Manager Super Users.
14. Right-click SAS Environment Manager Super Users and select Open to open the metadata
properties.
15. From the Basic Properties drop-down menu (accessed by clicking the arrow), select Members.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-47
16. Add Ahmed to the group by clicking the Edit button in the upper right toolbar.
17. Move Ahmed over from the Available identities list to the Direct members list. Click OK.
18. Do not click Close until you save your changes by clicking the Save button . Click Close.
19. The Administration page is a separate web application, as you can see by the URL.
Return to SAS Environment Manager by clicking its name on the Favorites toolbar.
20. Click the Manage tab. The pages under Manage control how the SAS Environment Manager
application works.
Authentication/Authorization: enables the management of users and roles. (These are not
the same as the users and roles in SAS metadata that control access to SAS metadata objects,
although SAS Environment Manager users are synchronized with users that are defined in metadata
and added to specific groups.)
Server Settings: change settings for the SAS Environment Manager server; set default monitoring
and alerting definitions for all types of platforms, servers, and services; define notification or
logging actions that are taken for alerts; list currently loaded plug-ins; and enable deleting or adding
plug-ins.
Plug-ins: contain functions that are added to the base functionality of SAS Environment Manager
to perform a specific action.
Licenses Usage Status: displays the number of licenses in use on the platform as well as the total
number of licenses that are permitted.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-48 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-49
Exercises
8. Adding a SAS Administrator to the Super User Role in SAS Environment Manager
The internal account sasadm@saspw is the default account for signing on to SAS Environment
Manager. In order to have other users such as Ahmed access SAS Environment Manager, the user
needs to be added to a SAS Environment Manager group in metadata and then synchronized to the
corresponding role in SAS Environment Manager.
a. Sign in to SAS Environment Manager as sasadm@saspw using the password Student1 if you
have not done so from the previous exercise.
b. Go to the Manage page and select List Users to see a list of the current users in Environment
Manager. Three users will be listed.
c. Click List Roles to see the Environment Manager Roles. There should be three.
These three roles map to three user groups created in SAS metadata.
d. Add Ahmed to the SAS EV Super User group in metadata.
Go to the Administration page and select Users from the Side menu.
e. Filter on Group.
f. Enter SAS in the Search field to get to the SAS Environment Manager Super Users.
g. Right-click SAS Environment Manager Super Users and select Open to open the metadata
properties.
h. From the Basic Properties drop-down menu, select Members.
i. Add Ahmed to the group by clicking the Edit button in the upper right toolbar.
j. Move Ahmed from the Available identities list to the Direct members list. Click OK.
k. Do not click Close until you save your changes by clicking the Save button . Click Close.
l. You do not need to synchronize users from the Manage page. Instead, Sign out as sasadm@saspw
and sign back in as Ahmed to verify that he now has access to SAS Environment Manager. Stay
signed in as Ahmed for the rest of the exercises.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-50 Chapter 2 Review ing SAS Platform Architecture
b. Click sasserver.demo.sas.com, and that takes you to the same view as Resources Browse
Platform sasserver.demo.sas.com.
What is the RAM for this machine? What is the CPU speed?
The RAM field (in the upper right) specifies the total memory for the host.
The CPU Speed field (in the upper left) specifies the number and speed of the processors on the
machine.
c. Click Metric Data to view the table of metrics for the host.
Use these metrics to evaluate memory usage for the host:
Total Memory (this value will match the value of the RAM field, although RAM is specified in
MB and Total Memory in GB)
Used Memory
Used Memory (-buffers/cache)
Percent Used Memory
Percent Free Memory
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-51
d. Click Indicators to view these metrics in chart form. The charts can be useful for evaluating
changes in memory usage over time, for example.
Note: If the chart for one or more of the metrics is not displayed, select the Problem Metrics
field on the bottom left of the page and change the selection to All Metrics. Move the
metric that you want added in the Indicators display by clicking the black arrow next to
the metric
e. By clicking the metric, a chart is brought up with more detailed information. Scroll to the bottom
of the metric charts and click Zombie Processes. This is one metric at the Platform level that can
indicate too many “runaway” or “stuck” processes. If there are any numbers above zero
consistently, it might be time to reboot the machine when there is opportunity to do so.
You have options within the chart view such as editing ranges, saving a chart to dashboards, and
defining an alert for this metric.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-52 Chapter 2 Review ing SAS Platform Architecture
f. Click the down arrow next to Map to see a visual representation of resources and the next level of
parent and child resources. How many servers are under this machine platform?
Note: The map for a platform displays the servers under the platform, and the map for a server
displays the services under the server. Servers as well as services under the platform are
also listed on the left of the Monitor page.
g. Click Views Live Exec.
h. Select a query to run from the drop-down menu, such as df and top.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.3 Exploring SAS Environment Manager 2-53
On the Resources page in SAS Environment Manager, where would you find
the SAS Object Spawner resource?
a. Services
b. Servers
c. Platforms
d. Mixed Groups
51
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
a. You can have only one SAS Environment Manager Agent in a SAS
deployment.
b. The SAS Environment Manager Agent summarizes the metric
information and writes it to the PostgreSQL database.
c. The SAS Environment Manager Agent can be monitored under Platforms
in SAS Environment Manager’s Resource page.
d. You will have a SAS Environment Manager Agent running on every
platform where SAS components are configured in your SAS deployment.
53
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-54 Chapter 2 Review ing SAS Platform Architecture
Objectives
56
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
continued...
SAS Environment Manager Service Architecture
57
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-55
Data Mart
Audit, Performance
Measurement Data
E xt ended Mo nitoring (APM)
Best Practices
• Predefined alerts
• Automate resource Agent-Collected
configuration Report Center
• Additional resource groups Metrics (ACM)
• Metric collection adjustments
• Additional resources
• Event importing and exporting VA auto-load Feed Kits Data
58
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-56 Chapter 2 Review ing SAS Platform Architecture
59
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-57
SAS Visual Analytics data feed: Data from the data mart can be easily loaded into SAS Visual Analytics.
If the data feed option is enabled in SAS Environment Manager, selected data tables from the data mart
are copied to a specified drop zone directory. SAS Visual Analytics can then automatically load the tables
from the drop zone into the application. For more information, see “Feeding Data from the Data Mart into
SAS Visual Analytics” in SAS® Environment Manager 2.5: User’s Guide.
Federated data mart: If you are using a data mart on multiple deployments in your organization, you
can create a federated data mart to consolidate analysis and monitoring for all of the deployments. The
federated data mart collects into one location the ACM data from the data marts of each deployment. Each
deployment still retains its own data mart, but the federated data mart enables you to easily compare the
metric data across your organization. For more information, see “Creating a Federated Data Mart” in
SAS® Environment Manager 2.5: User’s Guide.
ETL jobs are run once per 24-hour period (overnight by default). This process collects and standardizes
the data and put it into the data mart. Data is stored for 60 days by default. The data is then used to drive
reports from the Report Center or by SAS Visual Analytics for further analysis.
ACM ETL
The Agent Collected Metrics data is loaded into the SAS Environment
Manager database. The ACM ETL process then copies data from the
database, standardizes the data, and loads it into the data mart.
S AS Web
S AS Environment
ACM Infrastructure
Ma nager Data Mart
Pla tform Database
(E VManager)
60 rolling days
11 rolling days of data
of data
60
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
ACM data is processed and loaded into the data mart in these steps:
1. Metric data is collected from the SAS Environment Manager agents and sent to the SAS Environment
Manager database.
2. At specified intervals, the ACM ETL process runs. The process copies data from the database,
standardizes the data, and loads the data into the data mart.
3. ACM data in the data mart is available for analysis and reporting.
The Report Center contains reports that are produced by ACM that display the following types of
information:
response time for SAS HTTP web services
workload, CPU usage, and memory usage for each platform in your environment
usage and response information for file mounts
total number of clients per minute on the SAS Metadata Server machine
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-58 Chapter 2 Review ing SAS Platform Architecture
APM ETL
The APM ETL process extracts performance metric information from various
SAS server logs, HTTP access logs, SAS job logs, and SAS metadata audit data
and loads that information into the data mart.
61
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
APM data is processed and loaded into the data mart in these steps:
1. The APM ETL process scans the components in your SAS system for log files and includes the logs
that it finds that are supported by the APM ETL. By default, the log discovery process runs every 15
minutes throughout each day, so any new logs created by new components in your SAS environment
are discovered and included in the log collection process. You can also choose to run the log
discovery process manually though a control action, which enables you to start collecting log data
sooner than if you waited for the scheduled process. See Manually Discovering and Collecting
Logs in SAS® Environment Manager 2.5: User’s Guide, Second Edition.
Note: SAS logs are discovered and collected only if they are in default locations. If you customize
the log location, SAS Environment Manager cannot discover or collect the log.
2. The discovered logs are collected locally on the machine where they are created and stored in the
landing zone directory, which is [LevelRoot]/Web/SASEnvironmentManager/emi-
client/LandingZone. By default, the logs are collected nightly, but they can be collected manually as
often as every 30 minutes in order to obtain an update view of the log information.
3. The locally collected logs are collected from the local landing zone directories to a central landing
zone directory, which is located on the SAS Environment Manager Enablement Kit Server. This
machine is the machine containing the alphabetically first SAS Application Server context that
contains a SAS Workspace Server. Beginning with the third maintenance release after SAS 9.4, you
can use SAS Deployment Agent to automatically copy the log files from the local landing zone
directories to the central landing zone directory. You can configure the SAS Deployment Agent in
unsecured mode, or you can use unsecured mode or NFS mounts and shares and symbolic links.
Beginning with the fourth maintenance release after SAS 9.4, you can use the SAS Deployment
Agent in secure mode to copy the log files. You can also set up file mounts or NFS shares to the local
landing zone directories so that the central landing zone directory has access to the log files whenever
they are saved to the local landing zone directories. After the logs are collected in the central landing
zone directory, they are deleted from the local landing zone directories.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-59
4. The ETL process parses the logs in the central landing zone directory, puts the information into a
standard format, and archives the original log files. The data is then put into the appropriate tables in
the data mart.
Caution: Enabling the APM ETL process causes a separate log to be created for each spawned
SAS Workspace Server. You must plan for the large number of log files that this process
could create. A best practice is to create a daily archive file of the day’s log files and then
to copy the file to archive storage.
Report Center
62
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-60 Chapter 2 Review ing SAS Platform Architecture
The reports are located at Stored Processes Products SAS Environment Manager
Dynamic Reports Datamart.
ACM Reports
These stored processes generate reports that display and chart detailed metrics for the computing
resources in your environment. They are generated by data from ACM ETL processes. Here are some
example reports:
File Mounts Summary Report
Metadata Server Total Clients per Minute
Platform Workload 1 Min Average
The reports are located at Stored Processes Products SAS Environment Manager
Nightly Reports ACM Reports.
ARM Reports
These stored processes generate reports that display and chart detailed metrics and information for
SAS jobs and processes. They are generated by data from APM ETL processes. Here are some
example reports:
Resource – Procedure Usage
User – Server Activity by User
Workspace Server – Top Users by Memory Consumption
The reports are located at Stored Processes Products SAS Environment Manager
Nightly Reports ARM Performance Reports.
Note: In ARM reports, time metrics are charted in seconds and memory capacity metrics are charted in
kilobytes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-61
Event Reports
These stored processes generate reports that display information and metrics about the events that are
generated and recorded in the data mart. They are generated by data from ACM ETL processes. Here are
some example reports:
Event Summary Chart
Event Summary Counts
Log Event Details
The reports are located at Stored Processes Products SAS Environment Manager
Nightly Reports Event and Alerts.
Sample Reports
These stored processes generate reports that contain samples of different types of report styles. They are
generated by data from APM ETL processes. Here are some example reports:
Pie Chart CPU Usage Profile by Platform
Daily Resource Usage Summary
Top 5 Ranked on CPU Usage
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-62 Chapter 2 Review ing SAS Platform Architecture
The reports are located at Stored Processes Products SAS Environment Manager
Nightly Reports Sample Gallery.
Report Center
63
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Report Center
Server Activity:
• Workspace Server Top 10 Memory Users
• Server Usage by User
• Data Usage
• Directory Usage
• Procedure Usage
64
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-63
Report Center
65
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
66
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
You must enable Extended Monitoring to use the SAS Environment Manager Data Mart. Instructions can
be found in these two places:
the SAS Environment Manager configuration directory:
<configdir>/Lev1/Web/SASEnvironmentManager/emi-framework/
SAS_Environment_Manager_Service_Architecture_Quickstart.pdf
“Initializing and Enabling the Service Architecture” in SAS® Environment Manager 2.5: User’s Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-64 Chapter 2 Review ing SAS Platform Architecture
Exercises
11. Reviewing Service Architecture Enablement Steps and Locating Logs Created by Enabling and
Initializing the APM ETL
a. Navigate to the emi-framework directory where the instruction document
SAS_Environment_Manager_Service_Architecture_Quickstart.pdf is located.
For
11.Linux Server
/opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework
For
12.Linux Server
Navigate to /opt/sas/config/Lev1/SASApp/WorkspaceServer.
For Windows Server
Navigate to D:\SAS\Config\Lev1\ SASApp\WorkspaceServer.
2) Open the PerfLogs directory. Logging of this server causes a separate log file to be created in
this directory for each spawned SAS Workspace Server. This means that there is a log file for
each session of SAS Enterprise Guide or SAS Data Integration Studio users.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-65
With the enablement and initialization of the APM ETL package, the SAS Application server
environment is modified to enable ARM (Application Response Measurement), as well as the
activation of SAS logging facility loggers and log appenders, to support the ARM-enabled
SASApp deployment.
Caution: Be aware of the potential for the large number of log files that can be created in
this directory. You can create a daily archive of the logs in a ZIP or TAR file and
then copy the daily archive to another storage location. This process enables you
to manage the large number of log files while maintaining IT best practices for
retaining usage logs.
Refer to the following notes:
Problem Note 52668, “A SAS® Environment Manager agent either fails to start, or it starts and
does not send data”:
http://support.sas.com/kb/52/668.html
Usage Note 54744, “Frequently asked questions about the SAS ® Environment Manager in the
UNIX operating environment”:
http://supportprod.unx.sas.com/fusionpreview/previewhtml/54/744.html
12. Running Stored Processes from the Report Center
a. Select Analyze Report Center. The Report Center is displayed in a separate window or tab in
your browser. The Report Center uses the SAS Stored Process web application, so the window is
titled Stored Processes.
To create a report, click the stored process entry. The viewing pane of the Report Center window
displays prompts for the information in the report. You can select the categories of inputs on the
left side of the display area to fully customize the report. Click Run to produce the report.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-66 Chapter 2 Review ing SAS Platform Architecture
b. Run a report that shows a full listing of available reports. Select Products SAS Environment
Manager Dynamic Reports Datamart Report Center Report Listings.
c. Run a report that shows a full listing of data mart tables and variables. Select Products SAS
Environment Manager Dynamic Reports Datamart Data Mart Proc Contents Full
Listing.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-67
d. Run a report that shows all alert definitions. Select Products SAS Environment Manager
Dynamic Reports Datamart All Alert Definitions.
Note: If you do not have the Services Architecture initialized, you can create your own event
importer by going to Resources Platforms (select platform) Tools Menu
New Platform Service. Under Service Type, select SAS Event Importer and then fill in
the same fields as shown above.
e. Click OK to exit the properties of the event importer.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-68 Chapter 2 Review ing SAS Platform Architecture
For
5. Linux Server
/opt/sas/Workshop/spaft
The program CreateEvent.sas generates an event, using the %evevent macro.
D:\Workshop\spaft
The program CreateEvent.sas generates an event, using the %evevent macro.
The SAS macro library with sample macros used with the Service Architecture is in the following
location:
Linux Server: /opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework
Windows Server: D:\SAS\Config\Lev1\Web\SASEnvironmentManager\emi-framework
g. View the contents of the program through a text editor, but do not make changes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.4 Exploring SAS Environment Manager Service Architecture 2-69
Note: The runSASJob.sh script sets up the SAS environment needed to run the job.
i. In SAS Environment Manager, select Analyze Event Center. The event should appear in a
few minutes.
j. Check the sasev.events file located here:
For
7. Linux Server
/opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework/Events/sasev.events
The event is included in the file. You can open up the file with the command gedit sasev.events
or use WINSCP application.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-70 Chapter 2 Review ing SAS Platform Architecture
c. In the new exporter, select Configuration Properties and enter the following properties:
1) Enable Event Exporter: select
2) Events File Name: For Linux Server: /opt/sas/config/Lev1/AppData/EventsOut.txt
For Windows Server: D:\SAS\Config\Lev1\AppData\EventsOut.txt
3) User Name: Ahmed
4) Password: Student1
Click OK.
d. Generate an event by restarting the object spawner.
1) Go to Resources Servers sasserver.demo.sas.com Object Spawner -sasserver.
2) Click Control in the Quick Control section.
3) Change Control Action to Restart and click the arrow to the right.
e. Go to Analyze Event Center to verify that the events occurred.
f. Navigate to the following text file to see the events being written to it:
For
13.Linux Server
/opt/sas/config/Lev1/AppData/EventsOut.txt
For Windows Server
D:\SAS\Config\Lev1\AppData\EventsOut.txt
Note: The event exporter does not allow subsetting of the events that are exported. All events
that SAS Environment Manager generates are written to the file.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-71
2.5 Solutions
Solutions to Exercises
1. Locating the Installation and Configuration Directories of the SAS Deployment
a. On the server machine, locate the installation directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-72 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-73
Note: The Levn subdirectory contains configuration information and other files for a particular
installation instance. Lev1 is generally used for production environments. Additional levels,
such as Lev2 and Lev3, can be used for environments that you install for purposes such as
development and testing. During installation, the SAS Deployment Wizard enables you to
select the level number.
2. Examining details_diagram.html
A 9.4 Standard Deployment plan is an XML-based description of the topology for your SAS system.
Similar to an architect’s floor plan, the plan describes the intended final SAS software environment.
The plan is used in the SAS software deployment process to “tell” the SAS Deployment Wizard
which software components to install and configure on each machine. A diagram of your customized
deployment plan, called details_diagram.html (optimized for Firefox) or
details_diagram_for_ie7.mht (optimized for Internet Explorer), comes with your custom plan file.
Note: See Installation Note 44320, Using deployment plans during a SAS ® installation.
a. On the server machine, locate and open the details_diagram.html file.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-74 Chapter 2 Review ing SAS Platform Architecture
b. Where is SAS Management Console installed? Configured? For both, server and middle tier
machine and client machine
Where is SAS Foundation software installed? Server and middle tier machine
Configured? It is not configured.
Where is SAS Enterprise Guide installed? Client machine
Configured? It is not configured.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-75
f. Click the Logs tab. A comprehensive list of server log locations is displayed. Notice that many of
the middle tier servers do not have log tracking enabled, whereas the SAS servers do.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-76 Chapter 2 Review ing SAS Platform Architecture
g. You can change this by going to a resource inventory property and enable log tracking. Go to
Resources Browse Servers and select sasserver.demo.sas.com tc Runtime
SASServer1_1.
h. Click the Inventory tab and scroll down to Configuration Properties and click Edit.
i. Check server.log_track.enable and change the value of server.log_track files to logs/server.log.
j. Click OK.
Many of the server-level resources enable the administrator to set up log tracking. This is a
method of monitoring log files for specific messages, such as severe errors or other critical
information. By doing this, you do not need to open the log files directly. You can access only the
portion that you need from the user interface. These log file entries are one type of event that can
be configured and customized in SAS Environment Manager.
For SAS Servers, a special file, sev_logtracker_plugin.properties, is automatically set up by the
SAS Deployment Wizard. For servers that are not SAS servers, you have to turn on log tracking
and specify the log messages that you want to capture.
Note: Setting up log tracking will be covered in a later chapter.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-77
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-78 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-79
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-80 Chapter 2 Review ing SAS Platform Architecture
2. Check the built-in Windows Service dependencies for the SAS Metadata Server.
Right-click SAS[Config-Lev1] SASMeta-Metadata Server and select Properties.
Note: In a typical deployment, the Windows services would have a start-up type of
Automatic. The classroom image uses a batch file to start services.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-81
Note: The dependencies do not include any middle-tier servers. It is not recommended
that you include them in the dependencies. However, it is possible. See
Installation Note 52100: http://support.sas.com/kb/52/100.html
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-82 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-83
How much time is built in for the web server to wait for the cache locator to start up? What
is being read before it starts up?
Caution: You might use a script similar to this one in your environment. However,
be aware that this script deletes log files, which you would not want for a
SAS Environment outside of the classroom.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-84 Chapter 2 Review ing SAS Platform Architecture
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-85
Note: The SAS Web Application Server takes from 15 to 20 minutes to start, depending on how
many SAS applications are deployed. You can examine the log files to monitor its
progress and verify that everything started successfully.
7. Validating the Servers in SAS Management Console
a. On the client machine, log on to SAS Management Console as Ahmed using the Student1
password.
b. Expand Server Manager SASApp SASApp - Logical Workspace Server
SASApp - Workspace Server. Right-click sasserver.demo.sas.com and select Validate.
Was the validation successful? If not, verify that the object spawner is running.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-86 Chapter 2 Review ing SAS Platform Architecture
c. View the details of the validation. What autoexec file was executed at server initialization?
Note: An autoexec file contains SAS statements that are executed immediately after
SAS initializes the server.
8. Adding a SAS Administrator to the Super User Role in SAS Environment Manager
The internal account sasadm@saspw is the default account for signing on to SAS Environment
Manager. In order to have other users such as Ahmed access SAS Environment Manager, the user
needs to be added to a SAS Environment Manager group in metadata and then synchronized to the
corresponding role in SAS Environment Manager.
a. Sign in to SAS Environment Manager as sasadm@saspw using the password Student1 if you
have not done so from the previous exercise.
b. Go to the Manage page and select List Users to see a list of the current users in Environment
Manager.
Three users will be listed.
c. Click List Roles to see the Environment Manager Roles. There should be three.
These three roles map to three user groups created in SAS metadata.
d. Add Ahmed to the SAS EV Super User group in metadata.
Go to the Administration page and select Users from the Side menu.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-87
e. Filter on Group.
f. Enter SAS in the Search field to get to the SAS Environment Manager Super Users.
g. Right-click SAS Environment Manager Super Users and select Open to open the metadata
properties.
h. From the Basic Properties drop-down menu, select Members.
i. Add Ahmed to the group by clicking the Edit button in the upper right toolbar.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-88 Chapter 2 Review ing SAS Platform Architecture
j. Move Ahmed from the Available identities list to the Direct members list. Click OK.
k. Do not click Close until you save your changes by clicking the Save button . Click Close.
l. You do not need to synchronize users from the Manage page. Instead, Sign out as
sasadm@saspw and sign back in as Ahmed to verify that he now has access to
SAS Environment Manager. Stay signed in as Ahmed for the rest of the exercises.
2) Click the Configure button to display the Dashboard Settings page for the portlet.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-89
4) In the View field, make sure that Platforms is selected. Move both resources to the right.
Click OK.
5) Specify the name OS and SAS Server Tier in the Description field. Click OK.
6) Move the OS and SAS Server Tier availability summary portlet to the top by clicking
the heading and dragging it to the top of the left column.
10. Evaluating Resource and Memory Usage on a Host
System Resources can approach their limits and cause the system to become slow or unstable. If you
see a problem with system responsiveness from the users’ point of view, there are some metrics that
can be checked to give us clues as to why. It is also possible for system resources to be nearing their
limits, but with no obvious effect on user experience. Regardless, you can monitor these items
through SAS Environment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-90 Chapter 2 Review ing SAS Platform Architecture
Click Win32 under your OS and SAS Server Tier summary portlet that you just created.
b. Click sasserver.demo.sas.com and that takes you to the same view as Resources Browse
Platform sasserver.demo.sas.com.
What is the RAM for this machine? What is the CPU speed?
It varies: 15952 MB on Linux and 16384 MB on Windows
The RAM field (in the upper right) specifies the total memory for the host.
The CPU Speed field (in the upper left) specifies the number and speed of the proc essors on the
machine.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-91
c. Click Metric Data to view the table of metrics for the host.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-92 Chapter 2 Review ing SAS Platform Architecture
Use these metrics to determine CPU and I/O usage for a host in a deployment:
CPU Usage
CPU Wait
User CPU
CPU Idle
CPU IRQ
File System Read/Writes per Minute metric to evaluate I/O performance over time
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-93
d. Click Indicators to view these metrics in chart form. The charts can be useful for evaluating
changes in memory usage over time, for example.
Note: If the chart for one or more of the metrics is not displayed, select the Problem Metrics
field on the bottom left of the page and change the selection to All Metrics. Move the
metric that you want added in the Indicators display by clicking the black arrow next to
the metric.
e. By clicking the metric, a chart is brought up with more detailed information. Scroll to the bottom
of the metric charts and click Zombie Processes. This is one metric at the Platform level that can
indicate too many “runaway” or “stuck” processes. If there are any numbers above zero
consistently, it might be time to reboot the machine when there is opportunity to do so.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-94 Chapter 2 Review ing SAS Platform Architecture
You have options within the chart view such as editing ranges, saving the chart to dashboards,
and defining an alert for this metric.
f. Click the down arrow next to Map to see a visual representation of resources and the next level of
parent and child resources. How many servers are under this machine platform?
Note: The map for a platform displays the servers under the platform, and the map for a server
displays the services under the server. Servers as well as Services under the platform are
also listed on the left of the Monitor page.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-95
h. Select a query to run from the drop-down menu, such as df and top.
11. Reviewing Service Architecture Enablement Steps and Locating Logs Created by Enabling and
Initializing the APM ETL
a. Navigate to the emi-framework directory where the instruction document
SAS_Environment_Manager_Service_Architecture_Quickstart.pdf is located.
For
15.Linux Server
/opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-96 Chapter 2 Review ing SAS Platform Architecture
3) Enabling either ACM or APM ETLs, including an additional initialization step for the APM
ETL. All ETL processes are optional and can be enabled at any time after the framework has
been initialized. However, one or more ETLs are required to construct the data dart.
Note: The Service Architecture has already been initialized in the classroom environment.
b. If the APM ETL package is enabled and initialized, a potentially large volume of log files is
created. The ETL process extracts data from SAS logs and loads that data into the data mart so
that the applicable stored process reports have data to work with. Data is extracted from the SAS
logs only when the logs roll over (usually after midnight).
1) Locate log files that are generated.
For
16.Linux Server
Navigate to /opt/sas/config/Lev1/SASApp/WorkspaceServer.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-97
To create a report, click the stored process entry. The viewing pane of the Report Center window
displays prompts for the information in the report. You can select the categories of inputs on the
left side of the display area to fully customize the report. Click Run to produce the report.
b. Run a report that shows a full listing of available reports. Select Products SAS Environment
Manager Dynamic Reports Datamart Report Center Report Listings.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-98 Chapter 2 Review ing SAS Platform Architecture
c. Run a report that shows a full listing of data mart tables and variables. Select Products SAS
Environment Manager Dynamic Reports Datamart Data Mart Proc Contents Full
Listing.
d. Run a report that shows all alert definitions. Select Products SAS Environment Manager
Dynamic Reports Datamart All Alert Definitions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-99
b. Select the Service Architecture Event Importer and go to the Inventory page.
Note: If you do not have the Services Architecture initialized, you can create your own event
importer by going to Resources Platforms (select platform) Tools Menu New
Platform Service. Under Service Type, select SAS Event Importer and then fill in the
same fields as shown above.
e. Click OK to exit the properties of the event importer.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-100 Chapter 2 Review ing SAS Platform Architecture
The SAS macro library with samples macros used with the Service Architecture is in the
following location:
Linux Server: /opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework
Windows Server: D:\SAS\Config\Lev1\Web\SASEnvironmentManager\emi-framework
g. View the contents of the program through a text editor, but do not make changes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-101
For
18. Linux Server
1. Note: Use mRemoteNg and not WINSCP because you will be issuing a command.
Navigate to the following directory:
/opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework/bin
Note: The runSASJob.sh script sets up the SAS environment needed to run the job.
i. In SAS Environment Manager, select Analyze Event Center. The event should appear in a few
minutes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-102 Chapter 2 Review ing SAS Platform Architecture
For
19.Linux Server
/opt/sas/config/Lev1/Web/SASEnvironmentManager/emi-framework/Events/sasev.events
The event is included in the file. You can open up the file with the command gedit sasev.events.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-103
4) Click OK.
c. In the new exporter, select Configuration Properties and enter the following properties;
1) Enable Event Exporter: select
2) Events File Name: For Linux Server: /opt/sas/config/Lev1/AppData/EventsOut.txt
For Windows Server: D:\SAS\Config\Lev1\AppData\EventsOut.txt
3) User Name: Ahmed
4) Password: Student1
Click OK.
d. Generate an event by restarting the object spawner.
1) Go to Resources Servers sasserver.demo.sas.com Object Spawner -sasserver.
2) Click Control in the Quick Control section.
3) Change Control Action to Restart and click the arrow to the right.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-104 Chapter 2 Review ing SAS Platform Architecture
f. Navigate to the following text file to see the events being written to it:
For
20.Linux Server
/opt/sas/config/Lev1/AppData/EventsOut.txt
D:\SAS\Config\Lev1\AppData\EventsOut.txt
Note: The event exporter does not allow subsetting of the events that are exported. All events
that SAS Environment Manager generates are written to the file.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2.5 Solutions 2-105
The SAS configuration directory under Levn will include which of the
following subdirectories?
21
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
On the Resources page in SAS Environment Manager, where would you find
the SAS Object Spawner resource?
a. Services
b. Servers
c. Platforms
d. Mixed Groups
52
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
2-106 Chapter 2 Review ing SAS Platform Architecture
a. You can have only one SAS Environment Manager Agent in a SAS
deployment.
b. The SAS Environment Manager Agent summarizes the metric
information and writes it to the PostgreSQL database.
c. The SAS Environment Manager Agent can be monitored under Platforms
in SAS Environment Manager’s Resource page.
d. You will have a SAS Environment Manager Agent running on every
platform where SAS components are configured in your SAS deployment.
54
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 3 Understanding SAS®
Metadata and the Metadata Server
3.1 Exploring the SAS Metadata Server and Metadata Repositories ............................. 3-3
Exercises............................................................................................................. 3-11
Exercises............................................................................................................. 3-80
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-3
Objectives
3
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
S A S Enterprise Guide
M etadata Server
i S A S S tudio
S A S M odel M anag er
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-4 Chapter 3 Understanding SAS® Metadata and the Metadata Server
In most cases, users access and update metadata using SAS applications, including SAS Management
Console, SAS Environment Manager, SAS Data Integration Studio, and SAS Enterprise Guide. Web-
based applications need only a web browser. The connection profile is built into the web application.
You can also access and manage SAS metadata through programmatic interfaces, including the
METADATA and METALIB procedures, DATA step functions, and the batch tools for metadata
management. The tools are documented in SAS® 9.4 Intelligence Platform: System Administration Guide.
Other parts of the SAS platform also communicate with the metadata server, including SAS spawners,
SAS servers, and SAS middle-tier applications.
i
Metadata SA S Metadata
Server Repositories
5
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The management and use of threads are controlled by the MAXACTIVETHREADS, THREADSMIN,
and THREADSMAX options. See “Configuring the Number of Threads Used by the Metadata Server”
in SAS® 9.4 Intelligence Platform: System Administration Guide.
The metadata server
uses multi-threaded processing to read metadata but uses a single thread to write
and update.
is an ‘in-memory’ server, enabling high-speed access by applications.
supports concurrent users.
provides centralized management of metadata resources.
enables metadata exchange between applications so that applications can work together easily and
efficiently.
is built on the SAS Open Metadata Architecture, a metadata management facility that provides
common metadata services to applications, including creating, accessing, and updating metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-5
Note: SAS 9.4 provides the option of implementing a metadata server cluster. Client applications and
users interact with the cluster in the same way that they would interact with a metadata server that
is not clustered.
SAS Metadata
6
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS applications connect to the SAS Metadata Server and issue SAS Open Metadata interface method
calls that access metadata from repositories.
Metadata Repositories
A metadata repository is
• a library of tables in which a collection of related metadata objects is stored
• stored in a physical location
• managed by a repository manager.
7
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-6 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Repository Manager
The repository manager is a library of tables that holds information about the
other repositories in the environment.
A metadata server cannot be started without a repository manager. Each metadata server can have only
one repository manager.
Metadata Repositories
9
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The BI Lineage repository created for the BI Lineage plug-in is a custom repository. Custom repositories
appear as folders in the metadata folder tree under the SAS root folder.
A project repository is an optional metadata store that acts as an isolated work area for SAS Data
Integration Studio. Each user who participates in change management has a project repository.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-7
You can use the Metadata Manager plug-in to create and manage repositories.
Creating a new repository Creates initial repository content and all the metadata that defines the
repository.
Registering a repository Creates the metadata that defines the repository and points to existing
repository content.
Deleting a repository Deletes the repository content and all the metadata that defines the
repository.
Unregistering a repository Removes the metadata that describes the repository without removing
the content of the repository itself.
i
M etadata Server
In -memory database
10
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When the first query for a specific type of metadata object (for example, a table) is submitted, all table
metadata is loaded into memory. The in-memory database remains until the metadata server is paused
or stopped.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-8 Chapter 3 Understanding SAS® Metadata and the Metadata Server
J o urnal file
i
M etadata Server
In -memory database
11
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Journaling is enabled by default for the metadata server. For best performance, it is recommended that
journaling be enabled at all times. If the metadata server fails before the update process can apply
all updates from the journal file, the metadata server automatically recovers them from the journal file
when it is restarted.
In addition, journaling must be properly configured in order for roll-forward recovery to be available
in the event that you need to restore the metadata server. When the OMA JOURNALTYPE= option is set
to ROLL_FORWARD, the metadata server creates a linear journal file that permanently stores
all transactions that occurred since the most recent backup.
The metadata server is initially set up to write journal entries to a journal file that is stored in </SAS
Configuration Directory/Levn/>SASMeta/MetadataServer/Journal. Each time a new backup is executed,
journaling stops and a new journal file is started in this location.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-9
N ote: Any changes to this file require a restart of the metadata server in
order for the changes to take effect.
12
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Alert emails that are generated by the metadata server are sent to the addresses that are specified
in the OMA ALERTEMAIL option in the omaconfig.xml file. The generated email has Metadata Server
Alert in the subject line. The body of the message specifies the error that occurred, the name
of the metadata server host machine, the metadata server port, and the location of the metadata server log.
The metadata server sends alert emails in these situations:
An error occurs during metadata server backup or recovery.
A problem occurs and prevents the repository data sets from being updated from the journal.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-10 Chapter 3 Understanding SAS® Metadata and the Metadata Server
i R epository Manager
M etadata Server 3
1 2
5
18
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
1. The metadata server is launched from the operating system either as a Windows service or from
a command. As part of the start-up, the metadata server reads the omaconfig.xml file in the metadata
server configuration directory.
2. One of the settings in the omaconfig.xml file is the location of the repository manager.
3. The metadata server connects to the repository manager.
4. The repository manager provides information about the metadata repositories including location, type,
and name.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-11
Exercises
1. Exploring Metadata Pointers in SAS Management Console and the Contents of the Metadata
Server Directory
a. On your client machine, log on to SAS Management Console as Ahmed with the password
Student1. (SAS Management Console is listed under the start menu.)
b. Where is all the metadata physically stored? Expand the Metadata Manager plug-in.
Select Active Server.
c. Where is the Foundation repository physically located? Under Active Server, select Foundation.
d. In what format is the metadata in the repository stored?
Note: Metadata queries that are made using SAS applications, PROC METADATA, batch tools
for metadata management, or DATA step functions are processed by the metadata server.
a. Open Internet Explorer or Google Chrome on the client machine and select SAS Environment
Manager on the Favorites toolbar.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-12 Chapter 3 Understanding SAS® Metadata and the Metadata Server
g. If the metadata server is overusing virtual memory (too much page swapping), that could indicate
trouble and might cause slow responses. These metrics are helpful:
Process Page Faults Per Minute
Time in Calls Per Minute
Not all metrics for this resource, the metadata server, are displayed by default, such as Time in
Calls Per Minute.
h. Select All Metrics in the drop-down list on the left to see a list of all the metrics for this resource.
(Currently Problem Metrics is displayed in the drop-down list.)
i. Add the Time in Calls Per Minute to the list of metrics displayed by clicking the black arrow
next to the metric.
j. Move the Time in Calls Per Minute and Process Page Faults Per Minute to the top using the up
arrow to the right of the named metric.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-13
k. Click Apply next to View: Update Default located above the Availability metric and to the right.
Note: You want to know how much the metadata server is having to use disk space because it
does not have enough memory available to it. Paging is when individual memory
segments, or pages, are moved to or from the swap area. When memory is low, portions
of a process are moved to use disk space as a temporary place to store information that it
would normally just hold in memory. This is called swapping to disk. When a process
needs to swap some data from disk to memory so that it can access the data in memory, a
page fault occurs. It is an event that occurs because the page of memory the process
wanted is currently not in memory; it is held on the swap file on the disk. Thus, when a
page fault occurs, the operating system knows that it needs to swap the data that the
process wants back into memory, and it will swap some other existing data from memory
to the disk to free up the required memory so that there is room for the required page.
One of the metrics available from the OS that describes what a process does when it
enters this memory-constrained state is the number of page faults (swaps between disk
and memory) per period of time. You can see this metric for the process examined here,
the SAS metadata server.
You expect some degree of virtual memory swapping (page faults), which is normal, but
if you see a trend of increase over time, then you should probably investigate.
l. The data for the past eight -hour time period is displayed. Change this to a 30-minute interval. Use
the Last (number)/(Unit) drop-down list to change the length of the time period displayed. Click
OK. (You can use the Previous Page/Next Page buttons to scroll through earlier time periods as
well.)
m. Select the Metric Data button to display the data underlying the charts.
You see all of the metrics displayed here in a tabular table, whereas with the Indicators selected,
there is only a subset showing, unless you add a metric to be displayed (step i).
Note: You can also click the Chart button next to an entry in the table to see a chart of that
metric. However, the chart is different from the indicator chart.
n. Select Alert.
o. Select Configure. How many alerts are configured? How many alerts are active?
There are built-in alerts because Extended Monitoring has been enabled in this environment.
Note: Two alerts that might be useful are “Metadata Server ERROR message in log” and
“Metadata User Lockout”. If either of these alerts is fired, you might want to check the
logs for the metadata server to get more details about why these events are happening.
p. Click Metadata Time in Calls per Minute to look at the alert definition.
3. Searching for Resources in SAS Environment Manager
a. Click the Resources tab. You can search for resources within a resource category (Platforms,
Servers, Services, or groups).
1) Select a resource category, such as Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-14 Chapter 3 Understanding SAS® Metadata and the Metadata Server
2) Type in a search string (for example, ‘config’) and Resource type (for example, ‘SAS Config
Level Dir’).
b. Use the Search menu and the resource level selector to locate the following resources:
Servers
SAS Spawners (1 object and 1 connect spawner—search on the string “spawner”)
SAS OLAP Server
SAS Home Directory
SAS Config Level Directory
Services
SAS Workspace Server
SAS Stored Process Server
Note: The SAS spawners, the metadata server, and OLAP server are at the Servers level in the
platform hierarchy. The SAS Application Server Tier is considered a Platform. The
SAS Logical workspace servers and SAS Logical stored process servers are at the
Services level in the platform hierarchy.
c. Open SAS Management Console and log on as Ahmed using the password Student1. Expand the
Server Manager plug-in. The components above conform to the servers shown here.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.1 Exploring the SAS Metadata Server and Metadata Repositories 3-15
3.01 Poll
True
False
21
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The Metadata Server knows the location of the Repository Manager because
it is specified in the following file:
a. sasv9_usermods.cfg
b. sasv9.cfg
c. omaconfig.xml
d. logconfig.xml
23
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-16 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Objectives
26
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Metadata
Report
Exploration
27
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Users (directly or through the groups to which they belong) need access to metadata as well
as to the non-metadata elements that they reference.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-17
The SAS metadata model includes metadata types. Each metadata object
is a unique instance of a metadata type.
28
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Metadata
Caution: Renaming, moving, or deleting SAS folders and the objects that they contain can cause
unpredictable results.
Before renaming, moving, or deleting an object or a folder, see the guidelines in “Best Practices for
Managing SAS Folders” and “Best Practices for Maintaining Associations among Objects in
SAS Folders,” in SAS® 9.4 Intelligence Platform: System Administration Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-18 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-19
30
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Users, Groups, and Roles can be created, viewed, and managed in the following:
User Manager plug-in in SAS Management Console
Administration tab of SAS Environment Manager
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-20 Chapter 3 Understanding SAS® Metadata and the Metadata Server
N o d irect physical
c o ntent
33
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Create and manage libraries and registration using one of the following:
Data Library Manager plug-in in SAS Management Console.
Administration tab of SAS Environment Manager.
In SAS Environment Manager 2.5 (the current release), SAS LASR analytic Server and SAS BASE
libraries are the only two available values for the Type field.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-21
Note: Some of the metadata representations described above, such as tables, are actually a collection
of associated metadata objects.
34
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
35
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-22 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Many metadata objects are also associated with other metadata objects.
The following tools can help with discovering the associations:
• Export SAS Package Wizard,
part of the SAS Promotion Tools server library folder
• BI Lineage plug-in
• Batch tools
table information report
map
For example, a library metadata object is associated with a server and a folder. A table depends
on a library and is associated with a folder. An information map can depend on a table and be associated
with a folder. A report can depend on an information map and be associated with a folder.
Some of these associations are also the paths through which metadata permissions are inherited.
Import
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-23
If using the Export SAS Package Wizard to create a package and not just to see dependencies, you can
selectively promote content.
Select multiple nested folders.
Include all or selected objects
in a folder.
Include or exclude dependent objects.
Use a filter to select objects based on the object
name, object type, or time period during which
the object was created or last modified.
Include empty folders.
Include associated physical content.
Caution: In order for objects to function properly in the target environment, you must import the
resources that objects depend on, unless those resources already exist in the target
environment. For example, if you want reports to function properly, the information maps
that the reports depend on must be present. If a report has stored processes or images
associated with it, then those objects must be present in the target system.
Virtual folders called Servers and Security are displayed in the SAS Folders tree in SAS Management
Console for use in promoting these objects.
BI Lineage Plug-in
38
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The BILineage repository is created automatically the first time an unrestricted administrative user logs
on to SAS Management Console. The BILineage repository should not be used for any purpose other than
storing scan results.
To give users permission to view scan results, you must update the BILineage repository's Default ACT
to grant ReadMetadata permissions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-24 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: You cannot provide access by setting permissions on the BILineage folder that appears in the
SAS Folders tree, because scan results are not stored in the folder.
Because the lineage information is not generated in real time, it is important to keep the scan information
updated. To make this task easier, you can create jobs and then schedule them to run at regular intervals.
The plug-in can generate jobs for running, exporting, or deleting BI Lineage scans. After the jobs are
generated, you can use the Schedule Manager plug-in to schedule the jobs. For details about these tasks,
see the BI Lineage plug-in Help in SAS Management Console.
The SAS platform provides a variety of batch tools that you can use to perform
actions on objects and other components of the SAS platform. The batch tools
are located in the path
SAS-install-directory/SASPlatformObjectFramework/9.4/ and fall under these
categories:
• metadata management tools
• export and import tools
• batch relationship reporting tools
• metadata server administration tools (…/tools)
• the Deployment Backup and Recovery tool (…/tools/admin)
39
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The batch tools can be incorporated into scripts so that you can run them repeatedly on either an ad hoc
or scheduled basis.
Metadata management tools can be used for tasks such as listing selected objects, deleting selected
objects, creating new folders, and managing metadata access.
Export and import tools enable you to promote individual objects or groups of objects from one SAS
deployment to another, or from one folder location to another within the same deployment.
The promotion includes all associated content except physical files for tables and external files.
Batch relationship reporting tools enable you to identify relationships among the content objects
in the SAS Folder tree. For example, you can identify the objects that a given object depends
on or contains; the objects that depend on or contain a given object; and the objects that are associated
with a given object. Both direct and nested relationships can be identified.
Metadata server administration tools can be used by administrators to perform tasks such as executing
metadata server backups and restores, creating and deleting metadata repositories, and updating
metadata profiles.
The Deployment and Backup and Recovery tool provides an integrated method for backing
up and recovering your SAS content across multiple tiers and machines.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-25
Additional batch tools are available for middle-tier administration. See “Using the SAS Web
Infrastructure Platform Utilities” in SAS® Intelligence Platform: Middle-Tier Administration Guide.
Note: In all of the SAS Intelligence Platform batch tools, you must use the correct case for option
names (for example, -includeDep and –newOnly) and object types (for example,
InformationMap). All other elements of the commands are case insensitive.
For the Deployment Backup and Recovery batch commands and batch relationship
reporting tools:
Option Description
-host host-name Identifies the host machine for the SAS Web Server or SAS Web Application Server.
-port port Specifies the port on which the SAS Web Server or SAS Web Application Server
runs.
-user user-ID Specifies the user ID of the connecting user.
-password password Specifies the password of the connecting user.
-protocol HTTP|HTTPS Specifies the communication protocol that is used by the specified host machine
and port.
-profile file-name Specifies the name of a file that contains the host, port, user ID, and password
options. This option can be provided in place of -host, -port, -user, and –password.
40
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The password should be encrypted using SAS proprietary 32-bit encryption. To obtain the encrypted
password, use PROC PWENCODE.
If the –protocol option is not specified, the default protocol (HTTP) is assumed.
A sample profile called environment.properties is located in SAS-installation-
directory/SASPlatformObjectFramework/9.4/tools/admin/conf/sample. If you use this file, be sure to
use operating system controls to protect access to the file.
The sas-recover-offline command uses different connection options. This command needs to connect to
the metadata server, not the web server or web application server.
The following additional options can be specified for the Deployment Backup and Recovery batch
commands:
-maxattempt maximum-number-of-attempts: The maximum number of attempts that are to be made to
execute the command if the first attempt fails. The default value is 2.
-help
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-26 Chapter 3 Understanding SAS® Metadata and the Metadata Server
You mus t provi de connection opti ons to l og on to the SAS Meta data Server.
Option Description
-host host-name Identifies the host machine for the metadata server.
-port port Specifies the port on which the metadata server runs.
-profile profile-name Specifies the name of the connection profile that is to be used to connect
to the metadata server. This option can be provided in place of -host,
-port, -user, and –password.
41
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The connection profile must exist on the computer where the command is executed. You can specify any
connection profile that has been created for use with client applications such as SAS Management
Console, SAS Data Integration Studio, and SAS OLAP Cube Studio. When you open one of these
applications, the available connection profiles are displayed in the drop-down box in the Connection
Profile dialog box.
The following additional options can be specified with any of the metadata server administration batch
commands:
-log log-path | log-path-and-filename specifies the path (or the path and filename) where the log file
is to be written.
-help
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-27
This demonstration illustrates how to use SAS Environment Manager to explore a library metadata object,
the tables registered to that library in metadata, and the physical location of the tables.
3. Select Libraries.
5. Right-click Orion Star Library and select Open. With what metadata folder is the library
associated?
Note: Time stamps will be different for the SAS deployment on Windows versus Linux.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-28 Chapter 3 Understanding SAS® Metadata and the Metadata Server
6. From the drop-down menu select Options. To what physical location does the library point?
The path for data stored on the Windows server would be D:\Workshop\OrionStar\orstar.
7. From the drop-down menu select Assigned SAS Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-29
9. From the drop-down menu select Tables. The tables registered to this library and their metadata
folder location are listed.
10. Right-click Orion Star Customers and select Open to see the metadata definition of this table.
11. Click the Side menu button and select Folders.
12. Expand Orion Star Marketing Department Data. The library and tables are listed here.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-30 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-31
Exercises
4. Using the Export SAS Package Wizard to Examine Dependencies and Associations between
Metadata Objects
The Export SAS Package Wizard and Import SAS Package Wizard enable you to promote individual
metadata objects or groups of objects from one SAS deployment to another or from one folder
location to another within the same deployment. The wizards display the associations and
dependencies between metadata objects.
a. In SAS Management Console, on the Folders tab, expand the Orion Star folder. Right-click
the Marketing Department folder and select Export SAS Package.
b. Accept the defaults and click Next. (You are not going to create this package,
so the location and options will not matter.)
c. Under the Data folder, select Orion Star Customers. The Dependencies tab identifies
the metadata objects on which the Orion Star Customers table depends.
d. Click the Used By tab. The Used By tab identifies the metadata objects that depend
on the Orion Star Customers table.
e. Click Cancel.
5. Using the List Objects Batch Tool
Use the List Objects batch tool (sas-list-objects) to create a list of metadata objects that are stored
in the SAS Folders tree. You can filter the list based on criteria such as object name, object type,
folder location, creation date and time, modification date and time, keywords, notes, and responsible
user. You can create the list in text, comma-separated values (CSV), or XML format.
a. First, find the metadata object type for a stored process. In SAS Management Console, under
the Folders tab, navigate to System Types. Right-click Stored process and select Properties.
Click the Advanced tab. Find the value for TypeName. This will be used for the type option
when using the batch tool.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-32 Chapter 3 Understanding SAS® Metadata and the Metadata Server
b. Navigate to the location of the SAS batch tools and run the sas-list-objects batch tool to list all
stored processes in the Orion Star Marketing Department. How many objects were found?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-33
Secondly, the sas-relationship-reporter batch tool is used to read the database populated by the
Relationship Loader and report on the relationships between selected objects.
a. Automatic loading of relationship data is configured by default. Look at the configuration details
in SAS Management Console.
1) Open SAS Management Console and log on as Ahmed using the password Student1.
2) On the Plug-ins tab, select Application Management Configuration Manager
SAS Application Infrastructure Web Infra Platform Services 9.4.
3) Under Web Infra Platform Services 9.4, right-click RelationshipContentService and select
Properties.
1. Navigate to /opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools.
2. Issue the following command:
./sas-relationship-reporter -host sasserver.demo.sas.com –port 7980 –user
sasadm@saspw –password Student1 –report directDependencies “/Orion
Star/Marketing Department/Information Maps”
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-34 Chapter 3 Understanding SAS® Metadata and the Metadata Server
1. Navigate to /opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools.
2. Issue the following command:
./sas-relationship-reporter -host sasserver.demo.sas.com –port 7980 –user
sasadm@saspw –password Student1 –report impact “/Orion Star/Marketing
Department/Data/GOLDORDERS (Table)”
Note: If your environment is SAS 9.4 and prior to M3, you would first need to run the sas-
relationship-loader batch tool and load all relationships to the database before running
reports in steps b and c. See the solution 6d for an example of this.
a. In SAS Management Console, on the Plug-ins tab, right-click BI Lineage and select New Scan.
b. Enter Orion Star Marketing Department Information Map Scan in the Name field.
Click Browse to navigate to Orion Star Marketing Department Information Maps.
Click OK Next Finish Yes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.2 Exploring SAS Metadata Objects 3-35
c. Under the BI Lineage plug-in, expand Orion Star Marketing Department Information Map
Scan Information Maps SAS Folders Orion Star Marketing Department and
select Information Maps. These are the objects that were examined during the lineage scan.
d. Right-click Orion Star Gold Orders Cube and select Lineage.
Note: Lineage identifies all connected objects regardless of their locations in the metadata.
Reverse lineage includes only those objects in the folders that were selected for the scan.
e. Examine the contents of the Report and Graph tabs.
Note: The Report tab displays the connected objects in a hierarchical view. The Graph tab
displays the connected objects in a process flow view.
There are two types of lineage results: high level and low level. High-level results illustrate
connections between high-level objects such as tables, reports, information maps, cubes,
and stored processes. Low-level results illustrate connections to other low-level objects such
as columns, hierarchies, or data items.
The results that you viewed in the last step are high-level results.
f. Click Cancel twice.
g. Right-click Orion Star Gold Orders Cube and select Properties. Right-click Average Quantity
and select Low Level Lineage. Examine the Report and Graph tabs.
h. Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-36 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Objectives
46
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
47
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-37
For documentation about metadata server clustering, refer to SAS® 9.4 Intelligence Platform: System
Administration Guide.
Each node also maintains a complete in-memory copy of the metadata repository.
49
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-38 Chapter 3 Understanding SAS® Metadata and the Metadata Server
When a clustered metadata server is started, the nodes establish communication with one another. One
of the nodes becomes the master node that coordinates activity within the cluster. The other nodes are
considered slave nodes. A load-balancing process automatically distributes work among the slave nodes.
50
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Yes Online
Yes Online
No Offline
Yes Online
No Offline
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-39
Yes Online
Yes Online
Yes Online
No Offline
Yes Online
No Offline
No Offline
51
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
A client application can connect to any of the three nodes. If a client application attempted to connect to
the master node, it would be redirected to a slave node.
In this example, the first client application connects to node 1, which is a slave node.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-40 Chapter 3 Understanding SAS® Metadata and the Metadata Server
53
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When the second client application attempts to connect to node1, it is redirected to one of the other slave
nodes (node 2 in this example) by a load-balancing process. Currently, the load-balancing algorithm
is a round-robin process.
After a client application is connected, it can never be redirected to another node. If the node fails,
the client must reconnect to another node.
54
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-41
Client applications request metadata from the slave node to which they are connected. If the request does
not require an update to metadata, the slave node executes the request using the metadata that is stored
on that node (or in memory). The other nodes are not aware and do not participate.
59
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
1. If the request requires an update to metadata, the slave node forwards the request to the master node.
2. The master node performs all of the needed preparation work before the metadata is updated,
including constraint checks and permission checks. After it is accepted, the master node creates
a journal entry in its journal and queues the update to its in-memory copy of the metadata.
3. The master node forwards the journal entry to the slave nodes. The slave nodes add the journal entry
to their individual journal files and queue the update to their in-memory copy of the metadata.
4. The slave node updates its in-memory copy of the metadata. When it completes the update, the slave
node responds to the client application that is connected to the slave node. Be aware that the other
slave nodes might not have performed the update to their in-memory metadata yet. If any read
requests come to the other slave nodes, they respond with consistent data without the pending
updates.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-42 Chapter 3 Understanding SAS® Metadata and the Metadata Server
60
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
If a slave node fails, it drops out of the cluster. The master node becomes aware that the slave node is
gone and no longer sends updates there. If quorum is maintained, load balancing uses only the remaining
slave nodes for new connections. When a slave node fails, in-flight transactions can fail.
If a client application is currently connected to a node that dies, the application automatically tries
to connect to another node.
61
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-43
The client application reconnects to another slave node. The reconnection is either automatic
or the application prompts the user. Most applications have access to a list of nodes in the cluster.
For most applications, the list is updated automatically. On each machine that includes an object spawner,
a SAS/CONNECT spawner, or components of SAS Application Servers (such as workspace servers,
pooled workspace servers, OLAP servers, and stored process servers), you need to use the sas -update-
metadata-profile batch tool to update the metadata profiles.
62
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
If the master node fails, one of the slave nodes is promoted to the server when the master node
and the cluster resume operation.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-44 Chapter 3 Understanding SAS® Metadata and the Metadata Server
63
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When the master node goes away, the slave nodes go offline. The remaining nodes immediately establish
communication with each other and select a new master node. After a quorum is available, the cluster
comes back online.
64
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-45
In this particular example, a client application was connected to a node that became the master node.
Because connection redirects happen only at connection time, this client application is not redirected
and stays connected to the master node, which services its requests. The new master node does not accept
new connections.
All of the host machines in the cluster must have the same operating system
and meet the requirements to run a metadata server.
In addition, all of the servers in the cluster must do the following:
• use the same network path to access the metadata server backup location
• be started using a single user account
65
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When setting up metadata server clustering, you must use a deployment plan that specifies a multiple-
machine deployment.
The single user account must be recognized by all of the machines that participate in the cluster.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-46 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Step1: Configure the initial metadata server to use the network location for
backups and the service login account.
N ote: This can be done during the initial configuration of the
metadata server or you can modify an existing metadata
server.
Step 2: Install and configure additional metadata server nodes.
66
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If you want to configure the initial metadata during the initial configuration, do the following
in the SAS Deployment Wizard:
Override the default metadata server backup location and specify the network path to a backup location
that all of the nodes in the cluster can access.
If necessary (for example, on Windows), specify the external account that is used to start the server
(service logon account).
To modify the configuration of an existing metadata server in preparation for clustering, do the following:
Specify the network location for the metadata server backup path. You can use SAS Management
Console and select Metadata Manager Metadata Utilities Server Backup
Backup Configuration.
Ensure that the metadata server is started with an external account that is recognized
by all the machines that participate in the cluster. On the Windows system, follow these steps:
– Stop the metadata server.
– In the Windows Services Manager, open the properties of the SASMeta – Metadata Server service.
On the Log On tab, specify the appropriate external account.
– Start the metadata server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.3 Implementing a SAS Metadata Server Cluster 3-47
67
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Management Console enables you to view the overall status of a metadata server cluster and to
individually monitor each node in the cluster.
To view the overall status of the cluster: Expand the Metadata Manager plug-in. Right-click the
Active Server node and select Properties. Select the Cluster tab to see the overall status of the cluster
(including the presence or absence of a quorum) and the status of each of the nodes in the cluster.
To view more detail about the individual nodes in a cluster: Navigate to Server Manager
SASMeta SASMeta - Logical Metadata Server. Expand SASMeta - Logical Metadata Server.
Each node appears on a separate line.
Select a node and connect to it.
Use the tabs on the right pane to view the node’s connections, clients, options, loggers, and log events.
Select Stop to stop only the selected node. Select Pause, Resume, Quiesce, or Validate. These actions
affect the entire cluster.
SAS Environment Manager supports monitoring of SAS metadata server clusters, effective with the
second maintenance release for SAS 9.4. To view status indicators and metrics for the cluster:
On the Resources tab, select Platforms. In the list of platforms, select SAS 9.4 Application Server
Tier. Deployment-wide information is displayed at the top of the page, including the message
Metadata Clustered: Yes.
Select Monitor and then select a time period to display.
Select Indicators, and then scroll down to display Metadata Cluster Nodes Available, Metadata Cluster
Nodes Defined, Metadata Cluster Percent Available, and Metadata Cluster Quorum Available.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-48 Chapter 3 Understanding SAS® Metadata and the Metadata Server
69
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
71
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-49
Objectives
74
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
To ensure the integrity of the content that is created and managed by the
SAS platform, the following are recommended best practices:
• Always use the metadata server backup facility to back up the repository
manager and metadata repositories.
• Perform regularly scheduled full backups.
• Perform backups before and after major changes.
• Specify a reliable backup destination that is included in daily system
backups.
75
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-50 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: In some situations, it might be appropriate to back up specific objects or folders in the metadata
folders (SAS Folders) tree. In these situations, you can use the promotion tools, which include
the Export SAS Package Wizard, the Import SAS Package Wizard, and the batch export and
import tools.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-51
76
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
77
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-52 Chapter 3 Understanding SAS® Metadata and the Metadata Server
78
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Caution: If you use operating system commands to back up your metadata repositories and
metadata server instead of using the metadata server’s backup facility, then you must be
sure to pause the metadata server to an Offline state before you perform the backup. If the
metadata server is in an Online state or is paused to an Administration state, then the
backup files are not usable.
Note: You can use PROC METAOPERATE to pause the server to an Offline state before the backup
is taken and to resume the server to an Online state when the backup is complete.
The backup facility executes in a separate thread while the metadata server is running. Therefore,
the metadata server does not need to be paused during backups unless certain options are selected.
If journaling is disabled or if the Reorganize Repositories backup option is selected, the server is paused
for Read-Only use so that queries (but not updates) can continue to be processed.
In addition to running scheduled backups, the metadata server automatically backs itself up under certain
unscheduled situations. Unscheduled backups use the same server-based facility and the same
configuration options that are used for scheduled backups.
A backup is run automatically in the following situations:
after the SAS Deployment Wizard configures a metadata server.
after you complete a successful recovery of the metadata server.
if you change the JOURNALTYPE option in the omaconfig.xml file to NONE or SINGLE (which
is not recommended), and later change the option back to ROLL_FORWARD. A metadata server
backup is run automatically when you restart the metadata server.
You can also run an ad hoc backup using the MetadataServer command or the backupServer.sas program.
Backups that are run using these methods use the same server-based backup facility and the same backup
options that are used for scheduled backups.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-53
You can schedule a backup using the MetadataServer command or the backupServer.sas program. First,
disable the automatic backups in the Backup Schedule properties.
Caution: You cannot reorganize repositories when you run a backup with the MetadataServer
command or the backupServer.sas program.
To access the backup schedule, expand Metadata Manager Metadata Utilities. Right-click
Server Backup and select Backup Schedule.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-54 Chapter 3 Understanding SAS® Metadata and the Metadata Server
To access the backup configuration, expand Metadata Manager Metadata Utilities. Right-click
Server Backup and select Backup Configuration.
Backup Location
By default, the metadata server backup facility writes backup files to the
Backups subdirectory of the metadata server’s configuration directory.
80
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Within the backup location, each set of backup files (along with the associated journal file) is stored
in a directory whose name is based on the date and time that the backup is started.
Note: As a best practice, you should modify your backup configuration to specify a storage device
other than the device that is used to store the metadata repositories and server configuration
files. Specifying a separate device ensures that the backup files and their associated journal files
(including the most current journal file) are available in the event of a disk failure.
Note: Make sure that the Backups directory (or the backup destination that you specify) is included
in your regular system backups.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-55
Each time a successful backup is completed, previous backups that are older
than the specified number of days are deleted automatically. The backup
history automatically displays the offline status icon for deleted backups.
deleted backups
81
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
It is strongly recommended that you use operating system tools to copy backups to another location.
These copies are no longer under the control of the backup retention policy. In particular, it is a very
good idea to retain the backups that you did at critical times, such as the initial backup that you did after
configuration.
If you do not want backups to be deleted automatically based on a retention policy, select 0 for the
Number of days to retain backups field in the Backup Configuration. If you make this selection, you
need to delete files manually from the backup location on a regular basis to ensure disk space availability.
Note: The offline status icon ( ) is not displayed automatically for backups that you delete manually.
To update the status icon for a manually deleted backup, you must access the backup’s Properties
dialog box.
The check-mark icon means that the backup or recovery was successful. For backups, this icon also
means that the backup was determined to be valid the last time the files were checked. A backup
is considered valid if all of the files are present in the backup location, all of the files have the correct
universally unique identifier (GUID), and all of the filenames and file sizes are correct.
The x icon indicates that either the backup or recovery was not successful or the backup was successful,
but when the files were last checked, they were invalid.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-56 Chapter 3 Understanding SAS® Metadata and the Metadata Server
82
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The default backup schedule specifies a weekly reorganization. It is not necessary to reorganize
the repositories more frequently than once a week, except in extraordinary situations such as deletions
of a large amount of metadata. The repository reorganization process affects disk space only. It does not
affect the memory usage of the metadata server.
If the Reorganize Repositories option is selected, the backup process does the following:
pauses the server, placing it in a READONLY state
copies the metadata server files to the backup destination
re-creates the repository data sets in place, which eliminates the unused disk space in the process
resumes the server to an ONLINE state
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-57
The metadata server facility backs up the node that is acting as the master
node.
• In the backup configuration for each node, make sure that you have
specified the same backup destination.
• Make sure that the backup destination is accessible to all of the nodes via
the same network path so that the backup occurs regardless of which node
is the master node.
• The Reorganize Repositories option is ignored.
83
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The REORG backup option is ignored when you back up a server that was started with the clustering
option. However, you can use this option when you back up a single node that was started without
the clustering option.
To start a single node without the clustering option, use the following command:
opt/sas/config/Lev1/SASMeta/MetadataServer/metadataserver.sh –startNoCluster
The node starts as a single, non-clustered metadata server that is paused to the Administration state.
This action is useful when you want to perform one of the following administrative tasks on a node:
perform a metadata server recovery
back up the metadata server with the REORG option
run the optimizeIMDB command option of the metadata server script
run the Metadata Analyze and Repair tools (except for the Metadata Server Cluster Synchronization
tool, which runs on a server that has been started with clustering)
Caution: After you perform one of these functions, you must restart the node to place it in the
cluster mode as the master node. Then start the other nodes in the cluster. The master
node updates the other nodes with the new data from the recovery, REORG,
optimizeIMDB, or analyze and repair operation.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-58 Chapter 3 Understanding SAS® Metadata and the Metadata Server
You can use the Metadata Manager plug-in to recover the metadata
repositories and repository manager.
Caution: If you need to recover an unresponsive metadata server, refer to “What to Do If the SAS
Metadata Server Is Unresponsive” in SAS 9.4 Intelligence Platform: System
Administration Guide, Fourth Edition.
The recovery facility provides safeguards to ensure the integrity of the backup files from which you are
recovering. The recovery operation checks that the backup directory contains the correct files and that
the files have the correct name and file sizes. In addition, each backup file contains a universally unique
identifier that is used to make sure that you are recovering files for the correct metadata server. If any
problems exist, the recovery is not started and a warning message is displayed.
During recovery operations, the metadata server is paused automatically to a RECOVERY state. The state
is similar to an OFFLINE state but more restrictive. After the recovery, the metadata server performs
an automatic backup. If the recovery is successful, the metadata server is returned to the state that it was
in before the recovery process.
Note: In the first maintenance release for SAS 9.4, the metadata server script includes a –recover
option. This option starts a server that is not currently running, and then restores the server’s
metadata repository from the most recent backup. The option provides an easy way to recover
a server or node that is unresponsive. The option does not provide roll-forward recovery, recovery
of configuration files, or recovery from a backup other than the most recent backup.
You can recover from a backup that is listed in the backup history pane.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-59
You can also recover from backup files stored in an alternate network-accessible location.
Note: When recovering from a metadata backup, you replace all of the metadata with the backup copy.
If you might need to restore only a small portion of the metadata, use the Export Wizard
on a regular basis to create package files that include metadata and associated objects
if appropriate. If you then need to restore part or all of the package, use the Import Wizard.
The Export and Import Wizards’ functionality is also available in batch mode. Refer to SAS® 9.4
Intelligence Platform: System Administration Guide for details about how to use the promotion
tools, and the batch export and import tools in particular.
You can use the metadata server recovery facility only on a single metadata
server node.
Step 1: Stop all of the nodes in the cluster.
Step 2: Start one of the metadata server nodes with the - s tartNoCluster
option.
Step 3: Use the metadata server recovery facility on the single node.
Step 4: Restart the node and place it in cluster mode.
Step 5: Start all of the other nodes in the cluster.
85
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Caution: Recovering configuration files from a backup is not recommended for clustered servers.
Backup up configuration files could contain node-specific paths or options.
After you recover the single node, the master node updates the other nodes with the new data from
the recovery operation.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-60 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.4 Backing Up the SAS Metadata Server 3-61
Exercises
8. Exploring the Backup Schedule and Backup Configuration in SAS Management Console
a. In SAS Management Console, on the Plug-ins tab, expand Metadata Manager Metadata
Utilities. Right-click Server Backup and select Backup Schedule.
When did the last automatic backup occur? Did it invoke the Reorganize Repositories option?
Click Cancel.
b. Expand Metadata Manager Metadata Utilities. Right-click Server Backup and select
Backup Configuration. Where are the metadata server backups stored? And how many days of
backups are stored there?
Click Cancel.
c. Locate backup files.
Navigate to /opt/sas/config/Lev1/SASMeta/MetadataServer/Backups.
How many backup subdirectories are there in the Backups directory? Does this match the number
of usable backups in the backup history pane in SAS Management Console?
b. Verify that the backup is marked with a green check mark in the backup history.
c. Verify that the backup directory was created and populated in the backup destination.
10. (Optional) Restoring the Metadata
a. On the Folders tab, create a new folder. Include the current time in the name of the folder.
Make a note of the current time.
b. Wait a few minutes and create another new folder. Include the current time in the name.
c. Delete the two new folders.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-62 Chapter 3 Understanding SAS® Metadata and the Metadata Server
d. As a best practice, it is recommended that you pause the metadata server to the Administration
state before you perform a recovery. On the Plug-ins tab, expand Metadata Manager.
Right-click Active Server and select Pause Administration. Provide a comment and
click OK.
e. Expand Metadata Manager Metadata Utilities and select Server Backup. Right-click
the ad hoc backup that you created in the last exercise. Select Recover from this backup.
f. Provide comments for the backup history and for the server that you paused. Use the
ROLLFORWARD transaction option to restore the metadata from the last backup
to a time immediately after you created the first folder but before you created the second folder.
Switch to the Folders tab. Verify that only the first folder now appears on the Folder tab.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-63
Objectives
93
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
94
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The Deployment Backup and Recovery tool is the underlying software used for SAS Backup Manager in
SAS Environment Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-64 Chapter 3 Understanding SAS® Metadata and the Metadata Server
The SAS Deployment Agent must be running on each middle-tier and server-tier host machine. The
Deployment Backup and Recovery tool connects with the agent and automatically discovers the tiers in
your deployment and their installed components. New components in your deployment are detected
automatically and added to the backup. For example, the tool detects new instances of the SAS Web
Infrastructure Data Server and new databases that are managed by the server.
An alert email is generated if a backup or recovery is unsuccessful. By default, the email is sent to the
system administrator email address that was specified in the SAS Deployment Wizard. You can use either
SAS Backup Manager or the sas-update-backup-config command to specify different email addresses.
By default, backups on Windows systems are performed by the Local system account for the SAS
Deployment Agent. On UNIX, backups are performed by the SAS Installer user for each server and
middle-tier machine. A special user account to perform backups must be defined in the following
situations:
If you have specified a central vault location and your environment includes one or more Windows
hosts
If a clustered metadata server has been configured and your environment includes one or more
Windows hosts
Note: For metadata server backups, the metadata server backup utility is used.
Note: If symbolic links in the configuration directories point to other locations, the referenced locations
are not backed up.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-65
Note: If you need to exclude specific tiers, servers, databases, directories, or files from the backup, you
can do so by using the command sas-update-backup-config. You can also use the SAS Backup
Manager user interface to update the basic backup configuration. You cannot use the user
interface to define filters.
The SAS Content Server contains content that is associated with metadata objects including content for
the SAS Information Delivery Portal, report definition files, other supporting files for reports including
PDF files and images, and content for SAS solutions.
You can use the Deployment Backup and Recovery tool to back up the SAS Content Server.
Alternatively, if you are storing SAS Content Server content in the file system, you can back it up
as follows:
1. As a best practice, stop either the SAS Web Application Server or the SAS Content Server before
making the backup.
2. Use operating system commands or third-party tools to copy all of the files and subdirectories from
the following path:
SAS-configuration-directory/Lev1/AppData/SASContentServer/Repository
If you need to back up just a subset of the SAS Content Server, you can use the WebDAVDump
and WebDAVRestore utilities. For instructions, see SAS Usage Note 38667.
96
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The Deployment Backup and Recovery tool is a collection of commands that provides an integrated
method for backing up and recovering your SAS content across multiple tiers and machines. The tool is
installed on the middle tier as part of the SAS Web Infrastructure Platform. It connects with the SAS
Deployment Agent on each middle-tier and server-tier host machine.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-66 Chapter 3 Understanding SAS® Metadata and the Metadata Server
97
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The SAS Backup Manager interface, which is new with the third maintenance release of SAS 9.4, enables
you to perform most of the functions of the Deployment Backup and Recovery tool. In previous SAS
releases, these functions were available only through batch commands.
Backup Schedule
98
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-67
Coordination of Backups
The two backup tools provided by SAS coordinate their backup schedules to
avoid conflicts.
• The SAS Metadata Server Backup and Recovery Facility is scheduled to run
by default at 1:00 a.m. local machine time every day except Sunday.
• The SAS Deployment Backup and Recovery Tool performs a scheduled
backup each Sunday at 1:00 a.m. local machine time.
99
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The backup schedules might be modified as appropriate for your deployment. However, be sure not to
schedule the Deployment Backup and Recovery tool to run at the same time as the stand-alone metadata
server backups. Also, if you schedule multiple backups per day, be sure to leave enough time for each
backup job to complete before the next scheduled backup starts.
All components, except for the metadata server, are backed up to the following
path on each host machine: SA S-configuration-directory/Lev1/Backup/Vault
The directory is created on each
machine the first time a backup
is executed.
100
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
By default, backup files are stored locally on the same machine where the backed up component is
located.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-68 Chapter 3 Understanding SAS® Metadata and the Metadata Server
For metadata server backups, the tool uses the backup files that are created by the metadata server backup
utility. The tool copies these files to SAS-configuration-directory/Lev1/Backup/Vault on the metadata
server machine.
If metadata server clustering is configured, the files are copied to the initially configured metadata server.
101
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The SAS Deployment Wizard enables you to specify a central vault location during the installation and
configuration process, if you have a homogeneous operating system environment. Otherwise, you can use
either SAS Backup Manager or the sas-update-backup-config command to specify a central vault
location. A homogeneous environment is one in which all of the host machines that are included in the
backup are in the same operating system family. For example, Solaris and HP-UX machines are both
considered to be in the UNIX operating system family.
Effective with the second maintenance release for SAS 9.4, the local backups are deleted from SAS-
configuration-directory/Lev1/Backup/Vault on each host machine after they are successfully copied. (The
original metadata server backups that were created by the metadata server backup utility are not deleted.)
Caution: Immediately after creating or modifying the central vault configuration, it is strongly
recommended that you perform a backup with either SAS Backup Manager or the
sas-backup command. You cannot recover using local backups after a central vault has
been defined.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-69
/CentralBackupVault - S t ep 1
S h a red stora ge
/MetadataBackupByFacility - S t ep 2
102
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Step 1:
1. A backup is created on each participating host machine and stored locally in /SAS-configuration-
directory/Lev1/Backup. This includes SAS components (Configuration files, WIP database, SAS
Content server repositories, custom directories), except for SAS Metadata Server content.
2. Metadata server content backup is getting created with SAS metadata Server Backup Utility and
stored in a location configured for this utility (on the diagram, this is /MetadataBackupByFacility in
a Shared storage). Local Backup history files are updated.
Step 2:
1. For non-metadata content, backup files are copied from local storage (/SAS-configuration-
directory/Lev1/Backup) to Central Backup Vault
2. For metadata content, backup files are copied from /MetadataBackupByFacility to Central Backup
Vault. Central Backup Vault Backup History file is updated.
Backup and Recovery Logs
The log file on the middle-tier machine reports errors and warnings about the tool:
SAS-config-directory /Lev1/Web/Logs/SASServer1_1/SASDeploymentBackup9.4.log
For backup, recovery, and purge operations, log files are created in the directories where local backups
are stored. The default location is:
SAS-config-directory/Lev1/Backup/Logs/<backup-ID>
Information about server-side activity: SAS-config-directory/Lev1/Backup/backupserver.log
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-70 Chapter 3 Understanding SAS® Metadata and the Metadata Server
By default, the SASDeploymentBackup9.4.log reports only errors and warnings. If you want to set
different logging levels, you can do so by editing SASDeploymentBackup-log4j.xml, which is located in
SAS-configuration-directory/Lev1/Web/Common/LogConfig/.
The Deployment Backup and Recovery Tool has the following limitations:
• Host machines on which the SAS Deployment Agent is not installed are
excluded from backups.
• The tool backs up only SAS content and configuration information. It does
not back up your SAS software.
• If you are using a third-party vendor database (instead of the SAS Web
Infrastructure Platform Data Server) for the SharedServices database, the
Deployment Backup and Recovery Tool cannot back it up.
• The tool does not back up the entire contents of your SAS configuration
directories, only Data directories, the SASEnvironment directories, and the
server configuration directories for each server on the SAS server tier.
103
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
For commands that require input data, you supply the data using the JavaScript Object Notation (JSON)
format. Sample JSON files are provided in SAS-installation-
directory/SASPlatformObjectFramework/9.4/tools/admin/conf/sample.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-71
SAS binaries and • After initial install Any tool that will clone the operating
associated files • After each hot fix, patch, and system, all applications, and home
maintenance update directory of the account used to
install SAS
SAS deployment files • After any change to the files SAS Deployment Backup and
• Daily Recovery Tool or SAS Environment
Manager
SAS application files • After any changes to the files Any tool
that cannot easily be
reproduced
• Daily
104
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
105
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Disaster-recovery planning is important for any critical business system, including production systems
running the SAS Intelligence Platform and SAS solutions.
Because the implementation of the SAS Intelligence Platform and SAS solutions is often highly
customized and each customer can have different requirements for replicating SAS content, there is no
single tool or process that comprehensively meets all of the SAS disaster-recovery needs.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-72 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: Disaster recovery is not the same as high availability. Though both concepts are related to
business continuity, high availability is about providing undisrupted continuity of operations
whereas disaster recovery involves some amount of downtime, typically measured in days.
sas-list-backups Display details about backups and recoveries that are recorded in backup history,
including backups that were purged due to the retention policy.
sas-set-backup- Specify days and times that are to be added to the deployment backup schedule.
schedule
sas-set-backup- Display detailed information about the contents of a specific backup that was
source-content taken from a particular source on a particular host machine.
sas-remove-backup- Remove specified days and times from your deployment backup schedule.
schedule
sas-display-backup- List the configuration properties that are currently in effect for your deployment
config backups.
sas-update-backup- Update the backup configuration properties that are in effect for your
config deployment.
sas-update-backup- Specify custom directories that are to be backed up (in addition to the directories
config included by default). Each directory must be located under SAS-configuration-
directory/Levn on a host machine where the Deployment Backup and Recovery
tool is installed.
sas-recover-offline Perform a full or partial recovery when some of the resources in the deployment
are unavailable or have been taken offline to prevent user activity.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-73
When submitting a deployment backup or recovery command, you must provide the following connection
options to log on to the SAS Web Application Server:
-host host-name Identifies the host machine for the SAS Web Server. If your deployment does
not include SAS Web Server, specify the host machine for the SAS Web
Application Server.
-port port Specifies the port on which the SAS Web Server runs. If your deployment does
not include SAS Web Server, specify the port on which the SAS Web
Application Server runs.
-protocol Specifies the communication protocol that is used by the specified host machine
HTTP|HTTPS and port. If the option is not specified, the default protocol (HTTP) is assumed.
You can specify this option either on the command line or in the file that is
specified in the –profile option.
-profile filename Specifies the name of a file that contains the host, port, user ID, and password
options. It can also contain the –protocol option. A sample profile file named
environment.properties is in the SAS-installation-
directory/SASPlatformObjectFramework/9.4/tools/admin/conf/sample.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-74 Chapter 3 Understanding SAS® Metadata and the Metadata Server
This demonstration illustrates how to use a command to list the deployment schedule and locate the
Backup Manager in SAS Environment Manager.
1. The SAS Deployment Agent must be running on every machine that has a SAS deployment.
We will start the Agent using SAS Environment Manager. Open SAS Environment Manager if not
already open.
Note: You can also start the SAS Deployment Agent in the Operating System or it can be started in
SAS Deployment Manager.)
For Windows Server use Window Services.
For Linux Server the command is located in the SASHome directory: SASHome
Directory/SASDeploymentAgent/9.4. The command to start the agent is agent.sh start.
The command to check the status of the agent is agentadmin.sh stat up.
2. Sign in as Ahmed with password Student1.
3. Go to Resources Servers and select sasserver SAS Deployment Agent 1.0.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-75
5. Under Quick Control section, select Start from the drop down menu next to Control Action: and
click the arrow to the right.
6. Navigate to the location where the Deployment Backup tools are installed.
/opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools/admin
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-76 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: For SAS 9.4 M3 release and prior you must maximize the Administration window.
Maximizing the window addresses Problem Note 56368: The SAS® Backup Manager module
in SAS® Environment Manager Administration does not open, even after several minutes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-77
10. Click the Side menu button in the SAS Environment Manager banner and select SAS Backup
Manager.
Note: The SAS Backup Manager takes several minutes to discover the assets in your deployment
that are available for backup.
11. Select Policy from the drop-down menu. The Policy page displays the following:
a. Diagram (Source View and Machine View) – displays a tree diagram of the currently defined
backup sources. To see a different view of the diagram:
Click the Source View button in the toolbar to display a node for each backup source.
Under each backup source, a child node is displayed for each host machine for that source.
Click the Machine View button in the toolbar to display a node for each host machine.
Under each machine, child nodes are displayed for the backup sources that are on the machine.
When a diagram is displayed, you can do the following:
Zoom in or out by clicking the diagram to select it and then pressing the Ctrl key while
scrolling the mouse wheel.
If parts of the diagram are not visible, drag the entire diagram right, left, upward, or
downward.
Click a node to collapse its child nodes.
Click the node again to expand it so that its child nodes reappear.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-78 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: You can also use the sas-display-backup-config command to display the backup policy.
Backup sources are discovered automatically. The sources are displayed in the Source View and
Machine View diagrams, and they are also listed at the bottom of the Configuration Details pane.
To view additional information about a source, click the Collapsed arrow ( ) to the left of the
source name. The following information is displayed:
Host – the host name of the machine where the source is located.
Included – indicates whether the source is currently included or excluded from backups.
This setting cannot be changed in the SAS Backup Manager user interface. To include or
exclude a backup source, use the command sas-update-backup-config.
Operating System – the host name of the machine where the source is located.
Configurable Path – the path to the configuration directory for this source. This field is not
applicable to all source types.
SAS Config – the path to the Levn directory that is associated with this backup source.
Includes and Excludes – lists any filters that are associated with this backup source. Filters are
applied using the batch commands via JSON files.
The source information is for display only. To filter physical data or add or remove tiers,
servers, or database instances from the backup configuration, use the sas-update-backup-
config command.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-79
You can modify this scheduled backup here by clicking the Add button or Edit button in the
toolbar.
For example, if you add a row, a new row is added to the schedule with the default time (1:00 a.m.)
and default day (Sunday) selected. In the new row, click the Time field. Use the time selector to
specify the additional backup start time and then click OK.
You can verify the updated backup schedule using the Deployment Backup and Recovery tool batch
command sas-list-backup-schedule.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-80 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Exercises
11. Using Backup Manager to Run an Unscheduled Backup and View the Backup Contents
The third maintenance release for SAS 9.4 includes SAS Backup Manager, an easy-to-use interface
for the Deployment Backup and Recovery tool. You can use SAS Backup Manager for the following
tasks:
view backup and recovery history
run an immediate (ad hoc) backup
view the backup configuration
modify the backup configuration (except backup filters and custom directories)
view information about backup and recovery sources
view and modify the backup schedule
In previous SAS 9.4 releases, these functions were available only through batch commands.
SAS Backup Manager can be accessed from the Administration tab of SAS Environment Manager.
a. Start the SAS Deployment Agent using SAS Environment Manager.
1) Open SAS Environment Manager . (Go to a web browser on the client machine and select
SAS Environment Manager from the Favorites bar or you can type in the following URL:
http://sasserver.demo.sas.com:7080 .) Sign in as sasadm@saspw with password Student1.
Note: In order to run a full backup, you must be logged in to SAS Environment Manager
as sasadm@saspw with the password Student1.
2) Go to Resources Servers and select sasserver SAS Deployment Agent 1.0.
3) Select Control.
4) Under Quick Control section, select Start from the drop down menu next to Control
Action: and click the arrow to the right.
Note: You can also start the SAS Deployment Agent in the Operating System, or it can be
started in SAS Deployment Manager.
For Windows Server use Window Services.
For Linux Server the command is located in the SASHome directory: SASHome
Directory/SASDeploymentAgent/9.4. The command to start the agent is agent.sh start.
The command to check the status of the agent is agentadmin.sh stat up.
2) Click the Side menu button in the SAS Environment Manager banner and select SAS
Backup Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-81
Note: The SAS Backup Manager takes several minutes to discover the assets in your
deployment that are available for backup.
The drop-down menu shows the following selections:
History – view information about a particular backup or recovery
Policy – view details of the current backup policy
Schedule – view and modify the current backup schedule
Keep the current selection, History.
c. Run an unscheduled backup.
1) With History selected in the drop-down menu, select the Start Backup button in the upper
right of the SAS Backup Manager Window.
2) Provide a meaningful name and comment for the backup. The backup name must be unique.
Both the name and comment are optional and are recorded in backup history and displayed in
the backup’s Operation Details.
3) Select Start.
A notification is displayed when the backup starts and when it is completed.
4) To see the status of the backup on the History page, refresh your browser.
Note: Recoveries cannot be run from SAS Backup Manager. Instead, use the sas-recover-
offline command.
d. View the list of Sources. Click the backup to display the details. It might take a minute to load the
data.
The sources for the currently selected backup or recovery are listed in the right pane, below the
operation details. Items appear only as they complete. For example, you might see only the
Metadata Server at first after running the back up. (If you are viewing details for a recovery, only
the sources that were recovered are listed.)
The status icon next to each source indicates the status of its backup or recovery.
By default, the backup sources include the following:
Metadata Server
Content Server
Config Directories
Database
Note: Custom might also be listed. This means additional directories under SAS-configuration-
directory/Levn, as specified by the administrator, were backed up or recovered.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-82 Chapter 3 Understanding SAS® Metadata and the Metadata Server
To view details about a particular backup or recovery source, click the Collapsed arrow ( ) to the
left of the source name. The following details are displayed:
the host name of the machine where the source is located
the status of the source’s backup or recovery
the directory location of the source’s local backup files on the host machine
the total size of the backup files for this source
the directory location of the source’s configuration files
the operating system of the source’s host machine
i. Place your mouse pointer over each of the databases in the Web Infrastructure Platform Data
Server 9.4 node. Notice that many of the databases are relatively small in size.
m. Find this location on the server’s local file system. There is a directory for each of the sources
listed in Backup Manager.
Navigate to /opt/sas/config/Lev1/Backup/Vault.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.5 Backing Up the SAS Environment 3-83
n. Click the Collapsed arrow ( ) to the left of the Metadata Server and examine the Backup
Location.
Why is this location different from the others?
Verify that the content for the Metadata Server backup specified by the Backup Manager is the
same as the metadataserver directory in the backup vault location.
12. Displaying the Backup Configuration Using Batch Tools
a. Navigate to the location where the Deployment Backup tools are installed.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-84 Chapter 3 Understanding SAS® Metadata and the Metadata Server
3.6 Solutions
Solutions to Exercises
1. Exploring Metadata Pointers in SAS Management Console and the Contents of the Metadata
Server Directory
a. On your client machine, log on to SAS Management Console as Ahmed with the password
Student1. (SAS Management Console is listed under the start menu.)
b. Where is all the metadata physically stored? Expand the Metadata Manager plug-in.
Select Active Server.
The metadata is stored in repositories. Most metadata is stored in the Foundation repository.
Every metadata server has exactly one Foundation repository.
c. Where is the Foundation repository physically located? Under Active Server, select Foundation.
The Foundation repository is a foundation-type repository. The repository path indicates where
the content of the Foundation repository is stored. It is a relative path.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-85
The metadata is stored in specially formatted SAS data sets. You should never access these tables
directly. While the metadata server is running, these tables are locked. Any access (query, update,
and so on) to these must be done via the metadata server. If you do not use the metadata server
to access these tables, you risk corrupting the metadata.
Note: Metadata queries that are made using SAS applications, PROC METADATA, batch tools
for metadata management, or DATA step functions are processed by the metadata server.
2. Checking the Availability of the Metadata Server in SAS Environment Manager
In the SAS platform, the metadata server is the most critical component. It must always be running
and responsive. In this exercise, you check the availability and health of the metadata server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-86 Chapter 3 Understanding SAS® Metadata and the Metadata Server
a. Open Internet Explorer or Google Chrome on the client machine and select SAS Environment
Manager on the Favorites toolbar.
Note: You can use the Search field and type in Metadata Server. Make sure All Server Types
is selected in the second field, and then select the to the far right.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-87
g. If the metadata server is overusing virtual memory (too much page swapping), that could indicate
trouble, and might cause slow responses. Metrics that will be helpful are these:
Process Page Faults Per Minute
Time in Calls Per Minute
Not all metrics for this resource, the metadata server, are displayed by default, such as Time in
Calls Per Minute.
h. Select All Metrics in the drop-down list on the left to see a list of all the metrics for this resource.
(Currently Problem Metrics is displayed in the drop-down list.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-88 Chapter 3 Understanding SAS® Metadata and the Metadata Server
i. Add the Time in Calls Per Minute to the list of metrics displayed, by clicking the black arrow
next to the metric.
j. Move the Time in Calls Per Minute and Process Page Faults Per Minute to the top using the up
arrow to the right of the named metric.
k. Click Apply next to View: Update Default located above the Availability metric and to the right.
Note: You want to know how much the metadata server is having to use disk space because it
does not have enough memory available to it. Paging is when individual memory
segments, or pages, are moved to or from the swap area. When memory is low, portions
of a process are moved to use disk space as a temporary place to store information that it
would normally just hold in memory. This is called swapping to disk. When a process
needs to swap some data from disk to memory so that it can access the data in memory, a
page fault occurs. It is an event that occurs because the page of memory the process
wanted is currently not in memory; it is held on the swap file on the disk. Thus, when a
page fault occurs, the operating system knows that it needs to swap the data that the
process wants back into memory, and will swap some other existing data from memory to
the disk to free up the required memory so that there is room for the required page.
One of the metrics available from the OS that describes what a process does when it
enters this memory-constrained state is the number of page faults (swaps between disk
and memory) per period of time. We can see this metric for the process examined here,
the SAS metadata server.
You expect some degree of virtual memory swapping (page faults), which is normal, but
if you see a trend of increase over time, then you should probably investigate.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-89
l. The data for the past 8-hour time period is displayed. Change this to a 30-minute interval. Use the
Last (number)/(Unit) drop-down list to change the length of the time period displayed. Click OK.
(You can use the Previous Page/Next Page buttons to scroll through earlier time periods as well.)
m. Select the Metric Data button to display the data underlying the charts.
You see all of the metrics displayed here in a tabular table, whereas with the Indicators selected
there is only a subset showing, unless you add a metric to be displayed (step i).
Note: You can also click the chart icon next to an entry in the table to see a chart of that
metric. However, the chart is different from the indicator chart.
n. Select Alert.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-90 Chapter 3 Understanding SAS® Metadata and the Metadata Server
o. Select Configure. How many alerts are configured? 7 How many alerts are active? 5
There are built-in alerts because Extended Monitoring has been enabled in this environment.
(Extending Monitoring is discussed in a later chapter.)
Note: Two alerts that might be useful are “Metadata Server ERROR message in log” and
“Metadata User Lockout.” If either of these alerts are fired, you might want to check the
logs for the metadata server to get more details about why these events are happening.
p. Click Metadata Time in Calls per Minute to look at the alert definition.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-91
2) Type in a search string (for example, ‘config’) and Resource type (for example, ‘SAS Config
Level Dir’).
b. Use the Search menu and the resource level selector to locate the following resources:
Servers
SAS Spawners (1 object and 1 connect spawner—search on the string “spawner”)
SAS OLAP Server
SAS Home Directory
SAS Config Level Directory
Services
SAS Workspace Server
SAS Stored Process Server
Note: The SAS spawners, the metadata server, and OLAP server are at the Servers level in the
platform hierarchy. The SAS Application Server Tier is considered a Platform. The SAS
Logical workspace servers and SAS Logical stored process servers are at the Services
level in the platform hierarchy.
c. Open SAS Management Console and log on as Ahmed using the password Student1. Expand
Server Manager plug-in. The components above conform to the servers shown here.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-92 Chapter 3 Understanding SAS® Metadata and the Metadata Server
4. Using the Export SAS Package Wizard to Examine Dependencies and Associations between
Metadata Objects
The Export SAS Package Wizard and Import SAS Package Wizard enable you to promote individual
metadata objects or groups of objects from one SAS deployment to another or from one folder
location to another within the same deployment. The wizards display the associations
and dependencies between metadata objects.
a. In SAS Management Console, on the Folders tab, expand the Orion Star folder. Right-click
the Marketing Department folder and select Export SAS Package.
b. Accept the defaults and click Next. (You are not going to create this package,
so the location and options will not matter.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-93
c. Under the Data folder, select Orion Star Customers. The Dependencies tab identifies
the metadata objects on which the Orion Star Customers table depends.
d. Click the Used By tab. The Used By tab identifies the metadata objects that depend
on the Orion Star Customers table.
e. Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-94 Chapter 3 Understanding SAS® Metadata and the Metadata Server
a. First, find the metadata object type for a stored process. In SAS Management Console, under
the Folders tab, navigate to System Types. Right-click Stored process and select Properties.
Click the Advanced tab. Find the value for TypeName. This will be used for the type option
when using the batch tool.
b. Navigate to the location of the SAS batch tools and run the sas-list-objects batch tool to list
all stored processes in the Orion Star Marketing Department. How many objects were
found?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-95
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-96 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-97
a. Automatic loading of relationship data is configured by default. Look at the configuration details
in SAS Management Console.
1) Open SAS Management Console and log on as Ahmed using the password Student1.
2) On the Plug-ins tab, select Application Management Configuration Manager
SAS Application Infrastructure Web Infra Platform Services 9.4.
3) Under Web Infra Platform Services 9.4, right-click RelationshipContentService and select
Properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-98 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: You can configure a different schedule for the loading and cleaning process here (or
set the schedule if you are using a release earlier than the third maintenance release).
If you make any schedule changes, you must restart the SAS Web Application Server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-99
1. Navigate to /opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-100 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: If your environment was SAS 9.4 but prior to M3, you would first need to run the sas -
relationship-loader batch tool first and load all relationships to the database before
running reports in steps b and c. The steps are below.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-101
d. The first time you run the Relationship Loader tool, consider specifying the -loadAll option so
that relationships will be loaded for all content objects in the SAS Folders tree. Doing so ensures
that the Relationship Reporter tool (sas-relationship-reporter) has all of the information that it
needs to produce accurate and complete reports.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-102 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-103
c. Under the BI Lineage plug-in, expand Orion Star Marketing Department Information Map
Scan Information Maps SAS Folders Orion Star Marketing Department and
select Information Maps. These are the objects that were examined during the lineage scan.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-104 Chapter 3 Understanding SAS® Metadata and the Metadata Server
There are two types of lineage results: high level and low level. High-level results illustrate
connections between high-level objects such as tables, reports, information maps, cubes,
and stored processes. Low-level results illustrate connections to other low -level objects such
as columns, hierarchies, or data items.
The results that you viewed in the last step are high-level results.
f. Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-105
g. Right-click Orion Star Gold Orders Cube and select Properties. Right-click Average Quantity
and select Low Level Lineage. Examine the Report and Graph tabs.
h. Click Cancel.
8. Exploring the Backup Schedule and Backup Configuration in SAS Management Console
a. In SAS Management Console, on the Plug-ins tab, expand Metadata Manager
Metadata Utilities. Right-click Server Backup and select Backup Schedule.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-106 Chapter 3 Understanding SAS® Metadata and the Metadata Server
When did the last automatic backup occur? Did it invoke the Reorganize Repositories option?
Click Cancel.
b. Expand Metadata Manager Metadata Utilities. Right-click Server Backup and select
Backup Configuration. Where are the metadata server backups stored? And how many days of
backups are stored there?
Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-107
How many backup subdirectories are there in the Backups directory? Does this match the number
of usable backups in the backup history pane in SAS Management Console?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-108 Chapter 3 Understanding SAS® Metadata and the Metadata Server
3) Click OK.
b. Verify that the backup is marked with a green check mark in the backup history.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-109
c. Verify that the backup directory was created and populated in the backup destination.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-110 Chapter 3 Understanding SAS® Metadata and the Metadata Server
b. Wait a few minutes and create another new folder. Include the current time in the name.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-111
f. Provide comments for the backup history and for the server that you paused. Use the
ROLLFORWARD option to restore the metadata from the last backup to a time immediately
after you created the first folder but before you created the second folder.
Click OK.
g. Resume the metadata server by expanding Metadata Manager. Right-click Active Server and
select Resume.
Switch to the Folders tab. Verify that only the first folder now appears on the Folder tab.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-112 Chapter 3 Understanding SAS® Metadata and the Metadata Server
11. Using Backup Manager to Run an Unscheduled Backup and View the Backup Contents
The third maintenance release for SAS 9.4 includes SAS Backup Manager, an easy-to-use interface
for the Deployment Backup and Recovery tool. You can use SAS Backup Manager for the following
tasks:
view backup and recovery history
run an immediate (ad hoc) backup
view the backup configuration
modify the backup configuration (except backup filters and custom directories)
view information about backup and recovery sources
view and modify the backup schedule
In previous SAS 9.4 releases, these functions were available only through batch commands.
SAS Backup Manager can be accessed from the Administration tab of SAS Environment Manager.
a. Start the SAS Deployment Agent using SAS Environment Manager.
1) Open SAS Environment Manager . (Go to a web browser on the client machine and select
SAS Environment Manager from the Favorites bar, or you can type in the following URL:
http://sasserver.demo.sas.com:7080 .) Sign in as sasadm@saspw with password Student1.
Note: In order to run a full backup, you must be logged in to SAS Environment Manager
as sasadm@saspw with the password Student1.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-113
3) Select Control.
4) Under Quick Control section, select Start from the drop down menu next to Control
Action: and click the arrow to the right.
Note:You can also start the SAS Deployment Agent in the Operating System, or it can be
started in SAS Deployment Manager.
For Windows Server use Window Services.
For Linux Server the command is located in the SASHome directory: SASHome
Directory/SASDeploymentAgent/9.4. The command to start the agent is agent.sh start.
The command to check the status of the agent is agentadmin.sh stat up.
b. Access Backup Manager in SAS Environment Manager.
1) Click the Administration tab in SAS Environment Manager. When the Administration page
appears, maximize the window.
2) Click the Side menu button in the SAS Environment Manager banner and select SAS
Backup Manager.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-114 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Note: The SAS Backup Manager takes several minutes to discover the assets in your
deployment that are available for backup.
Notice that the drop-down menu shows the following selections:
History – view information about a particular backup or recovery
Policy – view details of the current backup policy
Schedule – view and modify the current backup schedule
2) Provide a meaningful name and comment for the backup. The backup name must be unique.
Both the name and comment are optional and are recorded in backup history and are
displayed in the backup’s Operation Details.
3) Select Start.
A notification is displayed when the backup starts and when it is completed.
4) To see the status of the backup on the History page, refresh your browser.
Note: Recoveries cannot be run from SAS Backup Manager. Instead, use the sas-recover-
offline command.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-115
d. View the list of Sources. Click the backup to display the details. It might take a minute to load the
data.
The sources for the currently selected backup or recovery are listed in the right pane, below the
operation details. If you are viewing details for a recovery, only the sources that were recovered
are listed.
The status icon next to each source indicates the status of its backup or recovery.
By default, the backup sources include the following:
Metadata Server
Content Server
Config Directories
Database
Note: Custom might also be listed. This means additional directories under SAS-configuration-
directory/Levn, as specified by the administrator, were backed up or recovered.
To view details about a particular backup or recovery source, click the Collapsed arrow ( ) to the
left of the source name. The following details are displayed:
the host name of the machine where the source is located
the status of the source’s backup or recovery
the directory location of the source’s local backup files on the host machine
the total size of the backup files for this source
the directory location of the source’s configuration files
the operating system of the source’s host machine
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-116 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-117
f. Hold the mouse pointer on a node to see the size of the files that were backed up or recovered.
g. Click the node sasserver.demo.sas.com under the Database node. The child node of Web
Infrastructure Platform Data Server 9.4 appears under the Database tree.
h. Click the node Web Infrastructure Platform Data Server 9.4. The databases that are a part of
the node appear.
The green check mark in the bottom right of the node indicate its backup status. The green check
indicates that the backup or recovery was completed without errors or warnings.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-118 Chapter 3 Understanding SAS® Metadata and the Metadata Server
i. Place your mouse pointer over each of the databases in the Web Infrastructure Platform Data
Server 9.4 node. Notice that many of the databases are relatively small in size.
m. Find this location on the server’s local file system. There is a directory for each of the sources
listed in Backup Manager.
Navigate to D: \sas\config\Lev1\Backup\Vault.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-119
n. Click the Collapsed arrow ( ) to the left of the Metadata Server and examine the Backup
Location.
Why is this location different from the others? This is where the metadata server backups are
stored by default.
Verify that the content for the Metadata Server backup specified by the Backup Manager is the
same as the metadataserver directory in the backup vault location.
Navigate to /opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools/admin.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-120 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-121
True
False
The Metadata Server knows the location of the Repository Manager because
it is specified in the following file:
a. sasv9_usermods.cfg
b. sasv9.cfg
c. omaconfig.xml
d. logconfig.xml
24
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-122 Chapter 3 Understanding SAS® Metadata and the Metadata Server
70
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
72
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3.6 Solutions 3-123
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
3-124 Chapter 3 Understanding SAS® Metadata and the Metadata Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 4 Understanding Initial
Authentication and Administering
Users, Groups, and Roles
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.1 Exploring Initial Authentication to the Metadata Server 4-3
Objectives
3
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
4
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-4 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
S AS Information Map
S t udio
S A S Add-In for
M i crosoftOffice
Connection Profile Connection Profile
S A S Enterprise Guide
(ConfigurationV71.xml)
M etadata S erver
i (sasserver.swa)
S A S OLAP Cube Studio
S A S Management Console
5
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Web-based applications connect through the SAS Logon Manager, a web application that handles all
authentication requests for SAS web applications. As a result, users see the same sign-in page when they
access any of the SAS web applications.
Connection Profiles
6
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.1 Exploring Initial Authentication to the Metadata Server 4-5
The Connection Profile window enables a user to open an existing profile, edit an existing profile,
or create a new profile. Profiles are stored locally on the user’s machine:
C:\Users\Student\AppData\Roaming\SAS\MetadataServerProfiles. If there are no profiles on the
machine, the user is prompted to create one before logging on. In that location, Java applications have the
connection information in .swa files. Windows applications are in a file named ConfigurationV71.xml.
(The version might be different.)
SAS Management
Console 6
1
i
Metadata Server
4
2 3
Object
Spawner
Authentication Provider
13
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-6 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
5. The metadata server determines which metadata identity owns the user ID. Based on the metadata
identity, the metadata server can determine what level of access Ahmed has to the metadata. Access
to the metadata server is set in the repository ACT (access control template). Only users with
ReadMetadata and WriteMetadata in the repository ACT, named Default ACT by default, are allowed
to connect to the metadata server.
6. The metadata server sends a credential handle to the application so that when the application requests
information from the metadata server, it can pass the handle. The metadata server then knows
the metadata identity of the user.
22
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
1. The client asks Windows for a token that represents the user who is currently logged on to the client
computer.
2. Windows provides the token to the client.
3. The client sends the Windows token to the metadata server. Notice that only the token is sent. The
user's password is not available to the metadata server.
4. The metadata server sends the token back to Windows for verification.
5. Windows tells the metadata server that the token is valid.
6. The metadata server identifies the user and verifies that the user was granted access to the metadata
in the repository ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.1 Exploring Initial Authentication to the Metadata Server 4-7
Note: There are limitations to IWA for servers on UNIX. In order to use IWA on UNIX platforms:
For the first maintenance release for SAS 9.4 on all platforms, you must purchase, install,
and configure an additional third-party product (Quest Authentication Services 4.0).
For the second maintenance release for SAS 9.4 on Linux platforms, you must ensure that
a shared library that implements the GSSAPI with Kerberos 5 extensions is installed and
configured to allow authentication against your Active Directory domain or Kerberos
realm. Quest Authentication Services fulfills this requirement, as do the krb5 packages
provided in supported operating system distributions and in various third-party solutions.
When you use IWA on UNIX, only Kerberos connections are supported. (There is no
support for NTLM on UNIX.) If you use IWA for a UNIX workspace server that makes
outbound Kerberos requests, the service principal account in Active Directory must have
the trusted for delegation to all services privilege.
For additional information about Integrated Windows Authentication, refer to SAS® 9.4 Platform
Intelligence: Security Administration Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-8 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Exercises
1) Open Internet Explorer and select SAS Environment Manager on the Favorites toolbar.
2) On the Sign In to SAS page, enter Ahmed in the User ID field and Student1 in the
Password field. Click SIGN IN.
5) Select Users.
6) Click to bring up a drop-down list on which you can filter. Select User.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.1 Exploring Initial Authentication to the Metadata Server 4-9
1) Start SAS Management Console, if it is not already open. (Select Start All Programs
SAS SAS Management Console 9.4.) If you are already logged on, go to step 4.
4) After you are connected, you can see the name of the user logged on, the machine that hosts
the metadata server, and the port in the lower right corner of SAS Management Console.
Note: You can deselect the Show Groups and Show Roles options to see only a list of
users.
Note: You can use the Options dialog box in the User Manager plug-in to change your
default view from View All to Search. This becomes your default view. This is useful
if you have many user identities.
6) Right-click Jacques and select Properties.
7) Go to the Accounts tab to see the ID that is used for initial authentication to the metadata
server.
8) Click Cancel.
2. Exploring Connection Profiles
Connection profiles are stored in files on the user’s desktop, but stored passwords are encrypted.
Examine an existing connection profile.
a. On the client machine, use Windows Explorer to navigate to
C:\Users\student\AppData\Roaming\SAS\MetadataServerProfiles. View the contents
of ConfigurationV71.xml, using a text editor such as Notepad.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-10 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Note: If the AppData folder is hidden, you can enter the path into Windows Explorer or unhide
the folder. To unhide it, in Windows Explorer, select Organize Folder Search
options. On the View tab, select Show hidden files, folders, and drives.
On the View tab, clear the Hide extensions for known file types check box.
Click OK.
b. Open SAS Enterprise Guide. Select File New Program. In the Program window, enter the
following code:
proc pwencode in="Student1";
run;
c. Click Run.
d. On the Log tab, locate the value that begins with {sas002}. Does the value match the password
value in the ConfigurationV71.xml file?
Note: A password string beginning with {sas002} is encoded using the SAS Proprietary
algorithm.
/opt/sas/config/Lev1/SASMeta/MetadataServer/Logs
D:\SAS\Config\Lev1\SASMeta\MetadataServer\Logs
2) Scroll down closer to the bottom and look for the name of the user ID that was used to log
on to SAS Enterprise Guide. (Otherwise, you can simplify the search by using the Find tool
for the name. Hold down the Ctrl key and press F.)
3. Exploring the omaconfig.xml File
The omaconfig.xml file is the start-up file for the SAS Metadata Server. You can specify changes
to standard features of the SAS Metadata Server, the repository manager, and policies related to
internal users in this file.
a. Open the omaconfig.xml file.
Navigate to /opt/sas/config/Lev1/SASMeta/MetadataServer.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.1 Exploring Initial Authentication to the Metadata Server 4-11
b. What is the setting in this file that governs saving a password in a connection profile?
Note: For a few solutions desktop clients (for example, SAS Model Manager, SAS Enterprise
Miner, and SAS Forecast Studio), the ability to store credentials in client-side connection
profiles is instead controlled by the Policy.AllowClientPasswordStorage property. To
access this property, open the Plug-ins tab of SAS Management Console and navigate to
Application Management Configuration Manager SAS Application
Infrastructure. Right-click and select Properties Settings Policies Allow client
password storage.
c. What is the default value? What other values are possible?
Note: To find the possible values, go to support.sas.com and search Reference Information
for omaconfig.xml.
d. If you make changes to this file, what steps need to be performed?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-12 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
4.01 Poll
True
False
25
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If you make changes to the omaconfig.xml file what would you need to do to
ensure the changes are in effect:
a. Nothing
b. Make sure no users are connected to the metadata server
c. Pause the metadata server
d. Restart the metadata server
27
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.2 Administer ing Users and Groups 4-13
A SAS user cannot log on to SAS Enterprise Guide. Here is the message that
is received:
Objectives
32
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-14 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Registering Users
For accountability, each person who uses the SAS environment should have
an individual SAS metadata identity.
Users
This allows
• control over a user’s access to metadata resources
Ellen
33
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
In order to make access distinctions and track user activity, a security system must know who is making
each request.
Registering Users
A user’s metadata identity includes a copy of the external account that the
user uses to log on to SAS applications.
34
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
In the platform, the primary user administration task is to store each user’s external account ID in the SAS
metadata. All of a user’s metadata-layer memberships, permissions, and capabilities are ultimately tied to
the user’s SAS identity.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.2 Administer ing Users and Groups 4-15
Note: It is not necessary to store passwords in the SAS metadata for the purpose of identifying a user.
SAS identity is determined by examining stored user IDs, not by examining stored passwords.
• You cannot assign the same fully qualified external account to two different
identities.
35
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Caution: Do not use spaces or special characters in the name of a user, group, or role.
Not all components support spaces and special characters in identity names.
Note: In SAS 9.4, you cannot change the name of an existing user, group, or role in SAS Management
Console.
All of the logons that include a particular ID must be owned by the same identity. This requirement
enables the metadata server to resolve each ID to a single identity. This requirement is case insensitive
and applies to the fully qualified form of the ID.
To enable multiple users to share an account, store the credentials for that account in a logon as part
of a group definition. Then add the users who share the account as members of that group definition.
If you give a user two logons that contain the same ID, the logons must be associated with different
authentication domains. Authentication domains are discussed later in this chapter.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-16 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Group Identities
• populate roles
Sales
Marketing
36
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
37
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.2 Administer ing Users and Groups 4-17
Only the verification phase varies; the SAS identity phase is always the same.
You need a well-formed user definition for each user who is not a PUBLIC-only
identity.
P U BLIC
V erification phase
S A S USERS
Id entification phase
38
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Susan
Bill
Jacques Individual SAS identity
User account? User account?
User account? User definition? User definition?
39
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-18 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Identity Hierarchy
S el f S el f
P UB LIC
HR R ep ort
C reator
S A S US ERS S A S US ERS
F i n ance
P UB LIC P UB LIC
40
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
41
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
There are other programmatic methods that can be used to create metadata identities.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.2 Administer ing Users and Groups 4-19
Exercises
a. Open Internet Explorer and select SAS Environment Manager on the Favorites toolbar. On the
Sign In to SAS page, enter Ahmed in the User ID field and Student1 in the Password field.
Click SIGN IN.
b. Click the Administration tab, which opens in another browser.
c. Click the Side menu button in the upper left of the page.
d. Select Users.
e. Click the New user/group button located in the upper right toolbar.
f. Select New User. Enter the name Ben and click Save.
g. Add the following information under the appropriate drop-down menu categories:
Note: Use the Add button to add information for each property.
Note: Be sure to save your changes by clicking the Save button in the upper right toolbar
after every entry that you make. An asterisk to the left of the drop-down menu property is
shown if the values have not been saved.
Basic Properties:
Name Ben
External Identities:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-20 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Accounts:
Windows server: sasserver\Ben
Account User ID
Linux server: Ben
DefaultAuth
Account Authentication Domain
Contact Information:
City Cary
State/Province NC
Country USA
Member of:
Finance
Group
h. Save your changes by clicking the Save button in the upper right toolbar.
Name Ben
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.2 Administer ing Users and Groups 4-21
City Cary
State/Province NC
Country USA
Group Finance
Windows server: sasserver\Ben
Account User ID
Linux server: Ben
e. Select Users.
f. Click to bring up a drop-down list on which you can filter. Select User.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-22 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
44
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Objectives
47
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-23
The user import macros enable the batch import and synchronization of user
and group identity information from a provider such as LDAP into the SAS
metadata.
This process follows these general steps:
• Extract information from your authentication provider.
• Extract information from the SAS metadata.
• Compare the sets of tables and identify additions and updates that need
to be made to the metadata.
• Validate the changes.
• Load the updates into the metadata.
48
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The synchronization process performs two extractions (one from your authentication provider and another
from the SAS metadata) and then loads updates into the metadata.
Canonical tables define the standard attributes and associations for identity metadata objects. A canonical
table is a table with a fixed, predefined structure constructed to hold user and group information.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-24 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-25
• Keyid must be
unique and
unchanging.
• Tables and columns
must be present but
do not all have to be
used.
The keyids in the person table (users), idgrps table (groups and roles), and authdomain table
(authentication domains) tie each of those primary objects to its related information.
In the metadata, the keyid value is stored as an external identity. For each keyid column, use a fixed,
enterprise-wide identifier. For example:
In the person table, consider using an employee identification number, user ID, or saMAcountName (a
default schema for AD).
In the idgrps table, consider using group names (or LDAP Distinguished Names).
In the authdomain table, consider using authentication domain names.
The authentication domain name can serve as the keyid because the metadata server enforces uniqueness
across authentication domain names.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-26 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
External Identities
An external identity is a value used to map the user information in the SAS
metadata to the information from the authentication provider.
An external identity
• must be unique to each user or group and unchanging
• must exist as a field in the user or group information
in the authentication provider and in the SAS metadata
• is used during the synchronization process to compare information stored
in metadata to information from the authentication provider.
Example: An employee account name or employee ID is often used as
the external identity value.
51
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If you need to perform periodic synchronization and want existing users and groups that you created
manually to be included in the process, add the appropriate external identity value to the user or group
metadata identity.
52
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-27
Linux Server
sample programs:
/opt/sas/SASHome/SASFoundation/9.4/samples/base
import macros:
/opt/sas/SASHome/SASFoundation/9.4/sasautos
Windows Server
sample programs:
D:\Program Files\SASHome\SASFoundation\9.4\core\samples
import macros:
D:\Program Files\SASHome\SASFoundation\9.4\core\sasmacro
The usage of these import macros is well documented under “User Import Macros” in the appendix of
®
SAS 9.4 Intelligence Platform Security Administration Guide.
IMPORTAD.SAS Program
Connection parameters
for the Active Directory
Server include the
following:
• host
• port
• baseDN
user search
group search
• user
• password
53
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-28 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
It uses filters to segment retrieval. It might be necessary to alter the filters to better fit the contents of
your Active Directory server. The filters are defined in sections 3 of the code (user extraction) and
section 4 (group extraction).
It will not import membership information for a group that has more than 1500 members.
Additional macro variables that you will change for each environment:
Keyidvar External identity value for each LDAP attribute that contains a unique and
metadata user that this program unchanging value for each user.
creates
ADExtIDTag A label for all metadata items that Used in the Context field of the external
this program creates identity in metadata
Distinguished Name:
Made up of attribute value pairs
OU=US,DC=na,DC=SAS,DC=com
54
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-29
In the example, we are searching from the base distinguished name DC=na, DC=SAS, DC=com, starting
at the organizational unit US.
You can use a free LDAP/AD browser to view the hierarchy and identify the required values.
The program calls two in-line macros to do the import. Before the call, you
can filter which users or groups to import. The filters are built in the LDAP
query syntax.
filter="&(region=OH)
Filter on any attribute defined
(employeeID=*)) "; for a user: Only users in the
%ldapextrpersons Ohio region that have an
employee ID.
filter="(&(&(displayName>=A)
(displayName<=C)) The sample code calls the
(employeeID=*) )"; macro multiple times for a
%ldapextrpersons range of users each time.
55
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-30 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
https://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-31
Imported Identity
ADExtIDTag Keyid
56
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
57
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-32 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Exercises
D:\Workshop\spaft\Metids
D:\Workshop\spaft\Updates
D:\Workshop\spaft\Extids
Note: You can also run makefolders.bat in the same directory to create the folders.
c. Make sure that permissions are set on these directories to allow for Full Control.
Note: On the Linux server, you can use WinSCP or the chmod command.
d. On the client machine, use SAS Enterprise Guide to open the LoadUsers.sas program.
1) Select File Open Program.
2) Navigate to My Computer Local Disk (D:) Workshop spaft.
3) Select LoadUsers and click Open.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.3 Using Import Macros 4-33
4) At the top of the program, there is an OPTIONS statement. Verify that the values are the
following:
options metaserver="sasserver"
metauser="Ahmed"
metapass="Student1";
The extids folder holds the tables of user and group information from the external source.
The %mduimpc macro defines canonical tables, and the DATA step is used to extract data
from an external source and append them to the tables. However, this program has the data
directly in the DATA step.
Note: Nine users will be added to metadata: Jennifer, Megan, Peter, Alex, Katie,
James, Cecily, Jim, Ray
Note: All of the groups in the program will be added to metadata. (You can compare the
information in the group table to the groups currently listed in the User Manager
plug-in to see this.)
Note: The group members table (&idgrpmemstbla) is adding users to groups based on
the external identity.
The metids folder holds the tables of user and group information from the metadata.
The %mduextr macro extracts identity information from metadata and adds them to user
and groups tables in the metids library.
The updates folder holds the user and group updates.
The %mducmp macro compares user and group information to metadata and populates
the updates library with this information.
The %mduchgv macro validates changes from the tables in the metids library and the
updates library
The %mduchglb macro loads the changes into metadata.
e. Run the program. Review the log and search for errors.
Note: You can disregard this warning: Character expression will be truncated when assigned
to character column filter.
If no errors are found, close SAS Enterprise Guide.
Use SAS Environment Manager or SAS Management Console to verify that the new users and
groups were created. Verify that the group membership is correct.
Report Content Creators Ellen, Eric, Gloria, Harvey, Jacques, Kari, Stephanie
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-34 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
f. The usage of these import macros is well documented under “User Import Macros” in the
appendix of SAS® 9.4 Intelligence Platform Security Administration Guide.
The macros and sample programs importad.sas and importpw.sas are located under the SAS
installation directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.4 Exploring Internal Accounts and Internal Authentication Mechanis ms 4-35
Objectives
61
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-36 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
SAS Trusted User A service identity that can act on behalf of other
sastrust@saspw users.
SAS Anonymous Web User A service identity that functions as a surrogate for
webanon@saspw users who connect without supplying credentials.
63
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The SAS Anonymous Web User (webanon) is an optional account that can be used to grant web clients
anonymous access to certain SAS Web Infrastructure Platform applications (SAS BI Web Services and
SAS Stored Process Web Application). This anonymous account is configured with the SAS Deployment
Wizard and is applicable only when SAS authentication is being used. If web authentication is used, the
web application server processes authentication requests, and this anonymous account has no effect.
For more information, see “Public Access and Anonymous Access” in SAS® 9.4 Intelligence Platform:
Security Administration, Second Edition.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.4 Exploring Internal Accounts and Internal Authentication Mechanis ms 4-37
64
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
A supporting feature of internal authentication mechanisms unifies the SAS realm and provides a degree
of independence from your general computing environment.
Internal Accounts
65
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
By initial policy, these server-level settings for internal account policies are in effect.
Accounts do not expire and are not suspended due to inactivity.
Passwords must be at least six characters, do not have to include mixed case or numbers, and do not expire.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-38 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
The five most recent passwords for an account cannot be reused for that account.
There is no mandatory time delay between password changes.
After three failed attempts to log on, an account is locked. If an account is locked because of logon
failures, further logon attempts cannot be made for one hour.
For an account that has a password expiration period, there is a forced password change on the first us e
after the password is reset by someone other than the account owner.
An internal account has the format userID@saspw.
If you need to unlock an internal account and you have the necessary host access, do the following:
1. Edit the adminUsers.txt file to create a new unrestricted user by adding the fully qualified user ID
preceded by an asterisk. Restart the metadata server for the change to take effect.
2. Log on to SAS Management Console with the new unrestricted user and unlock the account.
3. Verify that the account is unlocked by logging on to SAS Management Console with the account.
Remove the unrestricted user that you added from the adminUsers.txt file and restart the metadata server.
66
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Internal Authentication
1. At a logon prompt, sasadm@saspw and password are entered. The client sends those credentials
to the metadata server for verification.
2. The metadata server recognizes that the ID is for an internal account (because the ID has the @saspw
suffix), so the metadata server checks the credentials against its list of internal accounts.
3. After validating the ID and password, the metadata server accepts the client connection.
The connection is accepted using the SAS identity associated with the internal account.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.4 Exploring Internal Accounts and Internal Authentication Mechanis ms 4-39
Internal authentication alone is not sufficient to allow a user access to a standard workspace server
because a host account is required.
Caution: Internal accounts are not designed to be used as end users.
continued...
Metadata Users and Groups
P UBLIC
Initial users
S A SUSERS
S A S A dministrator
sasad m@saspw
S A S Environment
M an ager Service
S A S Trusted User A c c ount
sast rust@saspw sasev @saspw
S A S Demo User
ex t ernal account
67
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Trusted User: This is a privileged service account that can act on behalf of other users on a
connection to the metadata server. No user should log on directly as a trusted user, except to perform
certain administrative tasks associated with the SAS Information Delivery Portal.
SAS Administrator: In default installations, it is an internal user account that is known only to SAS
and that is authenticated internally in metadata. When internal authentication is used, it is not necessary
for this user to have a local or network account. The SAS Administrator user account has privileges that
are associated with the Metadata Server: Unrestricted role. In addition, the SAS Administrator account
is initially a member of the SAS Administrators group.
SAS Environment Manager Service Account: Effective with the first maintenance release for SAS 9.4,
the SAS Environment Manager Service Account is required for communications between the SAS
Environment Manager agent and the SAS Environment Manager server. The account also enables
SAS Environment Manager plug-ins to access the SAS Metadata Server.
This account is an internal user account that is known only to SAS and that is authenticated internally
in metadata. The account has privileges that are associated with the Metadata Server: Unrestricted role
and is initially a member of the SAS Administrators group and the SAS Environment Manager Guests
group.
Optional Accounts
SAS Demo User: Serves as a generic end user when you are testing any of the SAS client applications.
The default user ID is sasdemo, and the user’s account is defined in metadata and in the operating system
of the metadata server machine and the workspace server machine.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-40 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
SAS Anonymous Web User: Is used to grant clients access to applicable SAS Web Infrastructure
Platform components. When web clients request access to web services, they are not prompted for
credentials but instead are granted access under this user account. In default installations, this user
is an internal user.
continued...
Metadata Users and Groups
PUBLIC Initial
Initial users groups
SASUSERS
S A S S ystem
SAS Administrator
s a sadm@saspw
S erv ices
SAS Trusted User
SAS
SAS EnvironmentManager
S e rvice Account S A S EV App
A d minist rators
s a s ev@saspw S erver Tier Users S A S Administrator
S AS Trusted User SAS EV Service
A c c oun t
S A S EV Service
s a s trust@saspw S A S EV Super Users A c count
S A S Ad ministrator
S A S General
S erv ers
s assrv and pw
SAS EV Guests
68
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS Administrators: a standard group for metadata administrators. By default, this group is granted
broad access to the metadata and has all roles other than the Metadata Server: Unrestricted role.
SAS System Services: a standard group for service identities that need to read server definitions or other
system resources.
SAS General Servers: a standard group whose members can be used for launching stored process servers
and pooled workspace servers.
SAS Environment Manager User groups: standard groups for SAS Environment Manager users. These
groups are new with the first maintenance releases for SAS 9.4. The groups include SAS Environment
Manager Guests, SAS Environment Manager App Server Tier Users, and SAS Environment Manager
Super Users. Users that are members of these groups are mapped to user definitions in SAS Environment
Manager with corresponding SAS Environment Manager roles. For more information, see “Controlling
Access to SAS Environment Manager” in SAS® Environment Manager: User’s Guide.
There might be other initial groups depending on your SAS software and solutions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.4 Exploring Internal Accounts and Internal Auth entication Mechanis ms 4-41
SAS EV Guests
O rion Star …
S A S Ad ministrator Us ers
A n alysts
S ales
M arketing custom groups
M anagers
69
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-42 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Exercises
m. Click the Groups Roles and Users stored process. Click Run. You should see the newly added
users.
n. Expand Products SAS Environment Manager Nightly Reports Audit Reports (Log
Forensic).
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.4 Exploring Internal Accounts and Internal Authentication Mechanis ms 4-43
o. Run the Group Changes and User Accounts Added stored processes to see what was logged
when users were added.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-44 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Objectives
73
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Roles determine which user interface elements (such as buttons, tabs, and
menu items) are visible to which users. For example, role memberships
determine who can see the Server Manager plug-in in SAS Management
Console, or who can see the Compare Data Task as a menu choice in SAS
Enterprise Guide.
Here are some applications that
support roles:
• SAS Add-In for Microsoft Office
• SAS Enterprise Guide
• SAS Management Console
• SAS Studio
• SAS Web Report Studio
74 • SAS Visual Analytics
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.5 Administer ing Roles and Administrative Identities 4-45
Roles can be accessed and managed from the Administration page in SAS Environment Manager or the
User Manager plug-in in SAS Management Console.
Not all applications have roles.
Role Capabilities
The various features in applications that are under role management are called
capabilities. Each role has application capabilities that are assigned to it.
no capabilities selected
75
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Not all application features are under role management. Each application that supports roles provides a
fixed set of capabilities. You cannot convert a feature that is not a capability into a capability.
You can add existing roles to a current role under the Contributing Roles tab. Capabilities from
a contributing role cannot be removed individually.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-46 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Role Features
76
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
77
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.5 Administer ing Roles and Administrative Identities 4-47
Roles
78
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
79
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The capabilities for the SAS Management Console roles also affect controlling access to modules on the
Administration page of SAS Environment Manager:
Data Library Manager controls access to the Libraries module
Folders View controls access to the Folders module
Server Manager controls access to the Servers module
User Manager controls access to the Users module
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-48 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
In order to control which SAS Management Console plug-ins (and the Folders tab) are under role
management, select Tools Plug-in Manager. Only unrestricted users can access the Plug-in Manager.
Administrative Roles
The metadata server roles have implicit capabilities. This means that the default capabilities for these
roles cannot be viewed or modified. However, additional capabilities can be added to these roles.
Unrestricted users can use only those logons that are assigned to them (or to groups to which they
belong). They do not automatically have implicit capabilities that are provided by components other than
the metadata server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.5 Administer ing Roles and Administrative Identities 4-49
Administrative Tasks
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-50 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Exercises
a. In SAS Environment Manager, on the Administration page, click Side menu and then select
Users.
b. Click to bring up a drop-down list on which you can filter. Select Role.
c. Open the properties of the Enterprise Guide: Advanced role by right-clicking the role and
selecting Open.
d. Remove the group PUBLIC as the current member. From the drop-down menu, select Members.
e. Click the Edit button in the upper right toolbar. Highlight PUBLIC and move the identity to
the left by selecting the arrow pointing to the left. Click OK.
f. Click the Save button in the upper right toolbar. Click Close.
g. Right-click the Enterprise Guide: Analysis role and select Open.
h. Add Gloria to the Current Members by selecting Members in the drop-down menu.
k. Click the Save button in the upper right toolbar. Click Close.
l. Open SAS Enterprise Guide and connect as Marcel using the password Student1.
m. On the status bar, select Functions. Which capabilities does Marcel have?
n. Change the connection to connect as Gloria. On the status bar, select Functions. Compare the list
of authorized functions to the list of capabilities in the Enterprise Guide: Analysis role.
Do the lists match?
o. Close SAS Enterprise Guide.
p. In SAS Environment Manager, open the properties of the Enterprise Guide: Advanced role
and add the group PUBLIC back to Current Members. Save the changes.
q. Open the properties of the Enterprise Guide: Analysis role. Remove Gloria from Current
Members. Save the changes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.5 Administer ing Roles and Administrative Identities 4-51
b. Log on to SAS Management Console. Use the external Christine account with the Student1
password. Open a second instance of SAS Management Console and log on using the
AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? How are they different?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-52 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
a. Log on to SAS Management Console as Ahmed. The BI Lineage plug-in by default is not under
role management. Select Tools Plug-in Manager. Enable role-based access for the BI Lineage
plug-in by selecting the box next to the plug-in. Click OK. Click Yes in the pop-up box to save
changes.
b. In the User Manager plug-in, create the following role:
Name: BI Lineage Scan
Description: Members of this role can view scan results.
Members: Data Integrators
Capabilities (expand Management Console 9.4 Plug-ins): Select Data Library Manager,
User Manager, BI Lineage, and Folder View.
Click OK to save new role.
c. You must update the BI Lineage repository’s Default ACT to grant ReadMetadata permissions.
1) On the Plug-ins tab, select BILineage from the Repository drop-down list.
2) Expand the Authorization Manager plug-in. Expand the Access Control Templates folder.
Access the properties window for the Default ACT.
3) Click the Permission Pattern tab. Click Add and select the Data Integrators group. When
you add the group, the Authorization Manager automatically grants the group the
ReadMetadata permission.
4) Click OK.
d. Verify that a member of the Data Integrators group can see the BI Lineage plug-in in SAS
Management Console and can view scan results. Log on to SAS Management Console as Kari, a
member of the group.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-53
4.6 Solutions
Solutions to Exercises
1. Exploring the Initial Connection to the Metadata Server
This exercise demonstrates the initial authentication process to the metadata server.
a. On the client machine, select Start All Programs SAS SAS Enterprise Guide 7.1.
Close the Welcome to SAS Enterprise Guide window. Place the pointer on the words My Server
in the lower right of the application interface, and you see the user who is logged on.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-54 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
e. Click Save.
g. Click Close.
h. An Error window appears. Click Show Details. How is sas identified by the metadata server?
Note: At initial deployment, the implicit group, PUBLIC, is denied access to all metadata
through the Repository ACT. The authorization layer of the SAS environment is
discussed in a later chaper.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-55
i. Click Close.
j. Click Modify to change the login back to Jacques. You can choose to select Save login in profile.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-56 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
l. Use SAS Environment Manager or SAS Management Console to look at the properties of
Jacques.
1) Open Internet Explorer and select SAS Environment Manager on the Favorites toolbar.
2) On the Sign In to SAS page, enter Ahmed in the User ID field and Student1 in the
Password field. Click SIGN IN.
5) Select Users.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-57
6) Click to bring up a drop-down list on which you can filter. Select User.
8) Click the drop-down arrow next to Basic Properties and select Accounts to see the ID that is
used and stored with the metadata identity for initial authentication to the metadata server.
9) Click Close in the upper right to close out of the metadata properties for Jacques.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-58 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
1) Start SAS Management Console, if it is not already open. (Select Start All Programs
SAS SAS Management Console 9.4.) If you are already logged on, go to step 4.
3) When prompted, enter Ahmed in the User ID field and Student1 in the Password field.
Click OK.
4) After you are connected, you can see the name of the user logged on, the machine that hosts
the metadata server, and the port in the lower right corner of SAS Management Console.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-59
Note: You can use the Options dialog box in the User Manager plug-in to change your
default view from View All to Search. This becomes your default view. This is useful
if you have many user identities.
6) Right-click Jacques and select Properties.
7) Go to the Accounts tab to see the ID that is used for initial authentication to the metadata
server.
8) Click Cancel.
2. Exploring Connection Profiles
Connection profiles are stored in files on the user’s desktop, but stored passwords are encrypted.
Examine an existing connection profile.
a. On the client machine, use Windows Explorer to navigate to
C:\Users\Student\AppData\Roaming\SAS\MetadataServerProfiles. View the contents
of ConfigurationV71.xml, using a text editor such as Notepad.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-60 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
d. On the Log tab, locate the value that begins with {sas002}. Does the value match the password
value in the ConfigurationV71.xml file?
Note: A password string beginning with {sas002} is encoded using the SAS Proprietary
algorithm.
e. Close SAS Enterprise Guide.
f. View the metadata server log. Verify the SAS Enterprise Guide initial connection to the metadata
server.
1) Open the most recent metadata server log.
/opt/sas/config/Lev1/SASMeta/MetadataServer/Logs
D:\SAS\Config\Lev1\SASMeta\MetadataServer\Logs
2) Scroll down closer to the bottom and look for the name of the user ID that was used to log
on to SAS Enterprise Guide. (Otherwise, you can simplify the search by using the Find tool
for the name. Hold down the Ctrl key and press F.)
3. Exploring the omaconfig.xml File
The omaconfig.xml file is the start-up file for the SAS Metadata Server. You can specify changes
to standard features of the SAS Metadata Server, the repository manager, and policies related to
internal users in this file.
a. Open the omaconfig.xml file.
Navigate to /opt/sas/config/Lev1/SASMeta/MetadataServer
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-61
b. What is the setting in this file that governs saving a password in a connection profile?
SASSEC_LOCAL_PW_SAVE= which specifies whether users of desktop applications can
save their user IDs and passwords in a local metadata connection profile.
Note: For a few solutions desktop clients (for example, SAS Model Manager, SAS Enterprise
Miner, and SAS Forecast Studio), the ability to store credentials in client-side connection
profiles is instead controlled by the Policy.AllowClientPasswordStorage property. To
access this property, open the Plug-ins tab of SAS Management Console and navigate to
Application Management Configuration Manager SAS Application
Infrastructure. Right-click and select Properties Settings Policies
Allow client password storage.
c. What is the default value? Y What other values are possible?
SASSEC_LOCAL_PW_SAVE="1 | Y | T | 0 | N | F"
Note: To find the possible values, go to support.sas.com and search Reference Information
for omaconfig.xml.
d. If you make changes to this file, what steps need to be performed?
1) Make sure there is a backup of the file.
2) The Metadata Server needs to be restarted.
a. Open Internet Explorer and select SAS Environment Manager on the Favorites toolbar. On the
Sign In to SAS page, enter Ahmed in the User ID field and Student1 in the Password field.
Click SIGN IN.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-62 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
d. Select Users.
e. Click the New user/group button located in the upper right toolbar.
f. Select New User. Enter the name Ben and click Save.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-63
g. Add the following information under the appropriate drop-down menu categories:
Note: Use the Add button to add information for each property.
Note: Be sure to save your changes by clicking the Save button in the upper right toolbar
after every entry that you make. An asterisk to the left of the drop-down menu property is
shown if the values have not been saved.
Basic Properties:
Name Ben
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-64 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
External Identities:
Accounts:
Windows server: sasserver\Ben
Account User ID
Linux server: Ben
Contact Information:
City Cary
State/Province NC
Country USA
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-65
Member of:
Group Finance
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-66 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
h. Save your changes by clicking the Save button in the upper right toolbar.
Name Ben
City Cary
State/Province NC
Country USA
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-67
e. Select Users.
f. Click to bring up a drop-down list on which you can filter. Choose User.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-68 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Which groups is Eric directly a member of? Marketing, Marketing Managers, Report Content
Creators
Which groups is Eric indirectly a member of? Orion Star Users, Power Users
Which groups is Eric implicitly a member of? PUBLIC, SASUSERS
i. Click Close in the upper right to close out of the metadata properties for Eric.
6. Loading Users and Groups with User Import Macros
a. On the client machine, use SAS Management Console to perform an ad hoc backup.
1) Log on to SAS Management Console as Ahmed using the Student1 password.
2) Expand Metadata Manager Metadata Utilities. Right-click Server Backup and select
Run Backup Now.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-69
/opt/sas/ Workshop/spaft/Updates
/opt/sas/Workshop/spaft/Extids
Use WinSCP. Right-click in /opt/sas/Workshop/spaft and select New Directory.
D:\Workshop\spaft\Metids
D:\Workshop\spaft\Updates
D:\Workshop\spaft\Extids
Note: You can also run makefolders.bat in the same directory to create the folders.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-70 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
c. Make sure that permissions are set on these directories to allow for Full Control.
Note: On the Linux server, you can use WinSCP or the chmod command.
Note: Nine users will be added to metadata: Jennifer, Megan, Peter, Alex, Katie, James,
Cecily, Jim, Ray
Note: All of the groups in the program will be added to metadata. (You can compare the
information in the group table to the groups currently listed in the User Manager
plug-in to see this.)
Note: The group members table (&idgrpmemstbla) is adding users to groups based on
the external identity.
The metids folder holds the tables of user and group information from the metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-71
The %mduextr macro extracts identity information from metadata and adds them to user
and groups tables in the metids library.
The updates folder holds the user and group updates.
The %mducmp macro compares user and group information to metadata and populates the
updates library with this information.
The %mduchgv macro validates changes from the tables in the metids library and the
updates library
The %mduchglb macro loads the changes into metadata.
e. Run the program. Review the log and search for errors.
Note: You can disregard this warning: Character expression will be truncated when assigned
to character column filter.
If no errors are found, close SAS Enterprise Guide.
Use SAS Environment Manager or SAS Management Console to verify that the new users and
groups were created. Verify that the group membership is correct.
f. The usage of these import macros is well documented under “User Import Macros” in the
appendix of SAS® 9.4 Intelligence Platform Security Administration Guide.
The macros and sample programs importad.sas and importpw.sas are located under the SAS
installation directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-72 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
These stored processes generate reports that display information about the metadata that is stored on
the SAS Metadata Server, such as Groups Roles and Users Metadata Content. Because we
added users and groups in the previous section, we want to ensure that the imported identities
show up in the reports by manually running log collection, log centralization and the APM
ETL processes.
a. Log on to SAS Environment Manager as Ahmed using the password Student1.
b. Select Resources Browse Services and search for collection.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-73
d. Next to Control Action, select Collect from the drop-down menu and click the arrow to the right
to run the collection process.
e. After the log collection has run, run the Log Centralization service to collect the logs from the
local landing zone to a landing zone on the SAS Environment Manager Enablement Kit Server.
g. Next to Control Action, select Run from the drop-down menu and click the arrow to the right to
run the centralization process. Wait for the process to complete.
h. Finally, run the APM ETL process, which parses the logs in the central landing zone.
Go to Resources Browse Service and search for APM. (Or you might see it at the top of
the list.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-74 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
i. Select the APM ETL Processing service and then select Control.
j. Select Run from the drop-down menu next to Control Action and click the arrow to the right to
run the collection process. Wait for the process to complete.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-75
m. Click the Groups Roles and Users stored process. Click Run. You should see the newly added
users.
n. Expand Products SAS Environment Manager Nightly Reports Audit Reports (Log
Forensic).
o. Run Group Changes and User Accounts Added stored processes to see what was logged when
users were added.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-76 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
a. In SAS Environment Manager, on the Administration page, click Side menu and then select
Users.
b. Click to bring up a drop-down list on which you can filter. Select Role.
c. Open the properties of the Enterprise Guide: Advanced role by right-clicking the role and
selecting Open.
d. Remove the group PUBLIC as the current member. From the drop-down menu, select Members.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-77
Highlight PUBLIC and move the identity to the left by selecting the arrow pointing to the left.
Click OK.
f. Click the Save button in the upper right toolbar. Click Close.
g. Right-click the Enterprise Guide: Analysis role and select Open.
h. Add Gloria to the Current Members by selecting Members in the drop-down menu.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-78 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
j. Enter Gloria in the search field. Highlight Gloria on the left and move her to the right by
selecting the arrow pointing to the right. Click OK.
k. Click the Save button in the upper right toolbar. Click Close.
l. Open SAS Enterprise Guide and connect as Marcel using the password Student1.
m. On the status bar, select Functions. Which capabilities does Marcel have?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-79
n. Change the connection to connect as Gloria. On the status bar, select Functions. Compare the list
of authorized functions to the list of capabilities in the Enterprise Guide: Analysis role.
Do the lists match? Yes
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-80 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
q. Open the properties of the Enterprise Guide: Analysis role. Remove Gloria from Current
Members. Save the changes.
a. In the User Manager plug-in in SAS Management Console, open the properties of the Enterprise
Guide: Advanced role. Remove the group PUBLIC as a current member. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-81
b. Open the properties of the Enterprise Guide: Analysis role. Add Gloria to the Current Members
list box. Click OK.
c. Open SAS Enterprise Guide and connect as Marcel using the password Student1.
d. On the status bar at the bottom, select Functions. Which capabilities does Marcel have?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-82 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
e. Change the connection to connect as Gloria. On the status bar, select Functions. Compare
the list of authorized functions to the list of capabilities in the Enterprise Guide: Analysis role.
Do the lists match? Yes
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-83
h. Open the properties of the Enterprise Guide: Analysis role. Remove Gloria from the Current
Members list box. Click OK.
Authentication DefaultAuth
Domain:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-84 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
1) In SAS Environment Manager, go to the Administration page. Click Side menu and
select Users.
2) Click the Add User/Group/Role button in the upper right toolbar and select New User.
3) Enter Christine in the Name and Display Name fields and click Save.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-85
6) Enter Orion in the search field. Highlight Orion Star Users and use the arrow pointing to the
right to move the identity to the Direct member of pane.
Enter Data I in the search field. Highlight Data Integrators and use the arrow pointing to the
right to move the identity to the Direct member of pane.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-86 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
7) Click OK.
8) Click the Save button.
11) Enter the user ID that is appropriate for the server. Click the Save button.
sasserver\Christine
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-87
13) Click the Add User/Group/Role button in the upper right toolbar and select New
User.
14) Enter AdminChristine in the Name field and Administrator | Christine in the Display
Name field and click Save.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-88 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
17) Enter SAS Administrators in the search field. Highlight SAS Administrators and use the
arrow pointing to the right to move the identity to the Direct member of pane.
Enter Metadata in the search field. Highlight Metadata Server: Unrestricted and use the
arrow pointing to the right to move the identity to the Direct member of pane.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-89
22) Click the button to the right of Internal Account to create an internal account.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-90 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
23) Enter Student1 in the New Password field and again in the Confirm field. Click Save.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-91
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-92 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-93
9) Click the Groups and Roles tab. Hold down the Ctrl key. Select Metadata Server:
Unrestricted and SAS Administrators. Click to move these to the Member of list box.
10) Click the Accounts tab and click Create Internal Account. This is located at the bottom.
Verify that the internal user ID is AdminChristine@saspw. Enter Student1 in the New
Password and Confirm Password fields. Click OK twice.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-94 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
b. Log on to SAS Management Console. Use the external Christine account with the Student1
password. Open a second instance of SAS Management Console and log on. Use the
AdminChristine@saspw account.
How are the two instances of SAS Management Console similar? There are some of the same
plug-ins.
How are they different? There are many more available plug-ins for AdminChristine@saspw.
10. (Optional) Creating a Role
Create a role that enables the Data Integrators group to have access to the BI Lineage plug-in
and permission to view scan results. There are three steps:
Enable role-based access for the BI Lineage plug-in.
Create the role so that the Data Integrators group can see a limited number of plug-ins
in SAS Management Console, including the BI Lineage plug-in.
Give the group permission to view scan results.
a. Log on to SAS Management Console as Ahmed. The BI Lineage plug-in by default is not under
role management. Select Tools Plug-in Manager. Enable role-based access for the BI Lineage
plug-in by selecting the box next to the plug-in. Click OK. Click Yes in the pop-up box to save
changes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-95
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-96 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
2) Expand the Authorization Manager plug-in. Expand the Access Control Templates folder.
Open the properties window for the Default ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-97
3) Click the Permission Pattern tab. Click Add and select the Data Integrators group. When
you add the group, the Authorization Manager automatically grants the group the
ReadMetadata permission.
4) Click OK.
d. Verify that a member of the Data Integrators group can see the BI Lineage plug-in in SAS
Management Console and can view scan results. Log on to SAS Management Console as Kari,
a member of the group.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-98 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
True
False
26
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If you make changes to the omaconfig.xml file what would you need to do to
ensure the changes are in effect:
a. Nothing
b. Make sure no users are connected to the metadata server
c. Pause the metadata server
d. Restart the metadata server
28
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4.6 Solutions 4-99
A SAS user cannot log on to SAS Enterprise Guide. Here is the message that
is received:
45
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
4-100 Chapter 4 Understanding Initial Authentication and Administering Users, Groups, and Roles
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 5 Managing SAS®
Compute Servers and Spawners
5.1 Understanding SAS Compute Servers ......................................................................... 5-3
Demonstration: Monitoring SAS Servers and Sessions from SAS Management
Console ...................................................................................................... 5-20
Exercises .............................................................................................................................. 5-22
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-3
Objectives
3
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Servers
SAS Servers
Metadata Server Whether users enter their own code, execute
a stored process, or enable SAS applications to
SAS Workspace Server generate code for them, the code is executed
SAS Pooled Workspace
Server
on a SAS server. Each server type has different
SAS Stored Process capabilities.
Server
SAS Grid Servers
SAS OLAP Server
4
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-4 Chapter 5 Managing SAS® Compute Servers and Spawners
5
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS token authentication is when the metadata server generates and validates a single-use identity token
for each authentication event.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-5
continued...
Connecting to a SAS Workspace Server
i
3
1
2
SAS Enterprise Guide 4 Metadata Server
Metadata
Repositories
Object 7
Spawner
Authentication Provider
14
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
1. Using the established connection to the metadata server, SAS Enterprise Guide requests access
to a workspace server.
2. The metadata server searches the metadata for the workspace server in question.
3. The metadata server retrieves the name of the machine hosting the workspace server, the port
on which the object spawner listens for request for this server, and the authentication domain
associated with the workspace server.
4. The connection information is returned to SAS Enterprise Guide.
5. SAS Enterprise Guide uses the connection information to make the request for a workspace server.
If the authentication domain for the server matches that of the initial inbound login, SAS Enterprise
Guide passes along the credentials as well.
Note: If the server is assigned a different authentication domain, SAS Enterprise Guide searches
its in-memory list of credentials for Jacques for credentials with the appropriate authentication
domain. If none is found, SAS Enterprise Guide queries the metadata server for credentials for
Jacques for that particular authentication domain (outbound login). If none is found, Jacques
is prompted for credentials.
6. The object spawner sends Jacques’ credentials to its authentication provider. The default
authentication provider is the host.
7. The authentication provider verifies that the credentials are valid.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-6 Chapter 5 Managing SAS® Compute Servers and Spawners
continued...
Connecting to a SAS Workspace Server
Metadata
Repositories
10 9
Object
Spawner
Authentication Provider
18
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
8. The object spawner launches the workspace server. It uses the launch command that was retrieved
from the metadata at start-up. The workspace server runs under the credentials provided
by SAS Enterprise Guide and authenticated by the host.
9. The object spawner provides SAS Enterprise Guide with a TCP connection to the workspace server
session.
10. SAS Enterprise Guide communicates directly with the workspace server.
continued...
Connecting to a SAS Workspace Server
Metadata
Repositories
Object
Spawner
Authentication Provider
19
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-7
11. SAS Enterprise Guide submits one or more requests for processing. Results are returned
to SAS Enterprise Guide as appropriate.
i
Metadata Server
Metadata
Repositories
Object
Spawner
Authentication Provider
20
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
12. After Jacques closes SAS Enterprise Guide, the workspace server session ends.
Note: The connection could close earlier if there is a TCP time-out.
21
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-8 Chapter 5 Managing SAS® Compute Servers and Spawners
22
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
23
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The stored process metadata properties determine which type of server the stored process is executed
on, where the source code is stored, and the type of output that is produced.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-9
Stored processes are typically executed on a stored process server but can
also be executed on a workspace server.
24
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-10 Chapter 5 Managing SAS® Compute Servers and Spawners
SAS Stored Process Servers interact with SAS by executing stored processes.
Each stored process server
• handles multiple users
• is reused for subsequent requests
• is owned by a shared identity
• includes load-balancing settings that the object spawner uses to distribute
requests between the server processes.
25
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
continued...
Connecting to a Stored Process Server
i
1
2
SAS Enterprise Guide 4 Metadata Server
Metadata
Repositories
6
5
9
Object
Spawner
Authentication Provider
35
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
1. Using the established connection, SAS Enterprise Guide requests access to a stored process server.
2. The metadata server searches the metadata for the stored process server in question.
3. The metadata server retrieves the machine name hosting the stored process server, the port on which
the object spawner listens for request for this server, and a token.
Note: A SAS identity token is a single-use, proprietary software representation of an identity.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-11
continued...
Connecting to a Stored Process Server
Metadata
Repositories
11
13 12
10
Object
Spawner
Authentication Provider
40
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
10. The object spawner launches the stored process server. It uses the launch command that it retrieved
from the metadata at start-up. The stored process server runs under shared credentials.
11. The object spawner provides SAS Enterprise Guide with a TCP connection to the stored process
server. During the execution of the stored process, metadata server requests are done as an individual
user, and operating system requests are done as the shared account.
12. SAS Enterprise Guide communicates directly with the stored process server. SAS Enterprise Guide
submits a request to execute a stored process.
13. The results from the stored process are returned to SAS Enterprise Guide as appropriate.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-12 Chapter 5 Managing SAS® Compute Servers and Spawners
continued...
Connecting to a Stored Process Server
Metadata
Repositories
Object
Spawner
Authentication Provider
41
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
After the execution of the stored process is complete, the stored process server is available for reuse
by other requests from the same or a different user.
continued...
Connecting to a Stored Process Server
16
i
14
15
SAS Enterprise Guide 17 Metadata Server
Metadata
Repositories
19
18
20
Object
Spawner
Authentication Provider
49
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
14. Using the established connection, SAS Enterprise Guide requests access to a stored process server.
15. The metadata server searches the metadata for the stored process server in question.
16. The metadata server retrieves the machine name hosting the stored process server, the port on which
the object spawner listens for request for this server, and a token.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-13
continued...
Connecting to a Stored Process Server
Metadata
Repositories
23 22 21
Object
Spawner
Authentication Provider
53
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
21. If there is an available stored process server, the object spawner provides SAS Enterprise Guide with
a TCP connection to the stored process server.
22. SAS Enterprise Guide communicates directly with the stored process server to submit a request
to execute a stored process.
23. The results from the stored process are returned to SAS Enterprise Guide as appropriate.
Note: The stored process server can be reused by the same user or by a different user.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-14 Chapter 5 Managing SAS® Compute Servers and Spawners
i
Metadata Server
Metadata
Repositories
Object
Spawner
Authentication Provider
54
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
After the execution of the stored process is complete, the stored process server is available for reuse
by other requests.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-15
56
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
57
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-16 Chapter 5 Managing SAS® Compute Servers and Spawners
58
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Token Authentication is when the metadata server generates and validates a single-use identity token
for each authentication event. This enables participating SAS servers to accept users who are already
connected to the metadata server:
1. The user initiates a request that requires access to a target server (for example, a request in SAS
Enterprise Guide to open a cube associated with the OLAP server). Using the existing connection
to the metadata server, the client requests an identity token for the target server.
2. The metadata server generates the token and returns it to the client.
3. The client sends the token to the target server.
4. The target server sends the token back to the metadata server for validation.
5. The metadata server validates the token and returns an acceptance message and a representation
of the user to the target server.
6. The target server accepts the connection.
The benefits of SAS token authentication are listed here:
Individual, external accounts for credential-based authentication are not required.
SAS copies of individual, external passwords do not need to be stored in the metadata.
Reusable credentials are not transmitted across the network.
Metadata layer evaluations are based on the requesting user’s identity.
The limitations of using SAS token authentication are as follows:
Host access is based on a shared login, if implemented for use on a standard workspace server.
It is available only for metadata-aware connections to the target server.
This authentication is not available for access to third-party database servers.
Because SAS token authentication essentially uses a shared login (typically, sassrv), host access
to resources is based on access rights associated with that account.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-17
Converting a standard workspace server to use SAS token authentication requires some changes
to the server’s metadata.
In the Properties window for the logical workspace server, select SAS token authentication
on the Options tab.
In the Properties window for the physical workspace server, select Launch credentials on the
Options tab.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-18 Chapter 5 Managing SAS® Compute Servers and Spawners
59
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
When the object spawner starts, it uses the information in its metadata
configuration file to access the metadata server. The file is named
metadataConfig.xml, by default.
60
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-19
If changes are made to the server or spawner configurations, the spawner can be refreshed in order
to pick up and apply these new changes. The refresh reinitializes the spawner and forces it to reread its
configuration in the metadata. As part of this refresh, the spawner quiesces any servers that it has started.
The servers shut down when their clients have completed their work.
To refresh an object spawner, follow these steps:
1. Expand the Server Manager node Object Spawner. Then right-click the Object Spawner
machine name node.
2. From the pop-up menu, select Connect.
3. Right-click the Object Spawner node again. From the pop-up menu, select Refresh Spawner.
4. In the confirmation dialog box, click Yes.
Note: When an object spawner manages more than one SAS Application Server context, you can
refresh a specific application server by selecting Refresh Application Server.
During start-up, the object spawner retrieves, from the metadata, information
about how to launch the servers.
61
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-20 Chapter 5 Managing SAS® Compute Servers and Spawners
2. Expand the Server Manager plug-in and then select SASApp SASApp - Logical Workspace
Server SASApp - Workspace Server sasserver.demo.sas.com. Right-click
sasserver.demo.sas.com and select Connect.
3. Connect also to the stored process server. Expand SASApp - Logical Stored Process Server
SASApp - Stored Process Server. Right-click sasserver.demo.sas.com and select Connect.
Notice that the tabs become active when you are connected.
4. On the Folders tab, navigate to Orion Star Marketing Department Stored Processes.
Right-click Analysis of Product Orders by Gender.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-21
5. On the Execution tab, select Stored process server only. Click OK.
6. Start a SAS Enterprise Guide session, select Start All Programs SAS
SAS Enterprise Guide 7.1. Close the Welcome window.
7. In the Server list, expand Servers SASApp.
8. Locate the process running under Jacques’ credentials. What is the process ID?
9. In SAS Enterprise Guide, select File Open Stored Process. Navigate to Orion Star
Marketing Department Stored Processes. Select Analysis of Product Order by Gender.
Click Open.
10. With the stored process highlighted in the Process Flow window, select Run Run Analysis
of Product Order by Gender.
Switch back to SAS Management Console. What is the process ID? The process ID varies.
Who is the process owner? sassrv
11. Expand sasserver.demo.sas.com and select the process ID. Click the Sessions tab.
Are any sessions listed? If not, why not? The session is listed while the stored process executes,
but that might be too fast to see.
12. Return to SAS Enterprise Guide and rerun the stored process. While the stored process executes,
return to SAS Management Console and select the stored process server PID.
Was a new process started? No, the process was reused.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-22 Chapter 5 Managing SAS® Compute Servers and Spawners
Exercises
What account does the object spawner use to connect to the metadata server?
b. Use SAS Environment Manager or SAS Management Console on the client machine to look at
the metadata properties of the object spawner. Use credentials of Ahmed with the password
Student1.
Expand Server Manager. Right-click Object Spawner - SASSERVER and select Properties.
Click the Servers tab.
What servers is the object spawner responsible for starting?
c. Use SAS Environment Manager to view metrics for the Object Spawner.
1) On the Resources tab, select sasserver.demo.sas.com Object Spawner - sasserver.
2) Find the following metrics:
Current Clients: shows how many clients are connected to the object spawner at the
moment.
Current Servers: shows how many servers of any type this object spawner has currently
launched.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-23
Total Servers: shows how many servers of any type have been started by this object spawner
since it was launched.
3) You can use the up arrow ( ) to sequentially position the metrics next to each other on the
Monitor page. Click Apply button located at the top right of the Indicator Charts.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-24 Chapter 5 Managing SAS® Compute Servers and Spawners
7) Move the Spawned Servers availability summary portlet just below the OS and SAS Server
Tier availability summary portlet. Click the heading and drag it to the location.
2. Identifying the Command Line, Shared ID, and Port of the Workspace Server and Stored
Process Server
Use SAS Environment Manager or SAS Management Console to look at metadata properties of the
servers.
a. On the Administration page, click Side menu and select Servers. Expand SASApp SASApp -
Logical Workspace Server. Right-click SASApp - Workspace Server and select Open.
What command is used by the object spawner to start the workspace server?
What port does the object spawner listen on for requests for the workspace server?
Note: The information can be found on the properties pages. Use the drop-down menu next to
Basic Properties.
b. On the Administration page, click Side menu and select Servers. Expand SASApp SASApp -
Logical StoredProcess Server. Right-click SASApp - Stored Process Server and select Open.
What command is used by the object spawner to start the stored process server?
What shared ID does the object spawner use to launch the stored process server?
What port does the object spawner listen on for requests for the stored process server?
Note: The information can be found on the properties pages. Use the drop-down menu next to
Basic Properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-25
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-26 Chapter 5 Managing SAS® Compute Servers and Spawners
4. Running Stored Processes from the Report Center about Server Activity
a. Select Analyze Report Center.
To create a report, click the stored process entry. The viewing pane of the Report Center window
displays prompts for the information in the report. You can select the categories of inputs on the
left side of the display area to fully customize the report. Click Run to produce the report.
b. Select Products SAS Environment Manager Nightly Reports ARM Performance
Reports.
The following reports can be useful regarding SAS Servers:
5. (Optional) Adding a Saved Chart Portlet on the Dashboard in SAS Environment Manager
The Saved Chart portlet displays a rotation of all of the resource metric charts that you have saved.
The process of creating this type of portlet consists of navigating to the resources that you want
to chart, finding the metric charts that you want to display, and saving them to your dashboard. When
you create the portlet, all of your saved charts automatically appear.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.1 Understanding SAS Compute Servers 5-27
a. Make sure you are logged on to SAS Environment Manager as Ahmed and using the password
Student1.
b. Create a Free Memory chart.
1) Select Resources Browse.
2) On the Resources page, select Platforms.
3) Click sasserver.demo.sas.com.
4) Scroll down to the Free Memory chart.
5) Click Free Memory.
6) On the Metric Chart page, select Save Chart to Dashboards.
7) Select Ahmed and click Add.
8) Go to Dashboards to see the chart saved. It is displayed on the left side.
c. Create a Number of Spawned Servers chart.
1) Select Resources Browse Servers.
2) In the All Server Types field, select SAS Object Spawner 9.4.
3) Click the arrow at the right of the filter fields.
4) Click sasserver.demo.sas.com Object Spawner - sasserver.
5) Scroll down to the Current Servers chart.
6) Click Current Servers.
7) On the Metric Chart page, select Save Chart to Dashboards.
8) Select Ahmed and click Add.
9) Go to Dashboards to see the chart saved. It is added to the charts list of the Saved Charts
portlet.
Note: You can toggle between the two saved charts or remove them from the pane on the left of
the Saved Charts portlet.
d. Create a Metadata Server Clients Per Minute chart.
1) Select Resources Browse Servers.
2) In the All Groups field, select SAS Metadata Servers.
3) Click the arrow at the right of the filter fields.
4) Click sasserver.demo.sas.com SASMeta - Metadata Server.
5) On the left side of the Resource Detail page, select All Metrics from the drop-down menu.
6) In the table of metrics, find Total Clients per Minute and position your mouse pointer
on the information icon ( ).
7) From the tooltip, select View Full Chart. The Metric Chart page appears.
8) On the Metric Chart page, select Save Chart to Dashboards.
9) Select Ahmed and click Add.
10) Go to Dashboards to see the chart saved. It is added to the charts list of the Saved Charts
portlet.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-28 Chapter 5 Managing SAS® Compute Servers and Spawners
Objectives
66
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Purpose
Joe: ID &
password
Metadata Server
i
Internal acct:
sasadm@saspw &
password i
Metadata Server ID & password
67
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Joe’s logon is only for inbound use to determine his metadata identity. His password is available (cached
in the user context, not stored in the metadata) but is not used to determine his identity. This logon should
be in DefaultAuth, but that relationship is not used in determining his metadata identity.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-29
Purpose
Workspace Server
(standard using SAS Token
Authentication)
68
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The designated launch credential for each of the depicted processing servers is stored on the SAS General
Servers group definition. In this example, the servers all use the same credentials. Logons that contain
designated launch credentials are usually in the DefaultAuth authentication domain, because these
processing servers are usually in DefaultAuth. However, those logons are directly paired with each server,
not looked up by authentication domain. Because the authentication domain assignment for these logons
is not used, the figure does not depict that assignment.
JoeOra &
password
GroupOra &
password
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-30 Chapter 5 Managing SAS® Compute Servers and Spawners
Joe’s second logon provides seamless access to Oracle using an individual account. This logon includes a
password and must be in the Oracle server's authentication domain. The ETL group's logon is a shared
logon for the Oracle server. Joe’s personal Oracle logon has a higher priority.
Note: If you choose to store passwords for the workspace server, the relationships would be comparable
to the depiction of the Oracle DBMS, OracleAuth authentication domain, and Oracle logons. For
example, you might put the workspace server in WorkspaceAuth and create individual and group
logons in that authentication domain.
Outbound Logons
Outbound logons can be defined on the Accounts tab of individual and group
identities and must include these items:
• a fully qualified external account
• password
• authentication domain
70
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Clients use authentication domain assignments to determine which credentials are valid for which servers.
The target server validates the client-supplied credentials against its authentication provider.
In most deployments of the platform for SAS Business Analytics, passwords for external accounts need
to be stored in the metadata to support these types of access only:
seamless access to an external database
seamless access to the standard workspace server in a mixed provider environment where Integrated
Windows Authentication and SAS token authentication is not applicable
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-31
Authentication Domains
An authentication domain is a SAS metadata object that pairs logons with the
server definitions where those credentials are correctly authenticated.
71
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
For example, an Oracle server definition and the SAS copies of Oracle credentials (outbound logons)
have the same authentication domain value (for example, “OracleAuth”) if those credentials authenticate
on that Oracle server. Authentication domains can be managed using the Server Manager plug-in
or the User Manager plug-in. Right-click the plug-in and select Authentication Domains.
72
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-32 Chapter 5 Managing SAS® Compute Servers and Spawners
Credential Management
Note: Credentials from a user or group's metadata definition are not included in the initial list that is
created when a user logs on. Instead, such credentials are added to the list dynamically (when and
if they are needed in the course of the user's session).
75
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Three authentications and permissions take place when accessing DBMS data. Metadata authentication is
the first, and this is mainly for the metadata server to know who is requesting the data and verify that the
user has metadata permissions to the data.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-33
Workspace server authentication is the second authentication. If metadata permissions allow the user to
access the workspace server, then the metadata server retrieves and passes the user’s credentials to the
host OS of the SAS workspace server for authentication (via the object spawner).
When the first two authentications and authorizations have been met, the metadata server will fetch the
corresponding metadata stored DBMS credentials to pass to the DBMS for authentication (these
credentials must be stored in metadata via groups for shared credentials or at the individual user level,
except when using SQL Server Windows Integration Authentication).
Next, the DBMS system controls which data the credentials have permission to access. SAS cannot and
will not override the DBMS permissions on DBMS data. However, SAS is able to add/enhance DBMS
data permissions through metadata permissions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-34 Chapter 5 Managing SAS® Compute Servers and Spawners
3. Click the Members tab. Uncheck Groups. Add the first four users that are listed by pressing and
holding the Shift key while highlighting the names. Click the arrow facing to the right.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-35
5. Enter:
oracleid for User ID
Student1 for Password twice
Click New next to Authentication Domain to create a new Authentication Domain that will also be
attached to the registered database server and libraries.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-36 Chapter 5 Managing SAS® Compute Servers and Spawners
9. Select Oracle Server from the Database Servers list. Click Next.
10. Enter an appropriate server name in the Name field: Oracle Server. You can supply an optional
description. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-37
11. The server properties that are displayed in the window are default values and should not be changed.
To change the Associated Machine property, click the down arrow at the right of the field and select
the appropriate server from the drop-down list.
Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-38 Chapter 5 Managing SAS® Compute Servers and Spawners
15. Select Oracle from the Database Data list. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-39
17. Move SASApp over so that this library is assigned to the SASApp server context. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-40 Chapter 5 Managing SAS® Compute Servers and Spawners
19. The database server is Oracle Server, and for the database schema name, add Scott. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.2 Exploring Credential Management 5-41
21. Right-click the Oracle Library and select Display LIBNAME Statement.
22. The interface generated the LIBNAME statement that will be processed when a user in that group is
accessing Oracle tables from this library, but they will not be prompted.
Note: If you are logged on as the unrestricted user, you will be prompted because the unrestricted user
cannot retrieve passwords from metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-42 Chapter 5 Managing SAS® Compute Servers and Spawners
Exercises
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-43
Objectives
80
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The SAS servers and spawners generate messages as events occur. These
messages can be of different severity levels from informational to severe.
They can be directed to a number of different locations, including the
following:
• log files
• operating system logs
• SAS Management Console
81
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-44 Chapter 5 Managing SAS® Compute Servers and Spawners
The SAS Logging Facility is a flexible, configurable framework that you can use to collect, categorize,
and filter events and write them to a variety of output devices. The facility logs information in support
of the following:
problem diagnosis and resolution
performance and capacity management
auditing and regulatory compliance.
82
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Initial logging settings for each SAS server are detailed in SAS® 9.4 Intelligence Platform: System
Administration Guide under System Monitoring and Logging Administering Logging for
SAS Servers Initial Logging Configuration for SAS Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-45
Loggers and appenders define what messages are captured and where they
are sent.
Loggers Use a hierarchical system to categorize log events.
They can be configured to go to multiple
appenders.
Appenders Represent a specific output destination for
messages, including fixed files, rolling files,
operating system facilities, and client applications.
83
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Loggers
84
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The App loggers process logs events related to specific applications such as metadata servers, OLAP
servers, stored process servers, and workspace servers.
The IOM interface provides access to SAS Foundation features such as the SAS language, SAS libraries,
the server file system, results content, and formatting services. IOM servers include metadata servers,
OLAP servers, stored process servers, and workspace servers.
Below is a list of some sample loggers that are useful for monitoring the metadata server and metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-46 Chapter 5 Managing SAS® Compute Servers and Spawners
App.Meta is the parent logger for metadata server events. Logging levels that are defined for this logger
are inherited by its child loggers unless they are explicitly overridden. They include:
App.Meta.CM, which logs change management events, including check-in and check-out.
App.Meta.IO, which logs low-level input and output activity.
App.Meta.Mgmt, which logs metadata server management activity such as server operation actions,
creating and deleting repositories, modifying repository access modes, and repository backup and
migration.
Audit.Meta.Security is the parent logger for metadata server security events. No events are written
directly to this logger. Logging levels that are defined for this logger are inherited by its child loggers
unless the levels are explicitly overridden. Examples are: Audit.Meta.Security.AccCtrlAdm,
Audit.Meta.security.GrpAdm, Audit.Meta.Security.UserAdm.
Perf.Meta.Expensive logs requests that take longer than a specified time threshold so that application
developers and administrators can identify high-cost metadata requests. The performance threshold is 30
seconds. (This is new in SAS 9.4.)
Admin.Operations processes log events that are related to server operations, such as starting, pausing,
and stopping an instance of a workspace server.
Audit.Authentication processes log events for server authentication requests.
Diagnostic Levels
The logging levels are listed from the lowest (most detailed) to the highest: TRACE, DEBUG, INFO,
WARN, ERROR, FATAL.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-47
Appenders
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-48 Chapter 5 Managing SAS® Compute Servers and Spawners
These parameters typically use conversion characters referenced with a preceding percent sign, including
the following:
Conversion Description
Character
c Used to trigger the output of the logger name of the logging event
S Used to trigger the output of various pieces of system information and must be followed
by the key for the system information desired, placed between braces such as
%S{os_name}
Valid system information keys include the following:
host_name
os_name
os_version
user_name: identity that owns the process and not client identity associated with
current thread
startup_cmd
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-49
The IOM Server Appender writes log messages from IOM servers to a volatile
run-time cache. The contents of the cache are available for display in SAS
Management Console.
Use the Server Manager options to specify a message level or threshold filter
level.
87
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The option settings filter the events that are already generated, based on the server’s logging settings.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-50 Chapter 5 Managing SAS® Compute Servers and Spawners
In addition to filtering log events based on thresholds that are assigned to loggers or appender definitions,
the logging facility enables you to use filter classes to filter log events based on one of the following: a
character string in the message, a single threshold, a range of thresholds, and a combination of strings and
thresholds.
Common Terminology
Log event: an occurrence that is reported by a program for possible inclusion in a log.
Filter: a set of character strings or thresholds, or a combination of strings and thresholds
that you specify. Log events are compared to the filter to determine whether they
should be processed.
Message category: a classification for messages that are produced by a SAS subsystem. Message
categories for the logging facility are administrative messages, application-specific
messages, audit messages, IOM messages, and performance messages.
Threshold: the lowest event level that is processed. Log events whose levels are below the
threshold are ignored.
Logging Process
Stop Processing Stop Processing
Event Event
Log Event
Log Event
Log Event
< Threshold For
< Threshold
Appender or
For Logger
Filter
Output Destination
89
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
1. A SAS process (for example, a SAS server process) issues a log event. Each event includes
the following attributes: name that indicates the message category, diagnostic level, and message .
2. The log event is routed to a logger based on the event’s name.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-51
3. The log event’s diagnostic level is compared to the threshold that is specified for the logger
in the logging configuration. If the event’s level is at or above the specified threshold, then processing
continues. If the level is below the threshold, then the event is ignored.
If no threshold is specified for the event’s logger, then the event inherits the threshold setting of the
nearest ancestor logger. For example, if an Audit.Meta.Security event is being processed, then
inheritance occurs as follows:
a. The event’s level is compared to the threshold for the Audit.Meta.Security logger.
b. If no threshold is specified for Audit.Meta.Security, then the threshold for Audit.Meta is applied.
c. If no threshold is specified for Audit.Meta, then the threshold for Audit is applied.
d. If no threshold is specified for Audit, then the threshold for Root is applied.
If no threshold is assigned to the logger or its ancestors, then the event is ignored.
4. The log event is processed by the appenders that are assigned to the logger. Each appender
processes the log event. If the appender configuration includes a
a. threshold, the event’s level is compared to the threshold
b. filter, the event is compared to the filtering criteria.
5. If the log event passes the filter and threshold for the appender, it is written to the output
destination.
Note: Multiple appenders can be associated with a single logger. An event that passes the logger
might be written to one appender, but not to another. For example, a warning might be
written to a log file, but not to the terminal window.
The best practice is to use the initial logging configuration files created
by the SAS Deployment Wizard.
If necessary, you can use the following methods for modifying server logging
configurations:
• adjust logging levels dynamically using the Server Manager plug-in
• use alternative logging configuration files provided for troubleshooting
• modify the server’s logconfig.xml file
90
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-52 Chapter 5 Managing SAS® Compute Servers and Spawners
The dynamic changes affect all logging produced by the server in question,
but do not modify the logconfig.xml file. The changes persist until changed
dynamically or the server is restarted.
91
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
By default, the Audit.Meta logger inherits the Information logging level from its parent, Audit. You can
assign a different level for this logger.
When the server is restarted, it rereads the logconfig.xml file.
92
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Note: Alternate logging configuration files named logconfig.apm.xml are provided and used if the SAS
Environment Manager Service Architecture is enabled.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-53
The following are some examples of changes that you might want to make
to a server’s log configuration file:
• Configure the RollingFileAppender to use a different log filename or to
store the files in a different location.
• Configure a different message layout for an appender.
93
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
For more information about the SAS logging facility, refer to SAS® 9.4 Logging: Configuration
and Programming Reference.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-54 Chapter 5 Managing SAS® Compute Servers and Spawners
2. The tabs on the right are no longer grayed out. Click the Clients tab. The Clients tab lists the user,
host, and entry time for each client connected to the metadata server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-55
3. Click the Options tab. The Options tab lists the name, description, value, and category for the server
and spawner options, counters, and properties.
4. Click the Loggers tab. The Loggers tab lists the logging services that are in use for the server, as well
as the logging level that is captured, or inherited. This is configured for the IOM Server Appender in
the logconfig.apm.xml for the metadata server.
Note: The logconfig.apm.xml is in use because Extended Monitoring has been enabled in this
environment.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-56 Chapter 5 Managing SAS® Compute Servers and Spawners
5. For example, Perf shows a level of <inherited>. It is inheriting the level from <Root> of Error. Right-
click Perf and select Properties.
6. You can assign a different diagnostic level here. The dynamic changes affect all logging produced by
the server in question, but do not modify the logging configuration file that is read at server start-up.
The changes persist until changed dynamically or the server is restarted.
7. Click Cancel.
8. Click the Log tab. The Log tab displays the log for the server when configured to do so.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-57
13. Highlight again the SASMeta - Metadata Server and select the Log tab.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-58 Chapter 5 Managing SAS® Compute Servers and Spawners
Exercises
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-59
a. Open sasv9_usermods.cfg for the Stored Process Server to find which logconfig.xml file is being
read at server start-up.
Note: In this environment, the SAS Environment Manager service architecture framework is
configured so that the logging configuration points to logconfig.apm.xml.
d. The Audit.Data.Dataset logger and the TimeBased RollingFileAudit appender was already
added. Open the logconfig.apm.xml to view.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-60 Chapter 5 Managing SAS® Compute Servers and Spawners
The new logger will route Audit.Data.Dataset messages with a diagnostic level of TRACEand
above (TRACE, DEBUG, INFO, WARN, ERROR, and FATAL) to the appender named
TimeBasedRollingFileAudit.
The appender definition determines where the logger messages are written and what format is
used to trigger the output of the messages. Note the following:
The appender name matches the name specified in the appender tag of the logger definition
(TimeBasedRollingFileAudit).
The ConversionPattern parameter values specifies the log message. This is the same as what is
written to an existing log file with the addition of LOGGER=%c. So the entry in the log file
will include the text LOGGER= and the name of the logger, Audit.Data.Dataset. (The %c is a
conversion character that writes out the logger name.)
The FileNamePattern parameter value specifies where the log file will be written out and what
the name of the log file will be.
e. Close logconfig.apm.xml.
f. The AuditLogs directory needs to be created.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.3 Administering Server Logging 5-61
g. Refresh the object spawner in SAS Management Console and validate that the Stored Process
Server is still operational.
1) Expand Server Manager plug-in Object Spawner - sasserver. Right-click
sasserver.demo.sas.com and select Connect.
2) Right-click sasserver.demo.sas.com and select Refresh Spawner.
3) Click OK to continue.
4) Expand SASApp SASApp - Logical Stored Process Server SASApp - Stored
Process Server. Right-click sasserver.demo.sas.com and select Validate.
5) Click OK.
h. Run a stored process and check the audit log.
1) Open Internet Explorer on the client machine and select SASWebReportStudio on the
Favorites bar. Log on as Ahmed using the password Student1.
2) Select Open on the Getting Started Page.
3) Navigate to Orion Star Marketing Department Stored Processes.
4) Highlight Analysis of Product Orders by Gender and click Open.
5) Check the log.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-62 Chapter 5 Managing SAS® Compute Servers and Spawners
5.4 Solutions
Solutions to Exercises
1. Exploring the Object Spawner
a. On the server, open the metadataConfig.xml file that the object spawner reads at start-up.
What account does the object spawner use to connect to the metadata server? sastrust@saspw
b. Use SAS Environment Manager or SAS Management Console on the client machine to look at
the metadata properties of the object spawner. Use credentials of Ahmed using the password
Student1.
2) Right-click Object Spawner - sasserver and select Open to view metadata properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-63
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-64 Chapter 5 Managing SAS® Compute Servers and Spawners
Expand Server Manager. Right-click Object Spawner - SASSERVER and select Properties.
Click the Servers tab.
What servers is the object spawner responsible for starting?
c. Use SAS Environment Manager to view the metrics for the object spawner.
On the Resources tab, select sasserver.demo.sas.com Object Spawner - sasserver.
Find the following metrics:
Current Clients shows how many clients are connected to the object spawner at the moment.
Current Servers shows how many servers of any type this object spawner has currently
launched.
Total Servers shows how many servers of any type have been started by this object spawner
since it was launched.
You can use the up arrow ( ) to sequentially position the metrics next to each other on the
Monitor page. Click Apply button located at the top right of the Indicator Charts.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-65
2) Click the Configure icon to display the Dashboard Settings page for the portlet.
5) Select all workspace servers, pooled workspace servers, and stored process servers.
(You should have selected six of the seven available.) Click to move them to the
Add Resources pane. Click OK.
6) Specify the name Spawned Servers in the Description field. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-66 Chapter 5 Managing SAS® Compute Servers and Spawners
7) Move the Spawned Servers availability summary portlet just below the OS and SAS Server
Tier availability summary portlet. Click the heading and drag it to the location.
2. Identifying the Command Line, Shared ID, and Port of the Workspace Server and Stored
Process Server
Use SAS Environment Manager or SAS Management Console to look at metadata properties of the
servers.
a. On the Administration page, click Side menu and select Servers. Expand SASApp SASApp -
Logical Workspace Server. Right-click SASApp - Workspace Server and select Open.
What command is used by the object spawner to start the workspace server?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-67
What port does the object spawner listen on for requests for the workspace server? 8591
2) From the drop-down menu select Connections.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-68 Chapter 5 Managing SAS® Compute Servers and Spawners
b. On the Administration page, click Side menu and select Servers. Expand SASApp SASApp -
Logical StoredProcess Server. Right-click SASApp - Stored Process Server and select Open.
What command is used by the object spawner to start the stored process server?
1) From the drop-down menu, select Options.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-69
What shared ID does the object spawner use to launch the stored process server?
What port does the object spawner listen on for requests for the stored process server? 8601
2) From the drop-down menu, select Connections.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-70 Chapter 5 Managing SAS® Compute Servers and Spawners
What port does the object spawner listen on for requests for the workspace server? 8591
b. Under Server Manager, expand SASApp SASApp - Logical Stored Process Server.
Right-click SASApp - Stored Process Server and select Properties. Click the Options tab.
What command is used by the object spawner to start the workspace server?
What shared ID does the object spawner use to launch the stored process server?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-71
What port does the object spawner listen on for requests for the stored process server? 8601
What is the description of this group? Allows members to be used for launching stored process
servers and pooled workspace servers
Who is the member of this group? SAS Trusted User
What account is attached to this group?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-72 Chapter 5 Managing SAS® Compute Servers and Spawners
Note: Members of a group can access credentials stored on a group. Because the object spawner
connects to the metadata server with the sastrust@saspw account, the object spawner
is a member of the SAS General Server group.
Note: Members of a group can access credentials stored on a group. Because the object spawner
connects to the metadata server with the sastrust@saspw account, the object spawner
is a member of the SAS General Server group.
4. Running Stored Processes from the Report Center about Server Activity
a. Select Analyze Report Center.
To create a report, click the stored process entry. The viewing pane of the Report Center window
displays prompts for the information in the report. You can select the categories of inputs on the
left side of the display area to fully customize the report. Click Run to produce the report.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-73
5. (Optional) Adding a Saved Chart Portlet on the Dashboard in SAS Environment Manager
The Saved Chart portlet displays a rotation of all of the resource metric charts that you have saved.
The process of creating this type of portlet consists of navigating to the resources that you want
to chart, finding the metric charts that you want to display, and saving them to your dashboard. When
you create the portlet, all of your saved charts automatically appear.
a. Make sure you are logged on to SAS Environment Manager as Ahmed using the password
Student1.
b. Create a Free Memory chart.
1) Select Resources Browse.
2) On the Resources page, select Platforms.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-74 Chapter 5 Managing SAS® Compute Servers and Spawners
3) Click sasserver.demo.sas.com.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-75
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-76 Chapter 5 Managing SAS® Compute Servers and Spawners
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-77
9) Go to Dashboards to see the chart saved. It is added to the charts list of the Saved Charts
portlet.
Note: You can toggle between the two saved charts or remove them from the pane on the
left of the Saved Charts portlet.
d. Create a Metadata Server Clients Per Minute chart.
1) Select Resources Browse Servers.
2) In the All Groups field, select SAS Metadata Servers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-78 Chapter 5 Managing SAS® Compute Servers and Spawners
5) On the left side of the Resource Detail page, select All Metrics from the drop-down menu.
6) In the table of metrics, find Total Clients per Minute and position your mouse pointer
on the information icon ( ).
7) From the tooltip, select View Full Chart. The Metric Chart page appears.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-79
10) Go to Dashboards to see the chart saved. It is added to the charts list of the Saved Charts
portlet.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-80 Chapter 5 Managing SAS® Compute Servers and Spawners
b. Log on with the My Server connection profile as Marcel using the Student1 password.
c. Where in SAS Management Console can you find what is displayed in the SAS Personal Login
Manager? On the Accounts tab of a user definition In SAS Environment Manager? On the
Accounts properties of a user definition in the Administration page.
d. Can Marcel modify an existing login? Yes
e. Can Marcel add a new login? Yes
f. Can Marcel add a new authentication domain? No
Maintaining Passwords with SAS Enterprise Guide:
a. Connect to SAS Enterprise Guide as Marcel.
b. Select Tools SAS Enterprise Guide Explorer. In SAS Enterprise Guide Explorer, select
File Manager Logins.
c. Can Marcel modify an existing login? Yes
d. Can Marcel add a new login? Yes
e. Can Marcel add a new authentication domain? No
7. Enabling Trace Logging for Object Spawner
a. Open Internet Explorer on the client machine. Go to the SAS Home page if not already there by
clicking the Home button in the upper right toolbar.
b. Type enable object spawner trace logging in the Search field and click Search.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-81
c. Click Enable More Detailed Logging for SAS Object Spawner Troubleshooting, dated
2015-07-16.
Note: You might need to click Date so that the most recent search results are at the top.
d. (Optional) You can choose to temporarily increase the logging level dynamically in
SAS Management Console (the second bullet).
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-82 Chapter 5 Managing SAS® Compute Servers and Spawners
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-83
c. For this exercise, there is a logconfig.apm.xml file located on the server that already has the new
logger and appender.
Locate the file and copy it over to the Stored Process Server directory.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-84 Chapter 5 Managing SAS® Compute Servers and Spawners
d. The Audit.Data.Dataset logger and the TimeBased RollingFileAudit appender was already
added. Open the logconfig.apm.xml to view.
The new logger will route Audit.Data.Dataset messages with a diagnostic level of TRACEand
above (TRACE, DEBUG, INFO, WARN, ERROR, and FATAL) to the appender named
TimeBasedRollingFileAudit.
The appender definition determines where the logger messages are written and what format is
used for the written messages. Note the following:
The appender name matches the name specified in the appender tag of the logger definition
(TimeBasedRollingFileAudit).
The ConversionPattern parameter values specifies the log message. This is the same as what is
written to an existing log file with the addition of LOGGER=%c. So the entry in the log file
will include the text LOGGER= and the name of the logger, Audit.Data.Dataset. (The %c is a
conversion character that writes out the logger name.)
The FileNamePattern parameter value specifies where the log file will be written out and what
the name of the log file will be.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-85
e. Close logconfig.apm.xml.
f. The AuditLogs directory needs to be created.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-86 Chapter 5 Managing SAS® Compute Servers and Spawners
g. Refresh the object spawner in SAS Management Console and validate that the Stored Process
Server is still operational.
1) Expand Server Manager plug-in Object Spawner - sasserver. Right-click
sasserver.demo.sas.com and select Connect.
3) Click OK to continue.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-87
5) Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-88 Chapter 5 Managing SAS® Compute Servers and Spawners
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5.4 Solutions 5-89
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
5-90 Chapter 5 Managing SAS® Compute Servers and Spawners
73
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 6 Securing Metadata
6.1 Reviewing Metadata Security.................................................................................... 6-3
Demonstration: Exploring the Repository ACT........................................................... 6-12
Exercises............................................................................................................. 6-20
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-3
Objectives
• Identify how the metadata authorization layer interacts with other security
layers.
• Identify where metadata permissions are assigned.
• Identify to whom metadata permissions are assigned.
• Explore how metadata authorization decisions are made.
3
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Authorization is the process of determining which users have which permissions for which resources.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-4 Chapter 6 Securing Metadata
The metadata layer offers a number of benefits, including but not limited to the following:
tighter integration across platform applications and interfaces
flexibility and portability in underlying implementation
enterprise level security and governance
5
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
...
Across authorization layers, protections are cumulative. In order to perform a task, a user must have
sufficient access in all applicable layers.
Some clients enable power users to create and run SAS programs that access data directly, bypassing
metadata-layer controls. It is essential to manage physical layer access in addition to metadata-layer
controls.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-5
Access Management
You can use the metadata authorization layer to manage access to the following
resources:
6
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Access to a SAS metadata resource is controlled by granting or denying the metadata permissions that are
enforced for the resource.
Metadata Authorization
To programmatically define or query authorization settings, use either batch tools or DATA step functions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-6 Chapter 6 Securing Metadata
Metadata Permissions
8
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Other permissions are specialized and affect only certain types of items.
To examine a user’s permissions, do not begin by finding the user definition. Instead, begin by navigating
to the object that you want to examine.
9
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Repository-level controls are managed from the permission pattern of the repository ACT (Default ACT).
You can define object-level controls individually (as explicit settings) or in patterns (by applying access
control templates).
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-7
To establish fine-grained controls, you add constraints called permission conditions to explicit grants
of the Read or Select permission. Fine-grained controls are supported for only some objects, including
SAS Information Maps, SAS OLAP cubes, and metadata-bound data sets.
continued...
Repository ACT
10
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Repository ACT
11
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-8 Chapter 6 Securing Metadata
S el f
S A S US ERS
F i n ance
P UB LIC
12
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
S el f
HR R ep ort
C rea tor
S A S US ERS
F i n ance
P UB LIC
13
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
From top to bottom, the elements in the diagram are ordered as follows:
from highest precedence (hardest to override) to lowest precedence (easiest to override)
from narrowest impact (most specific) to broadest impact (least specific)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-9
For example, if you grant a group access to a report, that grant applies to everyone who is a member
of the group. This relationship network is governed by a precedence order that starts with the primary
(usually individual) identity, can incorporate multiple levels of nested group memberships, and ends with
implicit memberships in SASUSERS and then PUBLIC.
To avoid introducing unnecessary complexity, do not make PUBLIC or SASUSERS a member of another
group. This is not an issue for roles.
Object Inheritance
In object inheritance, permissions that you set on one object can affect many
other objects.
Explicit controls and ACTS have priority over settings on the object’s parent
(inheritance).
14
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
From top to bottom, the elements in the diagram are ordered as follows:
from highest precedence (hardest to override) to lowest precedence (easiest to override)
from narrowest impact (most specific) to broadest impact (least specific)
For example, a report inherits permissions from the folder in which the report is located. This network
is a simple folder tree, with exceptions such as the following:
The root folder is not the ultimate parent. This folder inherits from the repository (through the
permission pattern of the repository ACT).
The root folder is not a universal parent. Some system resources (such as application servers, identities,
and ACTs) are not in the folder tree. For these items, the repository ACT is the immediate and only
parent.
Inheritance within a table or cube follows the data structure. For example, neither table columns nor
cube dimensions have folders as immediate parents. Instead, a column inherits from its parent table
and a dimension inherits from its parent cube.
Inheritance does not flow through specialty folders such as favorites folders, virtual folders, or search
folders.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-10 Chapter 6 Securing Metadata
The diagram depicts a separated view of the object inheritance paths. The arrows on the slide flow from
child to parent.
In the metadata layer, parent objects convey their effective permissions to child objects. Children inherit
the net effect of their parents’ access controls, not the access controls themselves.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-11
Below is the integrated view of the object inheritance paths. The arrows in the diagram below flow from
parent to child. For example, a folder conveys its effective permissions to the items that it contains.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-12 Chapter 6 Securing Metadata
4. Right-click Default ACT and select Open. This brings you to the metadata properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-13
5. The Basic Properties are displayed. Open the drop-down menu by clicking the down arrow next to
Basic Properties and select ACT: Usage.
The box has a check mark, which signifies that this ACT is used for the Repository ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-14 Chapter 6 Securing Metadata
You can select the Use abbreviations box to abbreviate the permission in order to see more across
the page.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-15
A drop-down menu in the upper right enables you to change the summary view to Group by
permission.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-16 Chapter 6 Securing Metadata
8. Look at the permissions on this object. From the drop-down menu, select Authorization.
9. The Authorization screen shows the security on this object. Every metadata object has the
Authorization screen as part of its properties.
The hollow square next to the permission represents that the permission is coming from an ACT
applied to the object.
The filled-in diamond represents that this is an explicit denial. So PUBLIC has an explicit denial of
WriteMetadata, which means that due to identity hierarchy, SASUSERS also has a denial of
WriteMetadata on this object. SAS Administrators would have a denial of WriteMetadata as well if
there was not a direct control of a grant, either by an ACT applied to this object or an explicit grant.
10. To find out what ACT is applied to this object, the Default ACT, select Apply ACT from the drop-
down menu.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-17
11. Look at the properties of the repository ACT in SAS Management Console. Log on to SAS
Management Console as Ahmed with the password Student1, if not already logged on.
SAS Management Console can be used to manage ACTs in the Authorization Manager plug-in.
12. Click the Plug-ins tab. Expand Authorization Manager Access Control Templates.
13. Right-click Default ACT. Notice that the box next to Repository ACT is selected, which signifies
that this ACT is used for the Repository ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-18 Chapter 6 Securing Metadata
15. Click the Permission Pattern tab. This is the template of permissions that is automatically applied
to all of the metadata. Highlight PUBLIC. Notice that ReadMetadata and WriteMetadata are denied.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-19
16. Highlight SASUSERS. Anyone who has a metadata identity is automatically in PUBLIC and also
a member of SASUSERS. SASUSERS is a subset of PUBLIC, but this group has ReadMetadata
and WriteMetadata permissions coming from the repository ACT.
Note: The types of permissions and how they are represented in the interfaces are discussed in the
next section.
17. Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-20 Chapter 6 Securing Metadata
Exercises
1. Exploring Identity Hierarchy and Object Inheritance on a Folder
Note: You have the option of using SAS Environment Manager Administration or SAS
Management Console for the exercises in this chapter. There are step-by-step instructions.
However, the solutions offer more steps and screen shots.
Verify that you are logged on to SAS Management Console as Ahmed. Run an ad hoc backup, with
the following comment: Backup Before Adding Security on Chocolate Enterprises
a. Open Internet Explorer from the client machine using the taskbar. Click SAS Environment
Manager on the Favorites bar. Sign in to SAS Environment Manager as Ahmed with the
password Student1.
b. Click the Administration tab. The Folders page is the initial view. If you are already on the
Administration page and another view, click the Side menu and select Folders. Right-click the
Chocolate Enterprises folder and select Open to get to the metadata properties.
Can you remove any of the groups listed under Users and Groups? Why or why not?
Click the square to the left of the identity to highlight the identity. Click the Remove Identities
button in the upper right toolbar.
d. Add the following three group identities: Application Developers, Data Integrators, and
Report Content Creators.
1) Click the Add button in the upper right toolbar to open the Add Identities window.
2) You can enter a few letters of the group name and press Enter, or click the Search button
. Highlight the group and move it over to the Identities to Add pane.
3) Do this for all three groups before clicking OK.
4) Save the changes by clicking the Save button in the upper right toolbar.
What permission is automatically granted to an identity when added?
Note: You can click a permission field, and a window appears that identifies the type of
permission and where it comes from.
e. Right-click Data Integrators and select Open. From the drop-down menu, select Member of.
What group is Data Integrators a member of?
f. Right-click Power Users and select Open to go to the properties of this group identity.
g. From the drop-down menu, select Members.
Who are members of the Power Users group?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-21
h. Click the Previous Level button in the upper left of the page to go back to the Authorization
properties of Data Integrators and click the Previous Level button again to go back to the
Authorization properties of the Chocolate Enterprises folder.
i. Remove the three group identities (Application Developers, Data Integrators, and Report Content
Creators) from the Authorization properties.
1) Click in the square to the left of the identity to highlight it.
Note: You can hold the Ctrl key while selecting all three group identities and delete all three
at once.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-22 Chapter 6 Securing Metadata
o. Go to the Authorization page of the Data folder under the Chocolate Enterprises folder.
Note: You might need to refresh the view or close out completely of the Administration page to
see the permission changes that you made in previous steps.
Right-click Data and select Open. From the drop-down menu, select Authorization.
p. Highlight Power Users.
Where do these permissions come from?
Note: There is also an indirect grant of WriteMetadata. A grant (or deny) of WMM on a folder
becomes an inherited grant (or deny) of WM on the objects in that folder. This is
discussed in the next section.
q. Can you remove the Power Users group from the Authorization page of the Data folder?
Why not?
r. (Optional) If you do not want Power Users to modify or delete these folders below the Chocolate
Enterprises folder, select Deny for WriteMetadata. (Notice that WriteMemberMetadata switches
automatically to indirect deny.) Then select Grant for WriteMemberMetadata. Be sure to save
your changes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.1 Review ing Metadata Security 6-23
k. Click the Explore Authorizations tab. Enter Kari in the Name or Display Name field.
Click Search Now. Kari’s effective permissions for this item are displayed. She is a member of
the Data Integrators group, which is a member of the Power Users group. The same permissions
are applied indirectly for Kari through her identity hierarchy.
l. Click OK twice to return to the Chocolate Enterprises folder.
m. Go to the Authorization tab of the Data folder under the Chocolate Enterprises folder.
n. Highlight Power Users.
Where do these permissions come from?
o. Can you remove the Power Users group from the Authorization tab of the Data folder?
Why not?
Note: There is also an indirect grant of WriteMetadata. A grant (or deny) of WMM on a folder
becomes an inherited grant (or deny) of WM on the objects in that folder. This is
discussed in the next section.
p. (Optional) If you do not want Power Users to modify or delete these folders below the Chocolate
Enterprises folder, select Deny for WriteMetadata (notice that WriteMemberMetadata switches
automatically to indirect deny) and then select Grant for WriteMemberMetadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-24 Chapter 6 Securing Metadata
18
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Given the Authorization tab for the Marketing Department folder, which
identities are on the Authorization tab of any item stored directly under
that folder?
20
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-25
Given the Authorization tab for the Marketing Department folder, which
identities are on the Authorization tab of any item stored directly under
that folder?
21
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Objectives
24
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-26 Chapter 6 Securing Metadata
The check box color on the Authorization tab on the properties of a metadata
object in SAS Management Console indicates how the
permission was assigned.
The Search tab in SAS Management Console returns results based on the individual user’s permissions
on individual objects and ignores the permissions on the folder navigation to the object. In other words,
if the user is denied RM on the metadata folder path to the object but granted RM on the object,
the Search tab returns the object even though the user cannot access it through the metadata folders.
26
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-27
Icon Meaning
ACTs
Each ACT consists of a pattern of grants and denials that are assigned to
different users and groups.
• In SAS Management Console, ACTs
are created and managed using the
Authorization Manager plug-in.
Caution: Do not confuse an ACT’s Authorization tab with its Permission Pattern tab in SAS
Management Console. Authorization tabs control who can modify the item in question.
The Authorization tab on an ACT controls who can modify the ACT, including the
permission pattern.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-28 Chapter 6 Securing Metadata
Default ACT Acts as the repository ACT initially. This ACT provides registered users
RM and WM permission at the repository level.
Private User Folder Applied automatically to each user’s personal folder in conjunction with
ACT explicit settings to grant the user RM, WMM, CM, and R permission.
SAS Administrator Used to grant the SAS Administrators group and SAS System Services
Settings ACT group access to metadata.
If you have SAS Information Delivery Portal at your site, you have the Portal ACT. You might need to
alter the membership of the Portal ACT.
Note: The permission patterns of these predefined ACTs should not be modified.
Note: If you need to modify the repository ACT, a best practice is to not change the current repository
ACT. Create a new ACT with the settings that you want, and designate it as the repository ACT.
This enables you to revert to the previous repository ACT, if needed.
Applying an ACT
When you apply an ACT to an object, the ACT settings are added to the
object’s protections.
28
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-29
Other permissions are specialized and affect only certain types of items.
29
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Only permissions relevant to the item are displayed on the Authorization tab.
WriteMemberMetadata Permission
A grant (or deny) of WMM on a folder becomes an inherited grant (or deny)
of WM on the objects in that folder. WMM is not inherited from one folder
to another.
30
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Note: Anyone who has a grant of WM on a folder should not be denied WMM on that same folder.
Note: If WMM is not set directly on a folder, the WMM setting mirrors the WM setting. WMM is never
inherited from a parent object.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-30 Chapter 6 Securing Metadata
CheckInMetadata Permission
31
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Administer Permission
For the metadata server, the ability to stop, pause, resume, and quiesce is
managed by the Metadata Server: Operation role, not by the Administer
permission.
32
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-31
Data Permissions
Read (R) Read data via certain objects (for example, cubes,
information maps, LASR tables, or data accessed via the
metadata LIBNAME engine (MLE)).
Create (C) Add data via the metadata LIBNAME engine.
Write (W) Update data via certain objects: data accessed via
publishing channels or the metadata LIBNAME engine.
Delete (D) Delete data via the metadata LIBNAME engine.
33
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Caution: Some clients such as SAS Data Integration Studio and SAS Enterprise Guide enable users to
create and run SAS programs that access data directly and bypass metadata layer controls.
Using metadata-bound libraries will disable these users by passing metadata library controls.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-32 Chapter 6 Securing Metadata
34
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Explicit and ACT settings on an object always have priority over settings on the object’s parent.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-33
35
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-34 Chapter 6 Securing Metadata
Permission conditions constrain explicit grants of the Read permission on OLAP dimensions (limiting
access to members) or information maps (limiting access to rows). On the Authorization tab, the presence
of an Edit Condition or Edit Authorization button indicates that a permission condition is assigned
to the currently selected user or group.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-35
3. Click the Authorization tab. Only the RM, WM, CM, and A permissions are listed.
4. Click Cancel.
5. Click the Folders tab.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-36 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-37
8. Click the Advanced tab. The ApplicablePermissions property identifies the permissions that
are applicable to this type of item.
9. Click Cancel.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-38 Chapter 6 Securing Metadata
Exercises
2. Assigning WriteMetadata and WriteMemberMetadata Permissions
Log on to SAS Management Console as Ahmed. Run an ad hoc backup, with a comment of Before
adding parent and child folders.
b. Right-click the Chocolate Enterprises folder and select New Folder. Name the new folder
Parent and click OK.
c. Right-click the Parent folder and select Open.
g. Change the explicit grant of WriteMetadata for PUBLIC back to no explicit control by clicking
the WriteMetadata field and selecting the option. How does this affect WMM permission for
PUBLIC?
h. Add an explicit grant of WMM permission for PUBLIC. How does this affect WM permission for
PUBLIC?
i. Remove the explicit WMM permission grant for PUBLIC. How does this affect WM permission
for PUBLIC?
j. Add Alex to the Authorization for the Parent folder with an explicit denial of WM permission and
an explicit grant of WMM permission.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-39
k. Right-click the Parent folder and select New Folder. Name the new folder Child and click OK.
l. Right-click the Child folder and select Open.
m. From the drop-down menu, select Authorization.
n. On the Authorization page of the Child folder, what are the settings for WM permission and
WMM permission for Alex?
o. Do not log off from SAS Environment Manager.
p. Log on to SAS Management Console as Alex using the password Student1. (You cannot do steps
q through s in SAS Environment Manager because Alex is not a member of any role in SAS
Environment Manager and thus cannot authenticate to the Environment Manager Server.)
Note: You can open another SAS Management Console session by selecting Start
SAS Management Console. Or you can disconnect as Ahmed in the current session
by selecting File Connection Profile and reconnecting as Alex.
q. Right-click My Folder.
Are the following actions available or dimmed: New Folder, New Stored Process, Rename,
and Delete?
r. Right-click the Chocolate Enterprises folder. Are the following actions available or dimmed:
New Folder, New Stored Process, Rename, and Delete?
s. Right-click the Parent folder. Are the following actions available or dimmed: New Folder, New
Stored Process, Rename, and Delete?
t. In SAS Environment Manager, delete the Parent folder. However, you must first delete the Child
folder.
1) Right-click the Child folder and select Delete.
2) Click Yes to confirm the delete request.
3) Right-click the Parent folder and select Delete.
4) Click Yes to confirm the delete request.
a. On the Folders tab, right-click Chocolate Enterprises and select New Folder. Create
a new folder named Parent.
b. Right-click the Parent folder. Select Properties and click the Authorization tab. Select PUBLIC
and add an explicit grant of WM permission. How does this affect WMM permission for
PUBLIC?
c. Select the grant WriteMetadata box for PUBLIC again to clear the explicit setting. How does
this affect WMM permission for PUBLIC?
d. Add an explicit grant of WMM permission for PUBLIC. How does this affect WM permission
for PUBLIC?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-40 Chapter 6 Securing Metadata
e. Remove the explicit WMM permission grant for PUBLIC. How does this affect WM permission
for PUBLIC?
f. Add Alex to the permissions list for the Parent folder with an explicit denial of WM permission
and an explicit grant of WMM permission.
g. Right-click the Parent folder and select New Folder. Create a new folder named Child.
h. On the Authorization tab of the Child folder, select Alex. What are the settings for WM
and WMM permissions?
i. Log on to SAS Management Console as Alex using the password Student1.
Note: You can open another SAS Management Console session by selecting Start
SAS Management Console. Or you can disconnect as Ahmed in the current session
by selecting File Connection Profile and reconnecting as Alex.
j. Right-click My Folder. Are the following actions available or dimmed: New Folder, New Stored
Process, Rename, and Delete?
k. Right-click the Chocolate Enterprises folder. Are the following actions available or dimmed:
New Folder, New Stored Process, Rename, and Delete?
l. Right-click the Parent folder. Are the following actions available or dimmed: New Folder, New
Stored Process, Rename, and Delete?
m. Delete the Parent folder. You need to log on as Ahmed to delete the Parent folder because Alex
does not have the authorization to do so.
3. Adjusting Conflicting Permission Settings
You can use SAS Environment Manager or SAS Management Console to do this exercise. Refer to
the solutions for step-by-step instructions.
a. Create a new metadata group named Group A. Assign Harvey as a member.
b. Create a new metadata group named Group B. Assign Harvey as a member.
c. Create an ACT named Allow Group A, which grants an RM permission to Group A.
d. Apply the Allow Group A ACT to the Shared Data folder (on the Authorization tab in SAS
Management Console, or the Apply ACT property in SAS Environment Manager).
e. Add Group B to the Authorization of the Shared Data folder and deny RM permission.
f. What is the effective permission for Harvey on the Shared Data folder?
Note: Use the Permissions Inspector in SAS Environment Manager.
Note: Use the Advanced option on the Authorization tab in SAS Management Console.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-41
a. Only PUBLIC is affected and the settings for the other users and groups
remain unchanged.
b. Only PUBLIC and SASUSERS are affected and the settings for the other
users and groups remain unchanged.
c. PUBLIC is denied RM, which overrides all explicit, ACT, and indirect
settings for the other users and groups.
d. PUBLIC is denied RM, which overrides all indirect settings for the other
users and groups but does not override explicit or ACT settings for other
users and groups.
39
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If an ACT includes settings for Ellen and you apply the ACT to an object that
already lists Ellen on the authorization of an object, what happens to Ellen’s
permissions?
41
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-42 Chapter 6 Securing Metadata
You are given only these settings for the authorization of an object and Eric’s
identity hierarchy:
User or Group Permission Setting
HR Explicit grant RM
Report Creator ACT deny RM
SASUSERS Indirect grant RM
PUBLIC Indirect deny RM
44
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.2 Exploring Metadata Per missions and ACTs 6-43
You are given only these settings for the authorization of an object and
Eric’s identity hierarchy:
User or Group Permission Setting
HR ACT grant RM
Report Creator ACT deny RM
SASUSERS Indirect grant RM
PUBLIC Indirect deny RM
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-44 Chapter 6 Securing Metadata
You are given only these settings for the authorization of an object and
Eric’s identity hierarchy:
50
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-45
Objectives
53
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
54
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-46 Chapter 6 Securing Metadata
P U B LIC
S A S U SERS
S A S Administrators
S A S System Services
M a r keting S a l es
55
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-47
SAS EV Guests
O rion Star …
S A S Ad ministrator Us ers
A n alysts
S ales
M arketing custom groups
M anagers
56
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-48 Chapter 6 Securing Metadata
Custom Groups
Custom groups can be based on the following:
Executive Oversight Group that needs limited or complete access across all groups
57
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Note: Groups can be synchronized with groups from your authentication provider, such as LDAP.
Baseline ACTs
58
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-49
Baseline ACTs
The Hi de ACT prevents visibility for users who are not in the
SAS Administrators group and gives SAS administrators and service
identities exclusive Read access to metadata.
RM WM WMM CM A R W C D
PUBLIC
SAS Administrators
SAS System Services
59
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Baseline ACTs
The Protect ACT prevents updates, deletions, and contributions by users who
are not in the SAS Administrators group and gives SAS administrators
exclusive Write access to metadata.
RM WM WMM CM A R W C D
PUBLIC
SAS Administrators
60
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
These grants ensure that administrators can manage all metadata. If you need to separate administration
privileges, this approach is not granular enough. If you do not want the SAS Administrators group to have
universal access, consider creating parallel sets of baseline ACTs. For example, to separate administration
for an East region and a West region, you might create ACTs such as Hide_East, Hide_West. In each
baseline ACT pattern, you would replace the SAS Administrators group with a narrower administrative
group (for example, East_Admins, West_Admins). The denials to PUBLIC and grants to the SAS System
Services group would not change. Any unrestricted users can still access everything.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-50 Chapter 6 Securing Metadata
Project Folders
If you choose to create project folders, you need to decide the following:
• who should be able to create and modify the project folders themselves
• who should be able to create and modify content within the folders
61
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
You can enable all members of the organizational group to access the project
folders and create and modify the content within those folders.
62
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-51
If you have a central group that creates all content, you could secure the
organizational folders as follows:
63
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Reporting on Metadata
There are various methods to report on your metadata inventory and security
in your platform environment:
• Report Center in SAS Environment Manager
• SAS security macros
• Batch tools
64
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-52 Chapter 6 Securing Metadata
Administration Scenario
The Finance and Shipping Departments of the Orion Star Company need to
be set up in the existing SAS environment. You, as the SAS administrator, need
to do the following:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-53
Exercises
Exercise scenario: The Finance and Shipping Departments of the Orion Star Company need
to be set up in the existing SAS environment.
Metadata identities were added previously with the import macros.
Exercise 4: Custom folders will be created under the Orion Star folder representing the departments.
Exercise 5 and 6: Content will be imported into the new folders.
Exercise 7: Baseline ACTs will be created and applied to the folders.
Exercise 8: Group identities will be added to the appropriate folders with explicit grants.
Use the Metadata Manager Plug-in in SAS Management Console to run an ad hoc backup of metadata,
with the comment Backup before adding folder content and security on Orion Star.
4. Creating Custom Folders
Note: You have the option of using SAS Environment Manager Administration or SAS
Management Console for the exercise. There are step-by-step instructions, but the solutions
offer more steps and screen shots.
a. Create the Finance Department and Shipping Department folders under the Orion Star folder.
b. Create the Payables and Receivables folders under Finance Department.
Note: You can use the sas-make-folder batch tool to create the folders. See solution step 4b.
5. Importing a Package of Folders
Note: The import and export tools are available only in SAS Management Console, or as batch
tools.
a. Import Folder Set.spk into Orion Star Finance Department Payables.
Right-click the Payables folder and select Import SAS Package.
In the first step, navigate to D:\Workshop\spaft and select Folder Set.spk to import. Click OK.
Follow the wizard window steps without making any changes.
b. Import the same package, Folder Set.spk, but this time import it into Orion Star Finance
Department Receivables.
6. Creating a Package
Note: The import and export tools are available only in SAS Management Console, or as batch
tools.
a. Use the Export SAS Package Wizard to create a package from the Orion Star Marketing
Department Stored Processes folder. Save the package in
D:\Workshop\spaft\export_sp.spk. Also, on the first step in the wizard, select Include
dependent objects when retrieving initial collection of objects.
b. Import export_sp.spk in the Orion Star Shipping Department folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-54 Chapter 6 Securing Metadata
6) Click the Add Identities button in the upper right toolbar to add PUBLIC, SAS System
Services, and SAS Administrators.
7) Search PUBLIC and move the identity to the Identities to add pane. Repeat for SAS System
Services and SAS Administrators. Click OK.
Note: In order to see the entire Add Identities window, you might need to maximize the
Administration page.
8) Click in the ReadMetadata field for PUBLIC and select Deny.
Verify that SAS System Services is granted RM.
Verify that SAS Administrators is granted RM.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-55
d. Secure the Protect ACT. Follow step b (or follow the step-by step solutions).
e. Apply the Protect ACT to the Orion Star folder.
1) Right-click Orion Star folder and select Open.
2) From the drop-down menu, select Apply ACT.
3) Select Protect ACT and click Save.
4) View the authorization settings of the Orion Star folder. From the drop-down menu, select
Authorization.
Notice that the SASUSERS group still has ReadMetadata but only SAS Administrators can
modify or delete any content from this folder and below. And the ReadMetadata permissions
are coming from somewhere else except for SAS Administrators, which is coming from the
Protect ACT.
5) Click Close in the upper right toolbar to return to the Folders view.
f. Apply the Hide ACT to the four department folders below the Orion Star folder.
1) Right-click the Finance Department folder and select Open.
2) From the drop-down menu, select Apply ACT.
3) Select Hide ACT and click Save.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-56 Chapter 6 Securing Metadata
4) View the authorization settings of the Finance Department folder. From the drop-down menu,
select Authorization.
Notice that only SAS Administrators have visibility because of the Hide ACT that was
applied. We will grant access back to the appropriate groups in the next exercise.
5) Click Close in the upper right toolbar to return to the Folders view.
6) Apply the Hide ACT to the Marketing Department, Sales Department, and Shipping
Department folders by repeating steps 1-5.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-57
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-58 Chapter 6 Securing Metadata
6) Highlight SAS Administrators and verify that RM is granted and grant WM, CM, and W.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-59
f. Apply the Hide ACT to the four department folders below the Orion Star folder.
1) Right-click the Finance Department folder and select Properties.
2) Click the Authorization tab, and click Access Control Template.
3) Move Hide ACT over to Currently Using and click OK.
4) Review the authorization settings.
Notice that SASUSERS is denied ReadMetadata because the group is a subgroup of
PUBLIC, which is denied ReadMetadata through the HIDE ACT. But SAS Administrators
still have visibility. You will grant access back to the appropriate groups in the next exercise.
Apply the Hide ACT to the Marketing Department, Sales Department, and Shipping
Department folders by repeating steps 1-4.
8. Adding Groups to Folders
Note: You can use SAS Environment Manager or SAS Management Console to add identities to
folders and set permissions on folders. Refer to the solutions for step-by-step instructions.
Note: There is an automatic grant of ReadMetadata for any identity that is added to the
Authorization of an object.
Note: The group identities added will be automatically added to the subfolders’ authorization with
the same permissions inherited, and Power Users will also have WM indirectly granted
because they were given WMM on the parent folder.
a. Right-click the Finance Department folder and select Open.
b. Under the drop-down menu, select Authorization.
c. Add Finance and Power Users to the Authorization.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-60 Chapter 6 Securing Metadata
4) Click OK.
d. Verify that the two groups added have ReadMetadata.
1) Click in the Read field for Finance and select Grant.
2) Click in the WriteMemberMetadata field for Power Users and select Grant.
3) Give grants for CheckInMetadata and Read fields for Power Users as well.
e. Save your changes in the upper right toolbar and click Close.
f. Repeat steps a through e for the other three folders: Marketing Department, Sales Department, and
Shipping Department.
Note: There is an automatic grant of ReadMetadata for any identity that is added to the
Authorization of an object.
Note: The group identities added will be automatically added to the subfolders’ authorization with
the same permissions inherited, and Power Users will also have WM indirectly granted
because they were given WMM on the parent folder.
a. Right-click the Finance Department folder and select Properties.
b. Click Add on the Authorization tab of the Finance Department folder.
c. Clear Show Users so that you show only a list of groups.
d. Select Finance and Power Users in the Available Identities list and click to move the
identity to the Selected Identities list.
e. Click OK.
f. Verify that the two groups added have ReadMetadata.
1) Grant Finance the Read permission as well.
2) Grant Power Users the WriteMemberMetadata, CheckinMetadata, and Read permissions as
well.
g. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-61
h. Repeat steps a through g for the other three folders: Marketing Department, Sales Department,
and Shipping Department.
9. (Optional) Verifying Access
a. Verify the access of someone who is a power user, such as Kari, who is a member of the Data
Integrators group. She should be able to add and modify content in any subfolders of the Orion
Star folder.
b. Verify the access of someone who is in a department group, and not in Orion Star Users (the
power user group), such as Lynn. She is in the Marketing group, so verify her access to the
Marketing Department folder, as well as her access to one of the other department folders, such as
Finance Department.
Note: Use the Permissions Inspector in SAS Environment Manager.
Note: Use the Advanced option on the Authorization tab in SAS Management Console.
c. Impersonating an end user, log on to a client application such as SAS Enterprise Guide.
1) Open SAS Enterprise Guide. Click My Server in the bottom right of the interface to modify
the connection profile.
2) Click Modify.
3) Enter Kari as the user. No other changes are needed. (Student1 is the password for
everyone.)
4) Can Kari rename, delete, and add a new folder to the Finance Department folder? If so, she
has the appropriate permissions for a power user.
5) Click My Server and modify the connection profile, but this time log on as Lynn.
6) Can Lynn see any folders under the Orion Star folder, other than her own department folder
of Marketing Department? Can she rename, delete, and add a new folder to the Marketing
Department folder? If not, she has the appropriate permissions for a report consumer in the
Marketing group.
10. (Optional) Reporting on Security
SAS provides a macro, %Mdsecds, to help you extract, filter, and format authorization data
for a specified set of identities, permissions, and objects. This macro is documented in
SAS® 9.4 Intelligence Platform: Security Administration Guide.
Note: In SAS 9.4, the sas-show-metadata-access batch tool can generate the same information
as the %Mdsecds macro. For information about the batch tool, refer to SAS® 9.4 Intelligence
Platform: Security Administration Guide.
Note: The output of the %Mdsecds macro is SAS data sets. You can create your own reports
from these data sets (through SAS programming or an information map and a web report).
A sample reporting program is provided with your software in the following location:
SAS-installation-directory/SASFoundation/9.4/samples/base/secrpt.sas
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-62 Chapter 6 Securing Metadata
a. In SAS Enterprise Guide, use the %Mdsecds macro to identify the permissions that are set
on the Finance folder. (If you did not do the previous exercises from this chapter, use the
Marketing folder.)
Note: For example, if you want to identify the permissions on the Marketing Department folder,
use the following syntax:
options metaserver=sasserver metauser="Ahmed"
metapass="Student1";
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-63
68
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
69
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-64 Chapter 6 Securing Metadata
71
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The Private User Folder ACT does not include permissions for individual users
such as Barbara. How is Barbara granted access to her My Folder?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-65
What should the setting for PUBLIC for RM be on the Protect ACT?
a. Deny
b. Grant
c. nothing, because the context in which the ACT is applied should
determine the setting
74
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
continued...
General Guidelines
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-66 Chapter 6 Securing Metadata
General Guidelines
• To hide a subfolder branch, apply the Hide ACT to a particular folder and
grant back RM permission to any groups who should have access.
• Use PUBLIC as the broadest group to deny access and then grant access
back to the appropriate group.
• Secure resources with a combination of inherited settings and ACTs. Use
explicit permission settings sparingly.
• Apply security to groups, not users, Include explicit groups on an ACT only
to grant access, never deny. You can deny access to implicit groups on ACTs.
• Always have a designated repository ACT.
77
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
78
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.3 Customizing SAS Folders 6-67
You should be aware of the following components that have been put in place during the installation and
deployment process:
SAS Metadata Server
SAS Application Server components
Other SAS Servers
Ports that are used by each server to listen for incoming requests
Configuration directories that store configuration files, logs, scripts, and special-purpose SAS data sets
on each SAS server machine and each middle-tier machine
Initial SAS users, groups, and roles that have been defined, both on your host OS and the SAS
Metadata Repository
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-68 Chapter 6 Securing Metadata
6.4 Solutions
Solutions to Exercises
1. Exploring Identity Hierarchy and Object Inheritance on a Folder
Note: You have the option of using SAS Environment Manager Administration or SAS
Management Console for the exercises in this chapter. There are step-by-step instructions, but
the solutions offer more steps and screen shots.
Verify that you are logged on to SAS Management Console as Ahmed. Run an ad hoc backup, with
the following comment: Backup Before Adding Security on Chocolate Enterprises
a. Open Internet Explorer from the client machine using the taskbar. Click SAS Environment
Manager on the Favorites bar. Sign in to SAS Environment Manager as Ahmed with the
password Student1.
b. Click the Administration tab. The Folders page is the initial view. If you are already on the
Administration page and another view, click the Side menu and select Folders. Right-click the
Chocolate Enterprises folder and select Open to get to the metadata properties.
Can you remove any of the groups listed under Users and Groups? Why or why not?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-69
Click the square to the left of the identity to highlight the identity. Click the Remove Identities
button in the upper right toolbar.
The four groups listed cannot be removed because they are coming from the Repository
ACT.
d. Add the following three group identities: Application Developers, Data Integrators, and
Report Content Creators.
1) Click the Add button in the upper right toolbar to open the Add Identities window.
2) You can enter a few letters of the group name and press Enter, or click the Search button
. Highlight the group and move it over to the Identities to Add pane.
3) Do this for all three groups before clicking OK.
4) Save the changes by clicking the Save button in the upper right toolbar.
What permission is automatically granted to an identity when added?
The newly added groups are automatically given a grant of ReadMetadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-70 Chapter 6 Securing Metadata
Note: You can click a permission field, and a window appears that identifies the type of
permission and where it comes from.
e. Right-click Data Integrators and select Open. From the drop-down menu, select Member of.
f. Right-click Power Users and select Open to go to the properties of this group identity.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-71
h. Click the Previous Level button in the upper left of the page to go back to the Authorization
properties of Data Integrators and click the Previous Level button again to go back to the
Authorization properties of the Chocolate Enterprises folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-72 Chapter 6 Securing Metadata
i. Remove the three group identities (Application Developers, Data Integrators, and Report
Content Creators) from the Authorization properties.
1) Click in the square to the left of the identity to highlight it.
Note: You can hold the Ctrl key while selecting all three group identities and delete all three
at once.
1) Click the Add button in the upper right toolbar to open the Add Identities window.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-73
2) Type Power in Available identities and press Enter. Move Power Users over to the Identities
to Add pane. Click OK.
k. The ReadMetadata permission is automatically granted. You need to give grants for the
WriteMemberMetadata, CheckInMetadata, and Read permissions.
1) Click within the permission field and select Grant from the list. Do the same for the other
two permissions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-74 Chapter 6 Securing Metadata
l. Use the Permissions Inspector to look up the effective permissions for any identity. The
Permissions Inspector is represented by the button in the upper right toolbar of the
Authorization page of the object that you are inspecting (in this case, the Chocolate Enterprises
folder).
m. Enter Kari in the field and select Kari from the drop-down list.
Kari’s effective permissions for this object (Chocolate Enterprises folder) are displayed. She is a
member of the Data Integrators group, which is a member of the Power Users group. The same
permissions are applied indirectly for Kari through her identity hierarchy.
n. Click Close to exit the Permissions Inspector and return to the folder tree by clicking the arrow
next to Chocolate Enterprises in the upper left of the page.
o. Go to the Authorization page of the Data folder under the Chocolate Enterprises folder.
Note: You might need to refresh the view or close out completely of the Administration page to
see the permission changes that you made in previous steps.
Right-click Data and select Open. From the drop-down menu, select Authorization.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-75
Can you remove any of the groups listed under Users and Groups? Why or why not?
The four groups listed cannot be removed because they are coming from the Repository
ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-76 Chapter 6 Securing Metadata
b. Add the following three groups to the Authorization tab: Application Developers, Data
Integrators, and Report Content Creators.
Note: You can hold down the Ctrl key, highlight all three at once, and then select the single
arrow to move them over to the Selected Identities pane.
What permission is automatically granted to an identity when added?
The newly added groups are automatically given a grant of ReadMetadata.
c. Highlight Data Integrators and select Properties. This displays the properties of the Data
Integrators group, but as Read-only.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-77
d. Click the Groups and Roles tab. What group is Data Integrators a member of?
f. Click Cancel and then Close to return to the Chocolate Enterprises folder properties.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-78 Chapter 6 Securing Metadata
g. Remove the three groups (Application Developers, Data Integrators, and Report Content Creators)
from the Users and Groups window.
Hold down the Ctrl key and highlight the three groups. Then select Remove.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-79
i. The ReadMetadata permission is automatically granted and you need to give grants for the
WriteMemberMetadata, CheckInMetadata, and Read permissions. Do not click OK. You need to
stay on the Authorization tab to get to the Advanced button referenced in j.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-80 Chapter 6 Securing Metadata
k. Click the Explore Authorizations tab. Enter Kari in the Name or Display Name field.
Click Search Now. Kari’s effective permissions for this item are displayed. She is a member
of the Data Integrators group, which is a member of the Power Users group. The same
permissions are applied indirectly for Kari through her identity hierarchy.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-81
o. Can you remove the Power Users group from the Authorization tab of the Data folder?
Why not?
The group was added to the Chocolate Enterprises properties (the parent folder) and
therefore cannot be removed from lower objects.
Note: There is also an indirect grant of WriteMetadata. A grant (or deny) of WMM on a folder
becomes an inherited grant (or deny) of WM on the objects in that folder. This is
discussed in the next section.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-82 Chapter 6 Securing Metadata
p. (Optional) If you do not want Power Users to modify or delete these folders below the Chocolate
Enterprises folder, select Deny for WriteMetadata (notice that WriteMemberMetadata switches
automatically to indirect deny), and then select Grant for WriteMemberMetadata.
2. Assigning WriteMetadata and WriteMemberMetadata Permissions
Log on to SAS Management Console as Ahmed. Run an ad hoc backup, with a comment of Before
adding parent and child folders.
b. Right-click the Chocolate Enterprises folder and select New Folder. Name the new folder
Parent and click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-83
e. Add an explicit grant of WM permission for PUBLIC. Click in the WriteMetadata field for
PUBLIC and select Grant from the list. How does this affect WMM permission for PUBLIC?
It changes the WMM permission to a Grant.
f. Click in the WriteMemberMetadata field for PUBLIC and select Show Origins.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-84 Chapter 6 Securing Metadata
g. Change the explicit grant of WriteMetadata for PUBLIC back to no explicit control by clicking
the WriteMetadata field and selecting the option.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-85
j. Add Alex to the Authorization page for the Parent folder with an explicit denial of WM permission
and an explicit grant of WMM permission.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-86 Chapter 6 Securing Metadata
k. Right-click the Parent folder and select New Folder. Name the new folder Child and click OK.
n. On the Authorization page of the Child folder, what are the settings for WM permission and
WMM permission for Alex?
Both WM and WMM permissions are granted indirectly. Because he was explicitly granted
WMM on the Parent folder, he indirectly has WM on the child folder and any objects below
the Parent folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-87
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-88 Chapter 6 Securing Metadata
t. In SAS Environment Manager, delete the Parent folder. However, you must first delete the Child
folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-89
a. On the Folders tab, right-click Chocolate Enterprises and select New Folder. Create a new
folder named Parent.
1) On the Folders tab, right-click Chocolate Enterprises and select New Folder.
2) Enter the name Parent and click Finish.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-90 Chapter 6 Securing Metadata
b. Right-click the Parent folder. Select Properties, and click the Authorization tab. Select
PUBLIC and add an explicit grant of WM permission. How does this affect WMM permission
for PUBLIC?
It changes the WMM permission to Grant with an indirect background color.
c. Select the grant WriteMetadata box for PUBLIC again to clear the explicit setting. How does
this affect WMM permission for PUBLIC?
It changes both WM and WMM permission back to indirect Deny.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-91
d. Add an explicit grant of WMM permission for PUBLIC. How does this affect WM permission for
PUBLIC?
No change for WM
e. Remove the explicit WMM permission grant for PUBLIC. How does this affect WM permission
for PUBLIC? No change for WM permission
f. Add Alex to the permissions list for the Parent folder with an explicit denial of WM permission
and an explicit grant of WMM permission.
1) Click Add.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-92 Chapter 6 Securing Metadata
2) Select Alex from the list in the Available Identities list box. Click to move Alex
to the Selected Identities list box. Click OK to add Alex to the folder.
3) Select Deny for WriteMetadata and Grant for WriteMemberMetadata. Click OK to save
the changes.
g. Right-click the Parent folder and select New Folder. Create a new folder named Child.
Click Finish to create the folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-93
h. On the Authorization tab of the Child folder, select Alex. What are the settings for WM
permission and WMM permission?
Both WM and WMM permissions are granted indirectly.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-94 Chapter 6 Securing Metadata
k. Right-click the Chocolate Enterprises folder. Are the following actions available or dimmed:
New Folder, New Stored Process, Rename, and Delete?
None are available. This is because he does not have WMM on the Chocolate Enterprises
folder (the ability to add content in the folder) nor WM (the ability to modify the metadata
folder definition itself).
l. Right-click the Parent folder. Are the following actions available or dimmed: New Folder, New
Stored Process, Rename, and Delete?
Alex can add a folder and stored process but cannot rename or delete this folder. This
is because he has WMM (the ability to add content in the folder) but not WM (the ability
to modify the metadata folder definition itself).
m. Delete the Parent folder. You need to log on as Ahmed to delete the Parent folder because Alex
does not have the authorization to do so.
1) Right-click the Parent folder and select Delete from the drop-down menu.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-95
3) Click the Add User/Group/Role button in the upper right toolbar and select New
Group.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-96 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-97
1) Click the Add User/Group/Role button in the upper right toolbar and select
New Group.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-98 Chapter 6 Securing Metadata
5) Search for Harvey and move the identity to the Direct members pane. Click OK.
3) Right-click Access Control Templates and select New Access Control Template.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-99
7) Add Group A by clicking the Add button in the upper right toolbar.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-100 Chapter 6 Securing Metadata
8) Search for Group A and move the identity to the Identities to add pane. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-101
3) Check the box next to the Allow Group A ACT. Save the changes but do not close out.
e. Add Group B to the Authorization of the Shared Data folder and deny RM permission.
1) From the drop-down menu, select Authorization.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-102 Chapter 6 Securing Metadata
f. What is the effective permission for Harvey on the Shared Data folder?
Note: Use the Permissions Inspector in SAS Environment Manager.
Note: Use the Advanced option on the Authorization tab in SAS Management Console.
Harvey is denied all permissions.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-103
3) Click the Members tab. Select Harvey and move it to the Current Members list box.
Click OK.
3) Click the Members tab. Select Harvey and then click to move it to the Current Members
list box.
4) Click OK.
c. Create an ACT named Allow Group A, which grants RM permission to Group A.
1) Expand Authorization Manager.
2) Right-click Access Control Templates and select New Access Control Template.
3) Enter Allow Group A for the name.
4) On the Permission Pattern tab, add Group A and grant RM permission.
5) Click OK.
d. Apply the Allow Group A ACT to the Shared Data folder (on the Authorization tab in SAS
Management Console, or the Apply ACT property in SAS Environment Manager).
1) Right-click the Shared Data folder and select Properties. Click the Authorization tab.
2) Click Access Control Templates.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-104 Chapter 6 Securing Metadata
3) Expand Foundation and select Allow Group A in the Available list box. Click to move
it to the Currently Using list box.
4) Click OK.
e. Add Group B to the Authorization of the Shared Data folder and deny RM permission.
1) Click Add. Select Group B and then click to it move it to the Selected Identities list box.
2) Click OK.
3) Explicitly deny RM for Group B and make sure that the other permissions are indirectly
denied.
4) Click OK.
f. What is the effective permission for Harvey on the Shared Data folder?
Note: Use the Permissions Inspector in SAS Environment Manager.
Note: Use the Advanced option on the Authorization tab in SAS Management Console.
Harvey is denied all permissions.
4. Creating Custom Folders
Use the Metadata Manager Plug-in in SAS Management Console to run an ad hoc backup
of metadata, with the comment Backup before adding folder content and security on Orion Star.
Note: You have the option of using SAS Environment Manager Administration or SAS
Management Console for the exercise. There are step-by-step instructions, but the solutions
offer more steps and Display captures.
Note: You can use the sas-make-folder batch tool to create the folders. See solution step 4b.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-105
a. Create the Finance Department and Shipping Department folders under the Orion Star folder.
1) Select Folders from the Side menu. Right-click the Orion Star folder and select New
Folder.
a. Create the Finance Department and Shipping Department folders under the Orion Star folder.
1) Right-click Orion Star folder and select New Folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-106 Chapter 6 Securing Metadata
1. Navigate to /opt/sas/SASHome/SASPlatformObjectFramework/9.4/tools.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-107
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-108 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-109
2) Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-110 Chapter 6 Securing Metadata
6. Creating a Package
Note: The import and export tools are available only in SAS Management Console, or as batch
tools.
a. Use the Export SAS Package Wizard to create a package from the Orion Star Marketing
Department Stored Processes folder. Save the package in
D:\Workshop\spaft\export_sp.spk. Also, in the first step in the wizard, select Include
dependent objects when retrieving initial collection of objects.
1) Right-click Orion Star Marketing Department Stored Processes and select
Export SAS Package.
2) Navigate to the location D:\Workshop\spaft. Name the file export_sp.spk. Select Include
dependent objects when retrieving initial collection of objects. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-111
3) Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-112 Chapter 6 Securing Metadata
2) Browse the location of the export_sp.spk file that was just created. If you are doing this
in sequence, the location and file will automatically show up in the browse location.
Click Next.
3) No more changes are needed, so click Next four times. Click Finish.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-113
2) Right-click Access Control Templates and select New Access Control Templates.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-114 Chapter 6 Securing Metadata
3) Enter Hide ACT in the Name field and add a description if you choose. Click OK.
6) Click the Add Identities button in the upper right toolbar to add PUBLIC, SAS System
Services, and SAS Administrators.
7) Search PUBLIC and move the identity to the Identities to add pane. Repeat for SAS System
Services and SAS Administrators. Click OK.
Note: In order to see the entire Add Identities window, you might need to maximize the
Administration page.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-115
2) Change the indirect Deny of ReadMetadata for PUBLIC to a direct Deny. Notice how this
affects the other identities on the authorization of this object.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-116 Chapter 6 Securing Metadata
4) Apply the SAS Administrator Settings ACT to this object to grant back ReadMetadata to SAS
Administrators and SAS System Services. From the drop-down menu, select Apply ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-117
2) Enter Protect ACT in the Name field and add a description if you choose. Click OK.
5) Click the Add Identities button in the upper right toolbar to add PUBLIC, SAS System
Services, and SAS Administrators.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-118 Chapter 6 Securing Metadata
6) Search PUBLIC and move the identity to the Identities to add pane. Repeat for SAS
Administrators. Click OK.
Note: In order to see the entire Add Identities window, you might need to maximize the
Administration page.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-119
2) Change the indirect Deny of ReadMetadata for PUBLIC to a direct Deny. Notice how this
affects the other identities on the authorization of this object.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-120 Chapter 6 Securing Metadata
7) Click Close to close out of the properties for the Protect ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-121
4) View the authorization settings of the Orion Star folder. From the drop-down menu, select
Authorization.
Notice that the SASUSERS group still has ReadMetadata but only SAS Administrators can
modify or delete any content from this folder and below. And the ReadMetadata permissions
are coming from somewhere else except for SAS Administrators, which is coming from the
Protect ACT.
5) Click Close in the upper right toolbar to return to the Folders view.
f. Apply the Hide ACT to the four department folders below the Orion Star folder.
1) Right-click the Finance Department folder and select Open.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-122 Chapter 6 Securing Metadata
4) View the authorization settings of the Finance Department folder. From the drop-down menu,
select Authorization.
Notice that only SAS Administrators have visibility, because of the Hide ACT that was
applied. We will grant access back to the appropriate groups in the next exercise.
5) Click Close in the upper right toolbar to return to the Folders view.
6) Apply the Hide ACT to the Marketing Department, Sales Department, and Shipping
Department folders by repeating steps 1 through 5.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-123
3) Move to the Permission Pattern tab. Click Add next to Users and Groups. Clear the Show
Users check box to list only groups. Hold down the Ctrl key and click the desired groups:
PUBLIC, SAS System Services, and SAS Administrators. Click to move them to the
Selected Identities pane.
4) Click OK.
5) Highlight PUBLIC and deny RM.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-124 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-125
3) Select PUBLIC and explicitly deny RM, changing the indirect deny of RM to explicit. This
will affect SASUSERS because of identity hierarchy. SASUSERS now have an indirect deny
of RM, whereas before they had indirect grant of RM coming from the Repository ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-126 Chapter 6 Securing Metadata
3) Move to the Permission Pattern tab. Click Add next to Users and Groups. Clear the Show
Users check box to list only groups. Hold down the Ctrl key and click the desired groups:
PUBLIC and SAS Administrators. Click to move them to the Selected Identities pane.
4) Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-127
5) Highlight PUBLIC and deny WM, and then click RM, to remove any grant or deny
6) Highlight SAS Administrators and verify that RM is granted and grant WM, CM, and W.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-128 Chapter 6 Securing Metadata
3) Select PUBLIC and explicitly deny RM, changing the indirect deny of RM to explicit. This
will affect SASUSERS because of identity hierarchy. SASUSERS now have an indirect deny
of RM, whereas before they had indirect grant of RM coming from the Repository ACT.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-129
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-130 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-131
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-132 Chapter 6 Securing Metadata
Note: There is an automatic grant of ReadMetadata for any identity that is added to the
Authorization of an object.
Note: The group identities added will be automatically added to the subfolders’ authorization with
the same permissions inherited, and Power Users will also have WM indirectly granted since
they were given WMM on the parent folder.
a. Right-click the Finance Department folder and select Open.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-133
2) Click in the WriteMemberMetadata field for Power Users and select Grant.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-134 Chapter 6 Securing Metadata
3) Give grants for CheckInMetadata and Read fields for Power Users as well.
e. Save your changes in the upper right toolbar and click Close.
f. Repeat steps a through e for the other three folders: Marketing Department, Sales Department, and
Shipping Department.
Note: There is an automatic grant of ReadMetadata for any identity that is added to the
Authorization of an object.
Note: The group identities added will be automatically added to the subfolders’ authorization with
the same permissions inherited, and Power Users will also have WM indirectly granted since
they were given WMM on the parent folder.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-135
d. Select Finance and Power Users in the Available Identities list and click to move the
identity to the Selected Identities list.
e. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-136 Chapter 6 Securing Metadata
g. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-137
h. Repeat steps a through g for the other three folders: Marketing Department, Sales Department,
and Shipping Department.
9. (Optional) Verifying Access
a. Verify the access of someone who is a power user, such as Kari, who is a member of the Data
Integrators group. She should be able to add and modify content in any subfolders of the Orion
Star folder.
b. Verify the access of someone who is in a department group, and not in Orion Star Users (the
power user group), such as Lynn. She is in the Marketing group, so verify her access to the
Marketing Department folder, as well as her access to one of the other department folders, such as
Finance Department.
Note: Use the Permissions Inspector in SAS Environment Manager.
Note: Use the Advanced option on the Authorization tab in SAS Management Console.
c. Impersonating an end user, log on to a client application such as SAS Enterprise Guide:
1) Open SAS Enterprise Guide. Click My Server in the bottom right of the interface to modify
the connection profile.
2) Click Modify.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-138 Chapter 6 Securing Metadata
3) Enter Kari as the user. No other changes are needed. (Student1 is the password for
everyone.)
5) Click My Server and modify the connection profile, but this time log on as Lynn.
Repeat step a.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-139
6) Can Lynn see any folders under the Orion Star folder, other than her own department folder
of Marketing Department? Can she rename, delete, and add a new folder to the Marketing
Department folder? If not, she has the appropriate permissions for a report consumer
in the Marketing group.
a. In SAS Enterprise Guide, use the %Mdsecds macro to identify the permissions that are set
on the Finance folder.
options metaserver=sasserver metauser="Ahmed"
metapass="Student1";
%mdsecds(folder="\Orion Star\Marketing Department",
includesubfolders=no);
b. Use the %Mdsecds macro to identify the effective permissions of a Finance member
on the Finance folder.
options metaserver=sasserver metauser="Ahmed"
metapass="Student1";
%mdsecds(folder="\Orion Star\Marketing Department",
includesubfolders=no, identitynames="Ellen",
identitytypes="Person");
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-140 Chapter 6 Securing Metadata
c. Use the %Mdsecds macro to identify the effective permissions of a Finance member
and the PUBLIC group on the Finance folder.
options metaserver=sasserver metauser="Ahmed"
metapass="Student1";
%mdsecds(folder="\Orion Star\Marketing Department",
includesubfolders=no, identitynames="Ellen,PUBLIC",
identitytypes="Person,IdentityGroup");
d. Refer to the %Mdsecds macro documentation to answer the following questions:
Hint: Refer to the %Mdsecds macro syntax in SAS® 9.4 Intelligence Platform: Security
Administration Guide.
1) If you do not specify the folder option, what is the default starting point?
By default, the starting point is the server root (the SAS Folders node).
2) What option would you use to limit the types of objects that are searched?
MEMBERTYPES
3) What option would you use to limit the permissions that are included?
PERMS
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-141
19
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Given the Authorization tab for the Marketing Department folder, which
identities are on the Authorization tab of any item stored directly under
that folder?
22
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-142 Chapter 6 Securing Metadata
a. Only PUBLIC is affected and the settings for the other users and groups
remain unchanged.
b. Only PUBLIC and SASUSERS are affected and the settings for the other
users and groups remain unchanged.
c. PUBLIC is denied RM, which overrides all explicit, ACT, and indirect
settings for the other users and groups.
d. PUBLIC is denied RM, which overrides all indirect settings for the other
users and groups but does not override explicit or ACT settings for other
users and groups.
40
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If an ACT includes settings for Ellen and you apply the ACT to an object that
already lists Ellen on the authorization of an object, what happens to Ellen’s
permissions?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-143
45
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-144 Chapter 6 Securing Metadata
51
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
70
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6.4 Solutions 6-145
The Private User Folder ACT does not include permissions for individual users
such as Barbara. How is Barbara granted access to her My Folder?
What should the setting for PUBLIC for RM be on the Protect ACT?
a. Deny
b. Grant
c. nothing, because the context in which the ACT is applied should
determine the setting
75
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
6-146 Chapter 6 Securing Metadata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 7 Establishing
Connectivity to Data Sources
7.1 Registering Libraries and Tables in Metadata .......................................................... 7-3
Demonstration: Registering SAS Library and Table Metadata in SAS Environment
Manager ....................................................................................... 7-12
Demonstration: Registering SAS Library and Table Metadata in SAS Management
Console (Optional).......................................................................... 7-21
Exercises............................................................................................................. 7-24
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-3
Objectives
3
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Data Sources
4
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-4 Chapter 7 Establishing Connectivity to Data Sources
The BASE engine is used to access SAS data sets. SAS data sets (tables) are the default SAS storage
format. A SAS table contains data values that are organized as a table of rows and columns. A SAS data
set can be processed by SAS software.
You can use SAS/ACCESS Interface to Oracle or SAS/ACCESS Interface to ODBC to access Oracle
tables. SAS/ACCESS Interface to Oracle uses the Oracle engine. SAS/ACCESS Interface to ODBC uses
the ODBC engine.
Accessing Data
5
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When you write SAS code, the LIBNAME statement, with the appropriate native engine, can be used
in SAS applications that offer a programmatic interface (for example, SAS Enterprise Guide), as well
as in stored processes and batch jobs. You can also include LIBNAME statements in autoexec files.
An alternative to the native engine is to use the META engine in the LIBNAME statement.
libname orstar meta library="Orion Star Library";
The META engine causes a lookup in the metadata for the connection information and metadata
permission check. This is similar to having a user of a SAS application select a table from a list
of metadata-registered tables.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-5
Accessing Data
6
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
If a library is metadata bound, even if a user tries to access it directly, metadata layer permissions
are enforced.
7
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The data can be local to the workspace server machine or in a remote location that is accessed using
a network path. Data cannot be accessed via mapped drives on the SAS Application Server. You must use
the UNC path, such as \\dataserver\sourcetables.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-6 Chapter 7 Establishing Connectivity to Data Sources
8
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The appropriate LIBNAME statement is created from the information retrieved from the metadata.
9
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
SAS/ACCESS must be on the same machine as the SAS process that accesses the data. In a UNIX
environment, the configuration of SAS/ACCESS requires setting some environment variables.
The database client installation and configuration is typically done by a database administrator (DBA).
The DBA has access to tools that help test the configuration and connection to the database server.
Databases typically maintain credentials separate from other authentication providers.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-7
Connection Information
10
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
11
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
For troubleshooting a SAS/ACCESS library configuration when registering tables fails, perform the
following steps:
1. From SAS Management Console, right-click the library icon and select Display LIBNAME
Statement.
2. Start SAS on the SAS server host, or use a client application such as SAS Enterprise Guide, which
includes a Program Editor, and issue the LIBNAME statement displayed from SAS Management
Console.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-8 Chapter 7 Establishing Connectivity to Data Sources
12
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
An authentication domain is a SAS metadata object that pairs logins with the server definitions where
those credentials are correctly authenticated.
For example, an Oracle server definition and the SAS copies of Oracle credentials (outbound logins) have
the same authentication domain value (for example, “OracleAuth”) if those credentials authenticate on
that Oracle Server. Authentication domains can be managed using the Server Manager plug-in or the User
Manager plug-in. Right-click the plug-in and select Authentication Domains.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-9
13
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
N ote: There are some uniqueness requirements when you register libraries
and tables in the metadata.
14
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-10 Chapter 7 Establishing Connectivity to Data Sources
The same library name cannot be used multiple times in the same metadata folder or for the same
application server.
The same table name cannot be used multiple times in the same metadata folder or for the same library.
To associate a library with an application server, you need WM permission for the server and WMM for
the parent folder.
To associate a table with a library, you need WM permission for the library and WMM for the parent
folder.
For a table accessed via the metadata LIBNAME engine, you need Read permission in order to access
data.
For a table accessed via a native engine (that is, BASE, ORACLE, TERADATA), the Read permission
in Metadata is ignored, so Grant or Deny has no effect. This is also true for the Write, Create, and
Delete permissions.
15
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
When accessing a traditional table, a user can bypass metadata-layer controls by making a direct request.
When accessing a metadata-bound table, a user cannot completely bypass metadata-layer controls. Even
on a direct request, UserA is always subject to a metadata-layer permissions check before accessing SAS
data from SAS.
For each metadata-bound table, information within the table header identifies a corresponding metadata
object (a secured table object). Metadata-layer permissions on each secured table object affect access
from SAS to the corresponding physical table.
For the metadata-bound table, UserB is subject to two metadata-layer authorization checks against two
different metadata objects. The first check is against a traditional table object. The second check is against
a secured table object.
Only Base SAS data, SAS tables, and SAS views can be bound to metadata. Binding data to metadata
does not prevent the use of operating system commands against files or directories.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-11
For secured library objects and secured table objects, SAS enforces the
following special metadata-layer permissions:
Select (S) Read rows within a physical table.
D elete (D) Delete rows in a physical table.
I n sert (I) Add rows to a physical table.
Up date (U) Update rows in a physical table.
C r eate Table (CT) Create new physical table.
D r op Table (DT) Delete a physical table.
Alt er Table (AT) Replace a physical table.
16
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-12 Chapter 7 Establishing Connectivity to Data Sources
3. The Libraries view displays a table of all library definitions in the SAS Metadata Server. You can
filter by library type, as well as search the table, sort the table by a selected column and choose which
columns appear in the table.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-13
4. To register a new library, click the New Library button in the upper right toolbar.
5. Enter Orion Gold ship1 for the metadata library name. (The libref is included in the metadata library
object name as an example of an access structure that you can use for SAS Enterprise Guide users.)
6. Select Browse to navigate to the SAS Folder location.
7. Navigate to SAS Folders Orion Star Shipping Department and click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-14 Chapter 7 Establishing Connectivity to Data Sources
10. Check the box next to the path of the physical storage of the data.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-15
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-16 Chapter 7 Establishing Connectivity to Data Sources
13. To register tables in metadata to this library, from the drop-down menu select Tables.
15. You cannot register tables until the library is assigned to a SAS server context. Click Close.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-17
Note: This assignment makes the library available to the servers in the SASApp application server
context.
Caution: If you do not assign a library to an application server, the library is not available in some
client applications including SAS Enterprise Guide. Unless you want to intentionally
limit the accessibility of a library by this method, you should assign each library to an
application server. It is a best practice to use metadata-layer and operating-system-layer
permissions to control access to data.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-18 Chapter 7 Establishing Connectivity to Data Sources
Note: If you are signed in as sasadm@saspw, you will receive an error because that account is
internal and does not have access to a SAS Workspace Server.
21. Change the location to /Orion Star/Shipping Department by using the Browse button. Select
CUSTOMER_DIM, GEOGRAPHY_DIM, ORGANIZATION_DIM, and TIME_DIM.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-19
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-20 Chapter 7 Establishing Connectivity to Data Sources
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-21
5. Enter the name Orion Gold ship1 and click Browse. (The libref is included in the metadata library
object name as an example of an access structure that you can use for SAS Enterprise Guide users.)
6. Navigate to SAS Folders Orion Star Shipping Department and click OK.
7. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-22 Chapter 7 Establishing Connectivity to Data Sources
8. Move SASApp to the Selected servers list box and click Next.
Note: This assignment makes the library available to the servers in the SASApp application server
context.
Caution: If you do not assign a library to an application server, the library is not available in some
client applications including SAS Enterprise Guide. Unless you want to intentionally
limit the accessibility of a library by this method, you should assign each library to an
application server. It is a best practice to use metadata-layer and operating-system-layer
permissions to control access to data.
9. Enter ship1 as the libref.
Note: A libref is a nickname or short reference to the physical location of the data. It is a
best practice to use unique librefs in the metadata. Uniqueness of librefs is not
enforced.
10. Move the following path over:
Note: If the path to the data source location is not in the available items, click New and navigate to
the location.
11. Click Next.
12. Review the settings and click Finish.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-23
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-24 Chapter 7 Establishing Connectivity to Data Sources
Exercises
1) Make sure you are signed on to SAS Environment Manager as Ahmed and password
Student1. On the Administration page, click Side menu and select Libraries.
Libref ordetail
Engine BASE
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.1 Registering Libraries and Tables in Metadata 7-25
Server SASApp
Libref ordetail
3) Register the following tables in the Customer Orders ordetail library and store the metadata
in the same folder as the library:
CUSTOMER, ORDERS, ORDER_ITEM, PRICE_LIST, PRODUCT_LIST
2. Verifying Library and Table Metadata in SAS Enterprise Guide
a. Perform an ad hoc backup named Before denying Shipping group Read on Shipping Folder in
SAS Management Console. Log on as Ahmed using the password Student1.
b. Use SAS Environment Manager or SAS Management Console to deny Shipping the Read
permission on the Shipping Department folder.
c. Log on to SAS Enterprise Guide as Ray. (He is a member of the Shipping group, so he will
be able to see the Shipping Department folder and the folders below.)
d. Select the Server list in the Resources pane. Expand Servers SASApp Libraries. Through
the Server list, you can see the metadata libraries and the tables that are registered to those
libraries.
Note: Only SAS Enterprise Guide and SAS Add in For Microsoft Office have a Server list
display.
e. Right-click Customer Orders ordetail and select Properties. What is the libref? Click Close.
f. Enter the following LIBNAME statement in the Program Editor and run the program:
libname ordetail meta library='Customer Orders ordetail';
Note: To get to the Program Editor, select Program New Program. Or you can select
File New Program.
Check for errors in the log.
If it was successfully assigned, you will see that under the server list, the library icon for
Customer Orders ordetail has changed to yellow because it has been assigned. (You
will need to refresh the view by right-clicking SASApp under the Server List and
selecting Refresh.)
Note: The five tables that were registered in the previous exercise are listed under the library
in the Server list.
g. Select the Folders list in the resource pane in the bottom left of the interface. Expand
Orion Star Shipping Department. Do you see the library? Do you see any tables?
Note: If you did the demonstration, you will also see the registered tables from that library.
h. Open one of the tables. (You can right-click and select Open or double-click the table.) Are you
able to open the table?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-26 Chapter 7 Establishing Connectivity to Data Sources
i. In the log, the physical location of the data is specified. Enter the following LIBNAME statement
into the Program Editor:
This LIBNAME statement is not referencing the library in metadata. How many tables appear
under the Customer Orders ordetail library under the server list? (You will need to refresh the
view by right-clicking SASApp under the Server List and selecting Refresh.)
How many tables appear in the Folders list, Orion Star Shipping?
j. Use SAS Environment Manager or SAS Management Console to grant back to Shipping the
Read permission on the Shipping Department folder. Or, you can recover from the backup that
you performed in step a.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-27
Objectives
21
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Library Assignment
By default, libraries are assigned by the client applications, but not until a
user tries to access a library. In other words, library assignment is deferred
until it is needed.
22
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Assigning a library to a SAS server means letting the SAS server session know that a libref (a shortcut
name) is associated with the information that a SAS session needs to access a data library.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-28 Chapter 7 Establishing Connectivity to Data Sources
Pre-assigned Libraries
Pre-assigned libraries
• are assigned when the server starts.
• require the administrator to configure the environment so that the SAS
server finds out about the libref and the SAS engine to use for data access
at server start-up. So the connection information is established before any
code that uses that libref is submitted.
• mean that the libraries do not become available to the user until all
pre-assigned libraries are assigned.
23
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Pre-assigned libraries are assigned using the server’s identity. For servers that run under shared
credentials, such as the Stored Process Server, this means that the library is assigned using the shared
identity, not an individual user identity.
Note: The disadvantage of pre-assigning libraries is that pre-assigning an excessive number of libraries
can slow the execution of SAS jobs for all users.
Pre-assigning Libraries
24
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-29
25
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
By native library engine: The library is assigned through the METAAUTORESOURCES options. You use
the library engine defined for the library.
By metadata LIBNAME engine: The library is assigned through the METAAUTORESOURCES options.
You use the metadata LIBNAME engine (MLE). Using the MLE ensures that access controls that are
placed on the library and its tables and columns are enforced in metadata.
By external configuration: The library is assigned through an external definition or by an autoexec file.
libname orstar
"S:\Workshop\OrionStar\orstar";
2. Restart the object spawner and any server processes whose autoexec
files were modified.
26
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-30 Chapter 7 Establishing Connectivity to Data Sources
Note: You cannot see the LIBNAME statement in the properties of the metadata library if the library is
pre-assigned.
The LIBDEBUG option reports to the SAS log the LIBNAME statement, which is generated behind
the scenes when the META engine is used.
libname orstart meta library="Orion Star Library" libdebug;
27
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
You can use the appropriate METAOUT option value on your META LIBNAME statement in your
autoexec file for pre-assignment.
METAOUT=ALL You can read, create, update, and delete observations in physical tables
that exist and are registered in metadata. You cannot create or delete
*default entire tables.
You can read, create, update, and delete physical tables.
METAOUT=DATA
METAOUT=DATAREG You can read, update, and delete physical tables that are defined in
metadata. You can create a table, but you cannot read, update, or delete
the new table until it is defined in metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-31
If you want to use the META engine and do not need to create or delete tables, do the following:
1. Register the library in the metadata.
2. Flag the library as pre-assigned by the metadata LIBNAME engine.
Note: Using this option results in using the metadata engine with the METAOUT=ALL option.
This LIBNAME option specifies that you can read, create, update, and delete observations
in physical tables that exist and are registered in metadata. You cannot create or delete entire
tables.
If you want to use the META engine and need to create or delete tables, do the following:
1. Register the library in the metadata.
2. Flag the library as pre-assigned by external configuration.
3. Add the metadata LIBNAME statement to an autoexec file. You can use the appropriate METAOUT=
option value. For example:
libname meta library="Orion Star Library" metaout=data;
Note: Omitting the METAOUT= option in your LIBNAME statement or flagging the
pre-assignment in metadata with the metadata engine results in using the metadata engine
with the METAOUT=ALL option.
4. Restart the object spawner and any server processes whose autoexec files were modified.
For the SAS/CONNECT server and the SAS DATA Step Batch server, modify the server’s
sasv9_usermods.cfg file by adding the following SAS system option:
-metaautoresources 'SASApp'
28
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-32 Chapter 7 Establishing Connectivity to Data Sources
When libraries are not pre-assigned, each SAS application accesses data with the SAS engine that makes
the most sense for that application. Applications typically used for queries and reporting are designed
to use the metadata engine. Applications typically used to update or create tables are designed to use
the native engine.
Note: The metadata authorization layer supplements operating system and RDBMS security. It does not
replace it. Operating system and RDBMS authorization should always be used as the first means
of securing access to tables.
29
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-33
Anytime that SAS Enterprise Guide or SAS Add-In assigns a library, the
library’s value of AssignMode is used, if present, to determine the assignment
behavior. For libraries assigned with the META engine, the value of
AssignMode is also used to set the value for the METAOUT= option.
Note: This would have the same effect as pre-assigning a library with the native LIBNAME statement.
Caution: You risk permanently corrupting the library metadata if you do not enter a valid name and
value for the extended attribute.
AssignMode Values
0 The library is assigned using SAS Enterprise Guide. Data is accessed through the underlying
engine and no metadata permissions on tables or columns are enforced.
1 The library is assigned using the META engine with the METAOUT=ALL option (the
default META engine behavior). Metadata permissions are enforced and the user only sees
registered tables. The metadata and physical tables are prevented from becoming out of
sync, even if the user has permissions such as Write and Delete on tables in the library.
2 The library is assigned using the META engine with the METAOUT=DATA option.
Metadata permissions are enforced for all registered tables, but the user sees all physical
tables in the library. The user can change, create, and delete registered tables
if he has appropriate permissions in the metadata. This can cause the metadata and the
physical tables to become out of sync.
4 The library is assigned using the META engine with the METAOUT=DATAREG option.
Metadata permissions are enforced and the user only sees registered tables. In this mode, the
users can change, create, and delete the tables if they have appropriate permissions in the
metadata. This can cause the metadata and the physical tables to become out of sync. If the
user creates a table, he cannot read, update, or delete the newly created table until it is
registered in metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-34 Chapter 7 Establishing Connectivity to Data Sources
Other applications, such as SAS Data Integration Studio, ignore the AssignMode extended attribute when
you assign libraries.
31
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-35
Updating table metadata synchronizes the physical data with the metadata
definitions of the data. The following methods are available:
• update Metadata task in SAS Management Console and Data Integration
Studio
• update Library Metadata task in SAS Enterprise Guide
• custom code using the METALIB procedure
32
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-36 Chapter 7 Establishing Connectivity to Data Sources
PROC METALIB;
OMR <=> (LIBID = <">identifier<"> | LIBRARY = <">name<">
| LIBRARY = "/folder-pathname/name" |
| LIBURI = "URI-format"
<server-connection-arguments>);
<EXCLUDE <=> (table-specification <table-specification-n>);> |
<SELECT (table-specification <READ = read-password>
< table-specification-n <READ = read-password-n>>);>
<FOLDER <=> "/pathname";> |
<FOLDERID <=> "identifier.identifier";>
<IMPACT_LIMIT = n;>
<NOEXEC;>
<PREFIX <=> <">text<">;>
<REPORT <<=> (report-arguments)>;>
<UPDATE_RULE <=> (<DELETE> <NOADD> <NODELDUP>
<NOUPDATE> <STATS_AUTH>);>
RUN;
For more information about the METALIB procedure, refer to SAS® 9.4 Language Interfaces
to Metadata.
Security
33
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-37
Exercises
1) Make sure you are signed in to SAS Environment Manager as Ahmed and password
Student1. On the Administration page, click Side menu and select Libraries.
Libref libdata
Engine BASE
4) Register the following tables in the Library Assignment Example libdata library and store
the metadata in the same folder as the library:
NEWHIRES, PRODUCT_DIM
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-38 Chapter 7 Establishing Connectivity to Data Sources
Server SASApp
Libref libdata
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-39
1) On the Administration page, click Side menu and select Libraries. Right-click Library
Assignment Example libdata and select Open.
2) From the drop-down menu, select Options. In the left pane, select Pre-assign.
3) Pre-assign the library using By metadata library engine.
1) Under the Data Library Manager plug-in, right-click Library Assignment Example libdata
and select Properties.
2) On the Options tab, click the Advanced Options button.
3) Pre-assign the library using: By metadata library engine. Click OK twice.
b. In SAS Enterprise Guide, verify that you are logged on as Jacques. Under the Servers list,
expand SASApp. (This establishes the connection or session.)
c. Expand Library Assignment Example libdata.
Note: The Library icon is yellow, which means it is assigned.
Note: You see the two registered tables (NEWHIRES and PRODUCT_DIM).
d. Open Program Editor. Edit and submit the following code:
proc print data=libdata.NEWHIRES (obs=10);
run;
Note: The code runs, but there is an authorization error. The library assigns but cannot read
data. (The metadata LIBNAME engine enforces Read, Write, Create, and Delete.)
e. Disconnect from the workspace server by right-clicking SASApp under the Servers list and select
Disconnect.
f. Log on to SAS Data Integration Studio as Jacques using the password Student1. On the Folders
tab, navigate to Orion Star Shipping Department. Right-click NEWHIRES and select
Open.
Note: There is an error indicating that Read permission is required because this library was pre-
assigned with the metadata LIBNAME engine.
g. Exit SAS Data Integration Studio.
6. Pre-Assigning a Library in Metadata Using Native Engine
a. Pre-assign Library Assignment Example libdata in metadata, using SAS Environment Manager
or SAS Management Console.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-40 Chapter 7 Establishing Connectivity to Data Sources
1) On the Administration page, click Side menu and select Libraries. Right-click
Library Assignment Example libdata and select Open.
2) From the drop-down menu, select Options. In the left pane select Pre-assign.
3) Pre-assign the library using By native library engine.
1) Under the Data Library Manager plug-in, right-click Library Assignment Example libdata
and select Properties.
2) On the Options tab, click the Advanced Options button.
3) Pre-assign the library using: By native library engine. Click OK twice.
b. In SAS Enterprise Guide verify that you are logged on as Jacques. Under the Servers list, expand
SASApp. (This establishes the connection or session.)
c. Expand Library Assignment Example libdata.
Note: The Library icon is yellow, which means it is assigned.
Note: All tables show up regardless of whether they are registered in metadata, based on
Jacques’ operation system permissions on the table.
d. Open the Program Editor. Enter and submit the following code:
proc print data=libdata.NEWHIRES (obs=10);
run;
Note: The code runs, and a list report is produced with 10 rows displayed.
Note: There were no metadata permissions enforced on the table. When you pre-assign with
the native engine, SAS Enterprise Guide displays all tables in the server list, regardless
of whether they are registered in metadata.
Note: To have the native LIBNAME engine used without pre-assigning the library,
use the AssignMode option with value of 0.
e. Exit out of SAS Enterprise Guide.
f. Remove Jacques from the Authorization tab of the Shipping Department folder
using SAS Environment Manager or SAS Management Console.
7. Updating Table Metadata with SAS Enterprise Guide
a. Open SAS Enterprise Guide and log on as Ray using the password Student1.
b. Select Tools Update Library Metadata.
c. Select SASApp as the server and Customer Orders ordetail. Click Next.
d. Select Report on the differences between physical tables and the metadata repository.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-41
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-42 Chapter 7 Establishing Connectivity to Data Sources
7.01 Quiz
The unrestricted user can see the Sample Data library and its tables
registered in the metadata using SAS Management Console.
Marcel cannot see the Sample Data library and tables in SAS Add-In for
Microsoft Office or in SAS Data Integration Studio.
What is the problem?
36
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
7.02 Quiz
The unrestricted user can see the Sample Data library and its tables
registered in the metadata using SAS Management Console.
Marcel can see the Sample Data library and tables in SAS Add-In for Microsoft
Office but cannot open the table.
What is a possible cause of this problem?
38
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.2 Setting Up Data Access 7-43
7.03 Quiz
Marcel can see the Sample Data library and tables in SAS Management
Console and in SAS Data Integration Studio. Marcel can open the table in
SAS Data Integration Studio.
Marcel cannot see the Sample Data library and tables in the SAS Add-In for
Microsoft Office.
What is the problem?
40
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-44 Chapter 7 Establishing Connectivity to Data Sources
7.3 Solutions
Solutions to Exercises
1. Registering a SAS Library and Tables
a. Perform an ad hoc backup named Library Example in SAS Management Console. Log on as
Ahmed using the password Student1.
You can use SAS Environment Manager or SAS Management Console to register a SAS library.
1) Make sure you are signed on to SAS Environment Manager as Ahmed using the password
Student1. On the Administration page, click Side menu and select Libraries.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-45
Libref ordetail
Engine BASE
a) Click the Add button to add the path of the physical location of the data to the list.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-46 Chapter 7 Establishing Connectivity to Data Sources
c) Click OK.
d) From the drop-down menu, select Assigned SAS Servers.
e) Check SASApp.
4) Register the following tables in the Customer Orders ordetail library and store the metadata
in the same folder as the library:
CUSTOMER, ORDERS, ORDER_ITEM, PRICE_LIST, PRODUCT_LIST
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-47
Note: If you are signed in as sasadm@saspw, you will receive an error, because that
account is internal and does not have access to a SAS Workspace Server.
c) Change the location to /Orion Star/Shipping Department by using the Browse button.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-48 Chapter 7 Establishing Connectivity to Data Sources
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-49
f) Click Close.
1) Make sure you are logged on as Ahmed using the password Student1. On the Plug-ins tab,
expand Data Library Manager. Right-click Libraries and select New Library.
Server SASApp
Libref ordetail
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-50 Chapter 7 Establishing Connectivity to Data Sources
b) Enter Customer Orders ordetail in the Name field. Select Browse and navigate to
Orion Star/Shipping Department. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-51
d) Enter ordetail in the Libref field. Select New to add the data path to the Available items
list.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-52 Chapter 7 Establishing Connectivity to Data Sources
D:\Workshop\OrionStar\ordetail
f) Click OK twice.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-53
h) Click Finish.
3) Register the following tables in the Customer Orders ordetail library and store the metadata
in the same folder as the library:
CUSTOMER, ORDERS, ORDER_ITEM, PRICE_LIST, PRODUCT_LIST
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-54 Chapter 7 Establishing Connectivity to Data Sources
a) Right-click the Customer Orders ordetail library under the Data Library Manager plug-
in and select Register Tables.
b) Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-55
c) Hold down the Ctrl key down while you select CUSTOMER, ORDERS,
ORDER_ITEM, PRICE_LIST, and PRODUCT_LIST. Verify that the folder location
in metadata is the same as where the library was registered. Click Next.
d) Click Finish.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-56 Chapter 7 Establishing Connectivity to Data Sources
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-57
c. Log on to SAS Enterprise Guide as Ray. (He is a member of the Shipping group, so he is able
to see the Shipping Department folder and the folders below.)
d. Select the Server list in the Resources pane. Expand Servers SASApp Libraries. Through
the Server list, you can see the metadata libraries and the tables that are registered to those
libraries.
Note: Only SAS Enterprise Guide and SAS Add-In for Microsoft Office have a Server list
display.
e. Right-click Customer Orders ordetail and select Properties. What is the libref? ORDETAIL
Click Close.
f. Enter the following LIBNAME statement in the Program Editor and run the program:
libname ordetail meta library='Customer Orders ordetail';
Note: To get to the Program Editor, select Program New Program. Or you can select
File New Program.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-58 Chapter 7 Establishing Connectivity to Data Sources
If it was successfully assigned, you will see that under the Server list, the library icon for
Customer Orders ordetail has changed to yellow because it has been assigned. (You will need
to refresh the view by right-clicking SASApp under the Server List and selecting Refresh.)
Note: The five tables that were registered in the previous exercise are listed under the library
in the Server list.
g. Select the Folders list in the resource pane in the bottom left of the interface. Expand
Orion Star Shipping Department. Do you see the library?
No, the folder structure in SAS Enterprise Guide does not show library definitions.
Do you see any tables?
Yes, the registered tables to the Customer Orders ordetail are displayed.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-59
Note: If you did the demonstration, you will also see the registered tables from that library.
h. Open one of the tables. (You can right-click and select Open, or double-click the table.)
Are you able to open the table?
No.
Authorization for accessing this table requires Read as well as ReadMetadata when opening
tables in SAS Enterprise Guide, because the metadata LIBNAME engine is used
by default, which enforces the Read permission as well. In step a, we denied Shipping the
Read permission on the Shipping Department folder.
i. In the log, the physical location of the data is specified. Enter the following LIBNAME statement
into the Program Editor:
This LIBNAME statement is not referencing the library in metadata. How many tables appear
under the Customer Orders ordetail library under the server list? (You will need to refresh the
view by right-clicking SASApp under the Server List and selecting Refresh.)
All the tables that the user logged on and has permission to see in the stored location in the
Operation System. When writing this native LIBNAME statement, the user is not going
through metadata for table metadata, so no metadata permissions are enforced.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-60 Chapter 7 Establishing Connectivity to Data Sources
How many tables appear in the Folders list, Orion Star Shipping?
Five tables that were registered in metadata
j. Use SAS Environment Manager or SAS Management Console to grant back to Shipping the
Read permission on the Shipping Department folder. Or, you can recover from the backup that
you performed in step a.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-61
b. Verify the connection information to the metadata server in the OPTIONS statement at the top
of the program.
options metaserver="sasserver"
metaport=8561
metauser="sasadm@saspw"
metapass="Student1"
metarepository="Foundation";
c. Run the program. Are there any duplicate librefs? No.
Note: Sample programs and more information about using DATA step functions to extract
metadata information can be found in the following documentation: SAS® 9.4 Language
Interfaces to Metadata, Second Edition.
4. Looking at Metadata LIBNAME Engine and Metadata Permission Implications
a. Perform an ad hoc backup named Before adding library assignment example in SAS
Management Console. Log on as Ahmed using the password Student1.
b. Register a library and tables in metadata. You can use SAS Environment Manager or
SAS Management Console to register a SAS library.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-62 Chapter 7 Establishing Connectivity to Data Sources
1) Make sure you are signed in to SAS Environment Manager as Ahmed using the password
Student1. On the Administration page, click Side menu and select Libraries.
Libref libdata
Engine BASE
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-63
b) Click OK.
c) From the drop-down menu, select Assigned SAS Servers.
d) Check SASApp.
4) Register the following tables in the Library Assignment Example libdata library and store
the metadata in the same folder as the library:
NEWHIRES, PRODUCT_DIM
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-64 Chapter 7 Establishing Connectivity to Data Sources
Note: If you are signed in as sasadm@saspw, you will receive an error, because that
account is internal and does not have access to a SAS Workspace Server.
c) Change the location to /Orion Star/Shipping Department by using the Browse button.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-65
d) Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-66 Chapter 7 Establishing Connectivity to Data Sources
g) Click Close
Server SASApp
Libref libdata
a) In the Data Library Manager Plug-in, right-click Libraries and select New Library
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-67
c) Enter Library Assignment Example libdata in the Name field. Make sure that the
metadata location is /Orion Star/Shipping Department. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-68 Chapter 7 Establishing Connectivity to Data Sources
D:\Workshop\OrionStar\orstar
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-69
g) Click Finish.
2) Register the following tables in the Library Assignment Example libdata library and store
the metadata in the same folder as the library:
NEWHIRES, PRODUCT_DIM
Right-click Library Assignment Example libdata under the Data Library Manager Plug-in
and select Register Tables. Click Next. With the Ctrl key held down, select NEWHIRES
and Product_DIM. Verify that the metadata location is the same folder as the library. Click
Next. Click Finish.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-70 Chapter 7 Establishing Connectivity to Data Sources
c. Add Jacques to the Authorization of the Shipping Department folder. Verify that he has
a grant of ReadMetadata and deny all other permissions. You can use SAS Environment
Manager or SAS Management Console.
1) Make sure you are signed in to SAS Environment Manager as Ahmed using the password
Student1. On the Administration page, click Side menu and select Folders.
2) Expand Orion Star folder. Right-click Shipping Department folder and select Open.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-71
5) Enter Jacques and press Enter. Move Jacques over to the Identities to add pane. Click OK.
6) He will be given an automatic grant of ReadMetadata. Select Deny for all other permission
that he has as indirect grants.
7) Click the Save button in the upper right toolbar. Click Close.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-72 Chapter 7 Establishing Connectivity to Data Sources
1) Right-click the Shipping Department folder and click the Authorization tab. Click Add
next to the Users and Groups window. Add Jacques to the Selected Identities list. Click OK.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-73
He will be given an automatic grant of ReadMetadata. Select Deny for all other permission
that he has as indirect grants.
d. Log on to SAS Enterprise Guide as Jacques using the password Student1. Submit the following
code:
proc print data=libdata.NEWHIRES(obs=10);
run;
You get the following error: ERROR: Libref LIBDATA is not assigned.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-74 Chapter 7 Establishing Connectivity to Data Sources
Error message:
g. Navigate to Servers SASApp. Right-click SASApp and select Disconnect. Click Yes in the
pop-up window.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-75
h. Log on to SAS Data Integration Studio as Jacques using the password Student1. Navigate
to Folders Orion Star Shipping Department. Right-click NEWHIRES and select Open.
Note: No error was generated, and Jacques is able to view the data because SAS Data
Integration Studio uses the native engine by default (BASE, ORACLE, R3, and so on.),
so the Read, Write, Create, and Delete permissions in metadata are ignored.
i. Exit SAS Data Integration Studio.
5. Pre-assigning a Library in the Metadata
a. Pre-assign Library Assignment Example libdata in metadata, using SAS Environment Manager
or SAS Management Console.
1) On the Administration page, click Side menu and select Libraries. Right-click Library
Assignment Example libdata and select Open.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-76 Chapter 7 Establishing Connectivity to Data Sources
2) From the drop-down menu, select Options. In the left pane select Pre-assign.
5) Click Close.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-77
1) Under the Data Library Manager plug-in, right-click Library Assignment Example libdata
and select Properties.
Click OK twice.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-78 Chapter 7 Establishing Connectivity to Data Sources
b. In SAS Enterprise Guide, verify that you are logged on as Jacques. Under the Servers list, expand
SASApp. (This establishes the connection or session.)
d. Open the Program Editor. Enter and submit the following code:
proc print data=libdata.NEWHIRES (obs=10);
run;
Note: The code runs, but there is an authorization error. The library assigns but cannot read data
(The metadata LIBNAME engine enforces Read, Write, Create, and Delete.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-79
e. Disconnect from the workspace server by right-clicking SASApp under the Servers list and select
Disconnect.
f. Log on to SAS Data Integration Studio as Jacques using the password Student1. On the Folders
tab, navigate to Orion Star Shipping. Right-click NEWHIRES and select Open.
Note: There is an error indicating that Read permission is required because this library was
pre-assigned with the metadata LIBNAME engine.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-80 Chapter 7 Establishing Connectivity to Data Sources
1) On the Administration page, click Side menu and select Libraries. Right-click Library
Assignment Example libdata and select Open.
2) From the drop-down menu, select Options. In the left pane, select Pre-assign.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-81
1) Under the Data Library Manager plug-in, right-click Library Assignment Example libdata
and select Properties.
2) On the Options tab, click the Advanced Options button.
3) Pre-assign the library using: By native library engine.
Click OK twice.
b. In SAS Enterprise Guide, verify that you are logged on as Jacques. Under the Servers list, expand
SASApp. (This establishes the connection or session.)
c. Expand Library Assignment Example libdata.
Note: The Library icon is yellow, which means it is assigned.
Note: All tables show up regardless of whether they are registered in metadata, based
on Jacques’ operating system permissions on the table.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-82 Chapter 7 Establishing Connectivity to Data Sources
d. Open the Program Editor. Enter and submit the following code:
proc print data=libdata.NEWHIRES (obs=10);
run;
Note: The code runs and a list report is produced with 10 rows displayed.
Note: There were no metadata permissions enforced on the table. When you pre-assign with
the native engine, SAS Enterprise Guide displays all tables in the server list, regardless
of whether they are registered in metadata.
Note: To have the native LIBNAME engine used without pre-assigning the library,
use the ASSIGNMODE= option with value of 0.
e. Exit out of SAS Enterprise Guide.
f. Remove Jacques from the Authorization tab of the Shipping Department folder
using SAS Environment Manager or SAS Management Console.
7. Updating Table Metadata with SAS Enterprise Guide
a. Open SAS Enterprise Guide and log on as Ray using the password Student1.
b. Select Tools Update Library Metadata.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-83
c. Select SASApp as the server and Customer Orders ordetail. Click Next.
d. Select Report on the differences between physical tables and the metadata repository.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-84 Chapter 7 Establishing Connectivity to Data Sources
e. View the results. Do any tables need to be updated? Yes, one table
Do any tables need to be added? Yes, 17 tables
Do any tables need to be deleted? No
f. In the project tree, under the process flow, right-click Update Metadata for "Customer Orders
ordetail" and select Modify Update Metadata for "Customer Orders ordetail".
Keep the same server and library, but update and add table definitions in the metadata with
the actual tables and columns.
For which actions can you override the default credentials? The Update and Delete selections
What are the default credentials? The user who is currently logged on, Ray/Student1
Why or when might you want to override the default credentials? If the user that you used
to log on to SAS Enterprise Guide does not have the appropriate permissions to update
libraries and tables
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-85
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-86 Chapter 7 Establishing Connectivity to Data Sources
The unrestricted user can see the Sample Data library and its tables
registered in the metadata using SAS Management Console.
Marcel cannot see the Sample Data library and tables in SAS Add-In for
Microsoft Office or in SAS Data Integration Studio.
What is the problem?
Ma rcel was denied access to the Sample Data library via metadata
permissions.
37
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
The unrestricted user can see the Sample Data library and its tables
registered in the metadata using SAS Management Console.
Marcel can see the Sample Data library and tables in SAS Add-In for Microsoft
Office but cannot open the table.
What is a possible cause of this problem?
Ma rcel does not have sufficient access to the table metadata or access to the
physical table in the operating system or database where it resides.
39
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7.3 Solutions 7-87
Marcel can see the Sample Data library and tables in SAS Management
Console and in SAS Data Integration Studio. Marcel can open the table in
SAS Data Integration Studio.
Marcel cannot see the Sample Data library and tables in the SAS Add-In for
Microsoft Office.
What is the problem?
41
C o p yri gh t © SA S In sti tu te In c. A l l ri gh ts reserved .
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
7-88 Chapter 7 Establishing Connectivity to Data Sources
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 8 Monitoring Your SAS®
Environment
8.1 Monitoring a SAS Environment with SAS Environment Manager ............................. 8-3
Demonstration: Viewing Analyze Pages and Creating an Alert in SAS Environment
Manager ..................................................................................................... 8-13
Exercises .............................................................................................................................. 8-20
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-3
Objectives
3
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
4
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-4 Chapter 8 Monitoring Your SAS® Environment
The most valuable tools are often the Windows Explorer and simple text file editors. With these two
tools, you can search for and monitor server logs.
The Windows Services application provides an interface to start, stop, and configure Windows services. It
also does the following:
enables the administrator to list and review installed applications that do not require a login
obtains status on what applications are currently running (no history) and what identity is running them
determines the start-up type of the application (Automatic, Manual, Disabled, or Automatic (Delayed
Start))
sets dependencies for start-up order for processes. By default, all SAS server processes running on
Windows are installed as services.
In contrast to the Windows Services application, the Task Manager provides an additional level of detail:
It shows all running processes (foreground and background) and the name of the executable. An
application might involve more than one individual process. It also indicates system resource utilization
(CPU, memory, and disk I/O) for each process, and the Process ID (PID) - for each process. It also
provides a one-minute timeline of resource usage in real time.
The Process Explorer is similar but provides more detail. It shows the entire executable with all
parameters, and it shows parent/child process relationships. The Process Explorer also highlights
processes that are just starting up, and those that have recently shut down. Note that the Process Explorer
must be downloaded and installed separately. It is not a default part of Windows.
The Windows Event viewer can be useful for a system administrator because it provides hardware-level
information, and requires systems administration knowledge. An example might be a failure to write to a
file because the user running the application does not have Write permissions to that directory.
The UNIX platform has built-in monitoring commands that provide a variety
of functions that are oriented toward the system administrator. Here are
some examples:
• ps, top, vmstat, lsof, tcpdump,
netstat, ss, iostat, strace, free,
mpstat, df, du
5
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The built-in UNIX monitoring commands provide a wide variety of functions that are oriented toward the
UNIX system administrator. These tools can provide information at the operating system, application, or
the individual process level.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-5
The top command produces a list of all the currently running processes listed in order of CPU usage. The
top CPU users appear at the top of the list, leading to the name of this command. The list is continuously
updated at five second intervals by default, and there are options to shorten or lengthen the update period.
The administrator can specify which fields to display, their order, filter the output on a variety of fields,
and sort the output by various fields.
Once a process ID is identified, you can use the ps command to find the complete command line, thus
identifying the specific server (SAS or otherwise) of interest.
There are two commands that are useful in evaluating disk space utilization. The Linux df command
displays the amount of free space on all mounted file systems. A related commend, du, provides disk
usage (in Kb) of each directory and its subdirectories.
The SAS Environment Manager gathers many of its metrics from some of these UNIX tools.
6
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
A performance monitoring plan ensures that administrators always have up-to-date information about
how their servers are operating. Knowing what questions to ask usually leads to what data is needed to
provide answers to those questions, and can provide guidance when developing a performance monitoring
plan.
Establishing a performance baseline establishes a reference point that makes it easier to identify problems
when, or before, they occur. When administrators have performance data for their systems that cover
multiple activities and loads, they can define a range of measurements that represent normal performance
levels under typical operating conditions for each server. In addition, when troubleshooting system
problems, performance data gives information about the behavior of the various system resources when
the problem occurs.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-6 Chapter 8 Monitoring Your SAS® Environment
7
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
In addition to the OS-provided tools mentioned, SAS has several tools that enable the administrator to
examine, monitor, and manipulate a SAS installation. Most are highly specialized and are used for a
small number of specific tasks.
SAS Management Console is the heart of a SAS installation, providing authentication, authorization,
configuration metadata, and other services. Using SAS Management Console, you can validate basic
functionality of SAS servers and examine object spawner connections, server options and properties, and
logging levels.
SAS also provides some scripting tools to start, stop, and determine the status of the SAS servers and
applications. In an earlier chapter of this course, we used the sas.servers script on UNIX to check the
status of SAS servers. In addition, most SAS servers have their own start/stop/status scripts that can be
executed either individually or as a part of a larger script.
In addition, there are some monitoring tools that are a part of some SAS solutions. For example, the SAS
Visual Analytics Administrator provides reports in the SAS Visual Analytics environment. Platform RTM
and SAS Grid Manager Module provide grid administrators the capability to graphically view the status
of devices and services within a SAS Grid environment.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-7
8
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Environment Manager is based on VMware’s Hyperic application monitoring framework with
customizations and plug-ins to optimize the product specifically for a SAS environment.
SAS Environment Manager connects a SAS environment with the underlying data services and operating
system information. Having this information connected and correlated provides a single, consistent view
of the operating environment.
SAS Environment Manager also provides proactive monitoring capabilities. Through a series of events
and alerts, you can notify designated personnel when a threshold is exceeded and run designated resource
control operations when an alert is triggered.
The SAS Environment Manager Service Architecture provides functions and capabilities that enable
SAS Environment Manager to fit into a service-oriented architecture (SOA). The package implements
best practices for resource monitoring, and automates the application’s auditing and user monitoring
capabilities.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-8 Chapter 8 Monitoring Your SAS® Environment
• Understanding usage
Goals/Tasks/Uses • Monitor health of the patterns of SAS content
• Dynamic visualization environment • Provide “context” for and data
of real-time activity • Alerting operational activities • Audit security
• Review logs • Configuration change changes
control • Capacity planning
• Hardware maintenance
Time Scale < 1 minute 1 minute to 3 days 3 days to 10 days > 10 days
9
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Each SAS system administrator or IT operations specialist is faced with the challenging task of
monitoring, managing and forecasting the needs of software, hardware and systems. So much so that even
the language of discussing a problem, event, or analysis can become rather complex. This diagram depicts
the monitoring “continuum” over time:
dynamic monitoring, which is typically not persisted
recent monitoring, to include less than three days review of system usage via SAS Environment
Manager
longer term “forensics” type of usage and capacity planning offered by the SAS Environment Manager
Service Architecture and the SAS IT Resource Management solution
For more information, see the SAS Global Forum paper “Monitoring 101: New Features in SAS 9.4 for
Monitoring Your SAS Intelligence Platform”:
http://support.sas.com/resources/papers/proceedings13/463-2013.pdf.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-9
10
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The Report Center is included only if you have enabled SAS Environment Manager Service Architecture.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-10 Chapter 8 Monitoring Your SAS® Environment
Events
An event is generated when there is a change in a resource’s state or a
change in a resource’s threshold value for one of these items:
• messages written to a log file associated with a monitored resource
• changes made to monitored configuration files or directories
• control actions: server start/stop/restart
• alerts
• event importer/event exporter
11
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
SAS Environment Manager provides the capability to monitor metrics, scan log files, manage
configuration changes, and monitor availability. When there is a change in a resource’s threshold value
for one of these items, an event is recorded in SAS Environment Manager’s event message system.
Events are also automatically created for certain types of entries in SAS server logs, and you can specify
other criteria that will create events based on SAS server logs.
Alerts
12
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-11
When an alert occurs, it must be acknowledged, and alerts are listed until they are marked as being fixed.
You can define escalation schemes to identify the actions that happen if an alert is not fixed within a
specified time.
If you initialize SAS Environment Manager Extended Monitoring, a set of alerts is automatically created.
13
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Environment Snapshot was originally designed to provide SAS Technical Support with a method for
quickly diagnosing system issues, but it also provides you with valuable information about your system.
It collects and displays the most current performance measures and configuration parameters from the
SAS Environment Manager database. It also executes and gathers real-time usage information.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-12 Chapter 8 Monitoring Your SAS® Environment
Operations Center
The Operations Center lists resources that are down or have active alerts.
14
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
You can use filters to find resources and problem types of interest. This concise view displays the current
number of unavailable resources and active alerts, and a one-line problem summary for each resource.
Best Practices
Report Center
Measurement Data(APM)
• Predefined alerts
• Automate resource configuration
• Additional resource groups Agent-Collected
• Metric collection adjustments Metrics (ACM)
• Additional resources
• Event importing and exporting
Kits Data
15
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Note: Extended monitoring components are not active until you initialize the service architecture.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-13
You can select the check box next to an alert and click Fixed to identify the problem as having been
corrected. A pop-up window enables you to enter a note regarding the resolution of the alert.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-14 Chapter 8 Monitoring Your SAS® Environment
4. Click an entry in the Alert Definition column in the table. Detailed information about the alert is
displayed. You can also mark the alert as fixed, as well as enter information about the resolution
of the alert.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-15
9. Now that you have explored the Analyze tab, set up an alert to be triggered whenever the SAS Work
Disk space reaches 40% of its capacity. The alert should be issued once every two hours until the
condition is cleared. When the alert is triggered, users with the Super User Role should be notified.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-16 Chapter 8 Monitoring Your SAS® Environment
10. Select Resources Services. Using the Keyword Search facility, search for the string home
directory and click .
11. There are three icons on the left of the entry for the resource: . The icons take you to the
Monitor page, Inventory page, or Alerts page, respectively, for this resource.
12. Select sasserver.demo.sas.com SAS Home Directory 9.4 SAS work directory service.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-17
There are already two alerts defined. These were installed and configured as a part of the SAS
Environment Manager Extended Monitoring package.
15. Click New to display the New Alert Configuration page.
16. Name the alert, select the priority, and specify that the alert should be active.
In the Name field, enter SASWork Disk Use % > 40
In the Description field, enter Alert SASWork Disk use % > 40 %
Accept the default priority of Medium.
Verify that the Active button is set to Yes.
17. In the If Condition area, select the Metric option, and then select Use Percent in the Metric field.
To specify 40% capacity, enter .4 in the absolute value field. To specify that the alert is triggered
whenever the used capacity exceeds 90%, specify and select > (Greater than) from the comparison
menu.
18. In the Enable Action(s) field, specify 1 for the number of times the alert is issued and 2 for the time
period. Select hours for the time period units. These values specify that the alert is issued one time
every two hours while the alert conditions are met.
19. Click OK to define the alert and display the Configuration page for the new alert.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-18 Chapter 8 Monitoring Your SAS® Environment
20. Create the notification. Select Notify Roles and then click Add to List.
21. Select the check box beside Super User role in the Roles list, and use the arrow control to move the
role to the Add Role Notification list.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-19
23. Click Return to Alert Definitions to complete the process of defining the alert.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-20 Chapter 8 Monitoring Your SAS® Environment
Exercises
c. Enter work directory in the Search field and click the arrow to the far right of the row .
d. Click sasserver.demo.sas.com SAS Home Directory 9.4 SAS work directory. Where is the
SAS Work directory located?
You can confirm the location by opening a SAS session through SAS Studio or SAS Enterprise
Guide and submitting the following code:
proc options option = work;
run;
Note: Use Percent is one of the metrics available for this resource.
The Metric Viewer portlet does not provide a resource type of SAS Work directory. It has only
SAS Home Directory and SAS Config Level Directory. Therefore, SAS Work metrics cannot be
displayed directly. The workaround is to create a platform service of type FileServer Directory,
which provides the metrics that we want and then points this new platform service to the OS
directory where SAS Work is located.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-21
Enter /tmp.
k. Create a new Metric Viewer portlet on the Dashboard page. Click the Dashboard tab.
l. On the right side at the bottom of the Dashboard page, select Metric Viewer in the Add Content
to this column field and click the button.
m. Click the Configure button to display the Dashboard Settings page for the portlet.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-22 Chapter 8 Monitoring Your SAS® Environment
c. Open sev_logtracker_plugin.properties.
#All errors
level.error.1=.*
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-23
These entries specify that an event is created whenever a message appears in the SAS log with a
level of Fatal or Error. The message can contain any text. (The period represents any character
and the asterisk says “zero or more of the preceding character,” which is a period, so any and all
characters.)
level.warn.1=.*Access to this account.*is locked out.* specifies that an event is created
whenever a message with a level of Warn appears that also contains the words Access to this
account and is locked out. Any or no characters can be before, in between, or after these words.
Multiple entries for messages at the same log level must have an incremental number. In the
metadata server properties file, the next warn message to be captured would be
level.warn.3=.*message text here.*
d. Add the following entry to the file:
#I/O subsystem information
level.info.1=.*I/O Subsystem.*
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-24 Chapter 8 Monitoring Your SAS® Environment
In the Enable Actions(s) area, select the Each time conditions are met radio button. An alert is
triggered each time I/O Subsystem information appears in the log.
j. Click OK.
3. Searching on the Web for the SAS Usage Note on I/O Subsystem
a. Open a new tab in Internet Explorer and click the Home button in the upper right.
b. In the Search field, enter I/O Subsystem.
c. Select the Usage Note 53874.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.1 Monitoring a SAS Environment with SAS Environment Manager 8-25
Note: There are many papers from SAS that can help you with various troubleshooting
techniques. For a complete list of papers useful for troubleshooting system performance
problems, see Usage Note 42197.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-26 Chapter 8 Monitoring Your SAS® Environment
Objectives
20
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Middle-tier architecture refers to a three-tier model where the browser is the client
tier, the database is the back-end tier, and the servers in the middle tier retrieve and
process data from the servers in the data tier for presentation to clients. The middle-
tier server performs the business logic.
Middle Tier Back-End DB Server/
SAS Servers
HTTP Server
21
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-27
Clients access the servers in the web tier directly or through a firewall. They access the servers in the data
tier only through the servers in the web tier.
Middle Tier
Web Browser SAS Web Server Middle Tier
(http server)
SAS Servers
Metadata Server
SAS Workspace Server
SAS Web Infrastructure
SAS Stored Process Server
Platform Data Server SAS Pooled Workspace Cache Locator
Server
SAS EV Agent
22
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The SAS Intelligence Platform architecture provides the flexibility to distribute these components
according to your organization’s requirements. For small implementations, the middle-tier software,
SAS Metadata Server, and other SAS servers (such as the SAS Workspace Server and SAS Stored
Process Server) can all run on the same machine. In contrast, a large enterprise might have multiple
servers and a metadata repository that are distributed across multiple platforms. The middle tier in such
an enterprise might distribute the web applications to many web application server instances on multiple
machines.
SAS 9.4 middle-tier software includes the following:
SAS Web It provides the execution environment for the SAS web applications.
Application Server The SAS Deployment Wizard can automatically configure the web
application server, or you can configure it manually.
SAS Web Server It is an HTTP server that is configured as a single connection point for
SAS web applications.
It is automatically configured to perform load-balancing when the SAS
middle tier is clustered, as well as updated to route web sessions to SAS
Web Application Server instances
It is automatically configured to cache static web content such as
JavaScript files, cascading style sheets, and graphic files.
It can be configured for HTTPS automatically.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-28 Chapter 8 Monitoring Your SAS® Environment
JMS Broker SAS middle-tier software uses the broker for Java Messaging Services
(JMS). The JMS Broker provides distributed communication and acts as
a message broker.
An instance is configured as a server on the machine that is used for the
SAS middle tier.
Some SAS web applications use JMS connection factories, queues, and
topics for implementing business logic, and use JMS for this
communication between middle tier applications and services.
The SAS middle-tier environment includes a Java Runtime Environment with SAS 9.4 software. You do
not need to install a separate Java environment for the middle-tier environment.
Middle-Tier Components
23
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-29
The SAS Content Server stores digital content (such as documents, reports,
and images) that is created and used by SAS web applications, such as
SAS Web Report Studio and SAS Information Delivery Portal.
• It is part of the SAS Web Infrastructure Platform.
• Client applications use Web Distributed Authoring and Versioning
(WebDAV) protocols for access, versioning, collaboration, security, and
searching.
• Content mapping is in place to ensure that report content is stored using
the same folder names and permissions that the SAS Metadata Server uses
to store corresponding report metadata.
24
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The SAS Web Infrastructure Platform always installs and configures the SAS Content Server. By default,
the SAS Content Server uses file system storage located in the SAS configuration directory,
Levn/AppData/SASContentServer/Repository.
The SAS Content Server is managed using the SAS Content Server Administration Console,
https://server:port/SASContentServer/dircontents.jsp. You must be an unrestricted user to
administer content in the SAS Content Server.
• transportsvcs_db
• The databases that are managed by the server are backed up and restored
with the Backup and Recovery Deployment
25
Tool.
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-30 Chapter 8 Monitoring Your SAS® Environment
The Administration database contains configuration information for the modules that SAS develops to
extend the features of SAS Environment Manager.
The EVManager database is used by SAS Environment Manager. The database contains configuration
and metric information for the machines and servers that SAS Environment Manager manages in your
deployment.
The SharedServices database is used by the SAS web applications and middle-tier software. For example,
comments that are added through various web applications are stored in this database. Digital content that
is stored with SAS Content Server is also stored in this database.
Note: You can choose to use a third-party vendor database server for this database when you install and
configure software with the SAS Deployment Wizard. This database is identified as the SAS Web
Infrastructure Platform Database on the pages in the wizard.
This transportsvcs_db database is used by SAS Visual Analytics Transport Service. The database stores
mobile logon history information, as well as the device’s blacklist and whitelist data that is maintained
through SAS Visual Analytics Administrator. It is also used to support caching within the Transport
Service application.
If your deployment includes SAS solutions software that supports SAS Web Infrastructure Platform Data
Server, and then more databases might be configured on the server.
The configuration directory for your SAS middle tier (JMS Broker)
is SAS-configuration-directory\Levn\Web.
\logconfig
(Cache Locator)
Each component has the following:
• scripts for start, stop, and status
• scripts to install and uninstall
• Windows services
• configuration files (which include logging control)
• log files (\logs directory)
26
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-31
For more information about SAS server logging, see “Administering Logging for SAS Servers” in
SAS® Intelligence Platform: System Administration Guide.
For more information about specific web application logs, see SAS® Intelligence Platform: Web
Application Administration Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-32 Chapter 8 Monitoring Your SAS® Environment
• The SAS Web Application Server supports both vertical and horizontal
clustering.
• Workload distribution is managed by the SAS Web Server. The SAS Web
Server is configured as a load-balancing HTTP proxy.
• The server instances in a cluster can coexist on the same machine (vertical
clustering), or the server instances can run on a group of middle-tier server
machines (horizontal clustering).
• Web applications can be deployed on both vertical and horizontal clusters.
27
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
For SAS web applications to be deployed into a clustered environment, the SAS Web Server implements
session affinity. Session affinity is an association between a web application server and a client that
requests an HTTP session with that server. This association is known in the industry by several terms in
addition to session affinity, including server affinity and sticky sessions. With session affinity, after a
client is assigned to a session with a web application server, the client remains with that server for the
duration of the session. By default, session affinity is enabled.
The Load Balancer Manager can be used to direct all requests to a single instance of the application, thus
“draining” the sessions associated with applications in the other cluster instance. When an instance
is drained, it can be stopped for maintenance without disrupting the service of clustered applications.
Note: http://webservermachine.mycompany.com/balancer-manager
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-33
Vertical Clustering
of SAS Web Application Servers
Clients Middle Tier
SASServer1_2
SASServer1_3
28
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Vertical clustering can be configured automatically by the SAS Deployment Wizard. The custom
prompting level is used in the SAS Deployment Wizard.
If you configured multiple instances of a managed server, such as SASServer1_1 and SASServer1_2, then
the web applications that support clustering are deployed identically to each instance. Each of these
instances is a vertical cluster member.
Advantages:
If the Java process that underlies one of the instances in the web application server cluster encounters
problems that stop the functioning of the web applications, the applications in the other cluster instance
are still able to respond. In this case, it would be possible to stop and restart the web application server
that is experiencing problems. Requests would still be serviced by the applications in the other cluster
instance. Users who had sessions on the stopped server would lose session data, but an attempt to
reconnect to a clustered application would be successful.
In some cases, the operating system can balance CPU load more effectively if separate Java processes
are used.
Disadvantages:
If the single machine on which the vertical cluster is deployed experiences an outage, then all the
instances in the cluster are affected. Therefore, the failure of a single machine would cause the
application to become unavailable.
Note: Some applications, such as SAS BI Dashboard Event Generator, and some SAS solutions
applications cannot be clustered. Those are examples of when the server instances and
applications are not identically configured.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-34 Chapter 8 Monitoring Your SAS® Environment
Horizontal Clustering
of SAS Web Application Servers
Clients Middle Tier
SAS Web Application Servers
SASServer1_2
SAS Servers
29
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
In this topology, some deployments can implement a failover scheme, in which a server failure does not
interrupt a user’s session. The proxy server detects the failure and redirects the requests to a different
application server. That server can then retrieve the users’ session information and continue.
Advantages:
The SAS web applications and the web application server cluster are protected by firewalls.
The web application server and SAS web applications can be configured to perform web authentication
for single sign-on to the applications and other web resources in the network.
Response time is improved because static content is cached by SAS Web Server.
The greater computing capacity of the web application server cluster also improves performance.
After the cluster is established, additional server instances can be added to support larger numbers
of concurrent users.
Clustering provides fault isolation that is not possible with a single web application server. If a machine
in the cluster fails, then only the users with active sessions on that machine are affected.
You can plan downtime for maintenance by taking some servers offline. New requests are then directed
to the applications deployed on the remaining servers while maintenance is performed.
Configuration and deployment of the cluster and the applications can still be automated with
the SAS Deployment Wizard.
Disadvantages:
SAS Web Server remains a single point of failure. Software and hardware high-availability options
exist to mitigate this disadvantage.
Some operations, such as redeploying web applications, can require more effort when more machines
are used.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-35
Cluster Configurations
Similar to clustering, the applications can be distributed to different managed servers. Distributing the
applications is similar to clustering in that additional web application server instances are used. It is
different in that the managed server profiles are different. That is, single instances of the applications
are distributed to web application servers rather than redundant instances.
Distributing the applications enables more memory availability for the applications that are deployed
on each managed server and also increases the number of users that can be supported.
Some SAS solutions are configured automatically with multiple servers by the SAS Deployment Wizard.
However, you can choose to configure multiple managed servers by running the wizard with the custom
prompting level and selecting this feature.
Whether the single or multiple server topology is selected, both vertical and horizontal clusters are still
possible, as is a combination of both clustering techniques. The only difference is how the applications
are distributed to the server instances.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-36 Chapter 8 Monitoring Your SAS® Environment
High Availability
Several middle-tier components can be configured for high availability, and each has
different requirements and considerations.
SAS Web Server
SAS Web Application Server SAS Web Application Server SAS Web Application Server
SASServer1_1 SASServer1_1 SASServer1_1
Cache Locator JMS Broker Cache Locator JMS Broker Cache Locator JMS Broker
Note: Some components, such as SAS Web Application Server, can be configured in a cluster
automatically. Other components, like JMS Broker, require manual configuration to enable high
availability.
The following SAS Analytics Platform components can be deployed and configured for high availability:
SAS Metadata Server
SAS Web Server
SAS Web Application Server
SAS Web Infrastructure Platform Data Server
SAS JMS Broker
SAS Cache Locator
SAS Object Spawner
SAS OLAP Server
SAS Environment Manager Server
SAS Environment Manager Agent
SAS Deployment Agent
For more information, refer to the following:
“High-Availability Features in the Middle Tier” in SAS® Intelligence Platform: Middle-Tier
Administration Guide.
“Best Practices for Implementing High Availability for SAS 9.4.” SAS Global Forum Paper 305-2104.
http://support.sas.com/resources/papers/proceedings14/SAS305-2014.pdf
“Managing SAS Web Infrastructure Platform Data Server High-Availability Clusters.” SAS Global
Forum Paper SAS1776-2015. http://support.sas.com/resources/papers/proceedings15/SAS1776-
2015.pdf
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-37
Classroom Environment
32
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-38 Chapter 8 Monitoring Your SAS® Environment
Exercises
3. Right-click Instructions.html and select Open. (Double-clicking the file renders it in the
WinSCP editor, not Internet Explorer.)
4. Select Web Application Server in the Overview list. Review the configuration details.
What web application is not clusterable?
What web app server instance is it deployed on?
What web app server instance is SAS Studio deployed on?
3. Select Web Application Server in the Overview list. Review the configuration details.
What web application is not clusterable?
What web app server instance is it deployed on?
What web app server instance is SAS Studio deployed on?
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-39
5. Setting Up a Basic Alert for a SAS Web Server in SAS Environment Manager
In this exercise, you create an alert indicating when the SAS Web Server is down and when it is back
up (a recovery alert). You also create an escalation scheme, which is a series of steps to be executed
when the alert fires.
a. Sign in to SAS Environment Manager as Ahmed using the password Student1, if not already
signed in. (Open Internet Explorer on the client machine and select SAS Environment Manager
on the Favorites bar.)
b. Create an escalation scheme.
1) Click the Manage tab.
2) Click the Escalation Schemes Configuration link.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-40 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-41
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-42 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-43
event bar for that resource (added automatically when an event is generated)
if you set the alert (notify) to send an email
l. You can look at the other locations as well:
Recent Alerts Portlet on Dashboard Tab
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-44 Chapter 8 Monitoring Your SAS® Environment
Note: The default metric collection interval for the Pivotal Web Server is five minutes.
(This can be changed by selecting Manage Monitoring Defaults. Scroll to Pivot Web
Server 5.4 Servers. Select Edit Metric Template to the far right of the entry.) Therefore,
you might wait as long as five minutes before the alert fires and you see results on your
interface.
m. Acknowledge the alert. This enables others on the system to be aware that an administrator is
aware of the problem. You can acknowledge an alert in two places:
the dashboard Recent Alerts portlet
Analyze Alert Center Alerts tab
1) On the dashboard, select the box next to the NoWebServer and click ACKNOWLEDGE.
2) You can add a note for the reason. It will show up as acknowledged on the Alerts page. If it
is not fixed within five minutes (as specified when the alert was created), then it will request
acknowledgment again.
n. Restart the SAS Web Server by issuing the control action. Go to Resources
sasserver.demo.sas.com Pivotal Web Server 5.4 Webserver Control. Select Start and then
click the arrow in the Quick Control area.
o. Within five minutes or less, you should see the recovery alert, called YesWebServer. It appears in
the same places and indicates that the SAS Web Server is running again.
6. (Optional) Configuring the PostgreSQL Server Component to Interact with Your PostgreSQL
RDBMS
There are three PostgreSQL database servers listed under Resources Servers. None of these
servers are currently being monitored because the resources are not fully configured. In this exercise,
you modify the necessary information so that the SAS Web Infrastructure Platform Data Server
resource can be monitored. (This is the PostgreSQL database server with listening port 9432.)
a. Sign in to SAS Environment Manager as Ahmed using the password Student1, if not
already signed in. (Open Internet Explorer on the client machine and select SAS
Environment Manager on the Favorites bar.)
b. Go to Resources Browse Servers.
c. Find the PostgreSQL 9.x server resource in the list. (You can also go to the resource using
the Search bar. In the drop-down list, select PostgreSQL 9.x and click the arrow on the right.)
d. The status of the PostgreSQL server is undetermined. Click the server link
sasserver.demo.sas.com PostgreSQL 9.x localhost:9432.
e. You see that the server is not well configured. Click Configuration Properties.
f. Enter the required parameter values:
PostgreSQL.user: dbmsowner
PostgreSQL.pass: Student1
PostgreSQL.program or Windows Service:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-45
g. Make sure that the Auto-Discover DataBases, Indexes, and other services? check box
is selected. Then click OK.
h. Click Monitor. After a few minutes (or the required time for the agent to query the system), you
see the server availability, some server metrics, and two new services.
7. (Optional) Administering Logging for SAS Web Infrastructure Platform Data Server
a. Open Internet Explorer on the client machine. Go to the SAS Home page if not already there by
clicking the Home button in the upper right toolbar.
b. Enter PgAdmin III tool in the Search field and click Search.
c. Click the first entry, SAS Web Infrastructure Platform Data Server, dated 2016-01-19.
d. Click Administering Logging for the Server. Review the logging steps.
The pgAdmin III Tool follows. It is a PostgreSQL database design and management system tool
that can be downloaded and enables you to administer the SAS Web Infrastructure Platform Data
Server.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-46 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.2 Reviewing SAS Middle-Tier Architecture 8-47
l. When the command state indicates Completed, click the Monitor tab. The Restart event was
recorded and appears in the Events/Logs Tracking timeline at the bottom of the window:
If you click the event bubble, a message appears. The server is not yet available because all the
applications were not deployed and started yet.
m. If you wait a few minutes, you can see an additional item on the Events/Logs Tracking timeline.
While waiting, you can change the time range of metrics displayed by selecting 30 and Minutes
from the drop-down lists next to Last. Click OK.
That second event provides the actual message text from the log file that you specified in your
search, Server startup in XXXXXX ms, as shown above.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-48 Chapter 8 Monitoring Your SAS® Environment
Objectives
36
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
37
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.3 Additional Topics on SAS Server Maintenance 8-49
In this situation, these are the preferred methods for stopping the server:
Use the metadata manager in SAS Management Console.
Click the Plug-ins tab, expand the Metadata Manager node, right-click the Active Server node, and
select Stop.
Use SAS Environment Manager
Or you can use the metadata server script.
(Windows only) If you cannot stop the server using the metadata manager or the script, then stop the
Windows service. If you cannot stop the service, then use the windows task manager to stop the server
process.
(UNIX only) if you cannot stop the server using the metadata manager or the script, use one of the
following commands to stop the server process:
kill -2 server-process-idkill –15 server-process-id
If the process fails to stop, use the following command:
kill- -9 server-process-id
For more information, see “Exiting or Interrupting Your SAS Session in UNIX Environments” in the
SAS® Companion for UNIX Environments.
38
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
For more information, see “What to Do If the SAS Metadata Server Is Unresponsive” in SAS® 9.4
Intelligence Platform: System Administration Guide.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-50 Chapter 8 Monitoring Your SAS® Environment
The Metadata Analyze and Repair Tool enables you to run selected tests on
metadata to locate common problems. When possible, the tools also repair
problems that the analysis has identified.
The Analyze and Repair Tool can be
• accessed from the Metadata Manager
node in SAS Management Console
• run in batch mode from a command line,
sas-analyze-metadata.
39
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Verify Metadata Files analyzes key metadata server files to determine whether they are corrupted and,
when possible, recommends repairs that can be applied
Verify Associations checks the metadata repository for associations in which one or the other
associated object does not exist.
Metadata Server Cluster Synchronization verifies that metadata is synchronized among all the nodes
of a metadata server cluster
Verify Permissions verifies that permission objects exist only in the Foundation repository
Verify Authentication Domains checks authentication domain objects to ensure that the object names
are valid and unique
Orphaned Objects locates metadata objects that are no longer being referenced
Validate SAS Folders analyzes the integrity of objects contained in the SAS Folders tree.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.3 Additional Topics on SAS Server Maintenance 8-51
The ADMINISTRATION state prevents metadata changes from occurring while the analysis process is
running, except that unrestricted users can continue to change metadata during this time. The server is
automatically resumed when the analysis and repair process is completed.
Every server tier has a configuration directory that includes servers that are
components of a SAS Application Server: OLAP servers, workspace servers,
pooled workspace servers, stored process servers, and SAS/CONNECT servers
Each component has the following:
• scripts for start, stop, and status
• configuration files
• logging configuration files
• autoexec files
• _usermod files
• log files
41
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
The structure and contents of the directory vary depending on the host operating system, which products
are installed, and whether the host machine is a server-tier host or a middle-tier host.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-52 Chapter 8 Monitoring Your SAS® Environment
Changes that you might need to make include specifying the following:
• an appropriate work folder
• a buffer size for writing files to the work area
• a limit on the total amount of memory that SAS uses at any one time
System Option Explanation
-work work-folder Specifies the pathname for the directory that contains the Work data library. This
directory should reside on a disk that emphasizes fast write performance.
-memsize size-value Specifies a limit on the total amount of memory that SAS uses at any one time.
-sortsize size-value Limits the amount of memory that can be used temporarily for sorting. Larger
sort sizes reduce the use of the work folder, but increase the possibility of paging.
-ubufsize size-value Specifies a buffer size for writing files to the work area.
42
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
See “Workspace Server Configuration Tasks” in SAS® 9.4 Intelligence Platform: Application Server
Administration Guide.
After you have determined the system options that you want to use to start your
workspace server, edit the sas command that starts the server.
Note: You might have optimized your workspace server for use with an application,
such as SAS Web Report Studio. If you are using other applications and these
applications can benefit from a workspace server that is configured differently,
you must create a new logical workspace server (under SASApp) and add a
workspace server to it. 43
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.3 Additional Topics on SAS Server Maintenance 8-53
44
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
If you want to specify different values for system options, or if you want to
specify additional options, then enter your updates and additions in which of
the following files for a SAS server?
a. sasv9.cfg
b. metadataconfig_usermods.xml
c. sasv9_usermods.cfg
d. autoexec.sas
45
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-54 Chapter 8 Monitoring Your SAS® Environment
Exercises
Click Yes. (The server will be paused after you complete the next two wizard pages.)
d. On the first wizard page, select the Foundation repository to analyze and repair. Click Next.
e. The next wizard page lists the analysis tools that are available. Select all of the tools. Do not click
the check box to Repair immediately. It is recommended that you perform the repairs in a
separate step. Click Analyze.
A message is displayed stating that the server is being paused to Administration mode. The
analysis is then performed. When it is finished, the results are displayed.
If problems are found, the following message is displayed: Analysis has completed and
problems were found. View the log for details.
f. Click View Log to see information about the errors. Additional details might also be available in
the metadata server log.
g. Scroll down to find WARN messages:
Orphaned Objects locates metadata objects that are no longer being referenced.
Click OK to close out of the log.
h. Click Next.
i. The next wizard page displays a list of the analysis tools that found problem situations. Select one
or more tools to run in Repair mode, and click Repair.
j. A message reminds you to back up your metadata before running the repairs. Click Yes to
continue. The repairs are executed. A dialog box indicates whether each repair was completed
successfully.
k. Click Finish to exit the wizard.
Note: The log will still show the WARN message. Instead, rerun the Analysis/Repair Tools
without repairing and check the log. You should not see any WARN messages.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.3 Additional Topics on SAS Server Maintenance 8-55
10. Locating the Start-up Scripts and Configuration Files for the Workspace Server
On the server machine, open the script to start the SAS Workspace Server.
What configuration files are read during the server start-up?
appservercontext_env.sh
level_env.sh
Note: These configuration files include other reference to configuration files. The
complete list of configuration files and order of precedence can be found at the
end of this exercise.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-56 Chapter 8 Monitoring Your SAS® Environment
Appservercontext_env.bat:
Level_env.bat:
Note: The documentation provides information about the configuration files used by default.
This can be found in the appendix of SAS® 9.4 Intelligence Platform: System
Administration Guide, Fourth Edition.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.3 Additional Topics on SAS Server Maintenance 8-57
1 Windows: \Lev1\server-context\server-name\sasv9.cfg
UNIX: /Lev1/server-context/server-name/sasv9.cfg
2 Windows: \Lev1\server-context\sasv9.cfg
UNIX: /Lev1/server-context/sasv9.cfg
3 Windows: SAS-install-directory\SASFoundation\9.4\sasv9.cfg
UNIX: SAS-install-directory /SASFoundation/9.4/sasv9.cfg
5 Windows: SAS-install-directory\SASFoundation\9.4\locale\sasv9.cfg
UNIX: SAS-install-directory /SASFoundation/9.4/locale/sasv9.cfg
6 Windows: \Lev1\server-context\sasv9_usermods.cfg
UNIX: /Lev1/server-context/sasv9_usermods.cfg
7 Windows: \Lev1\server-context\appserver_autoexec.sas
UNIX: /Lev1/server-context/appserver_autexec.sas
8 Windows: \Lev1\server-context\appserver_autoexec_usermods.sas
UNIX: /Lev1/server-context/appserver_autoexec_usermods.sas
9 Windows: \Lev1\server-context\server-name\sasv9_usermods.cfg
UNIX: /Lev1/server-context/server-name/sasv9_usermods.cfg
10 Windows: \Lev1\server-context\server-name\autoexec.sas
UNIX: /Lev1/server-context/server-name/autoexec.sas
11. (Optional) Adding System Options to the Workspace Server Launch Command
After you have determined the system options that you want to use to start your workspace server,
you can add system options to the workspace server launch command.
a. In SAS Management Console, expand Server Manager SASApp - Logical Workspace
Server. A tree node that represents the physical workspace server is displayed.
b. Right-click the icon for the physical workspace server, and select Properties.
c. Click the Options tab. The command to start the workspace server is displayed.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-58 Chapter 8 Monitoring Your SAS® Environment
d. You would edit the text in the Command text box, which by default is set to this:
configuration-directory\SASApp\WorkspaceServer\WorkspaceServer.bat
For example, here is a command with options that improve performance for a workspace server:
configuration-directory\SASApp\WorkspaceServer\WorkspaceServer.bat
-rsasuser -work work-folder -ubufsize 64K -memsize 512M
-realmemsize 400M -sortsize 256M
e. If you wanted to force the workspace server to disconnect idle clients, on this Options tab, click
Advanced Options.
f. Click Launch Properties.
g. In the Inactive client timeout field, enter a numeric value (minutes) that a connected client is
allowed to remain inactive before the server disconnects the client. Specify a value of 0 to disable
this option.
h. Click Cancel in the Advanced Options dialog box.
i. Click Cancel in the Properties dialog box. (You are not making any changes.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-59
8.4 Solutions
Solutions to Exercises
1. Setting Up a Monitor for the SAS Work Directory
The SAS Work directory stores temporary files that are created during SAS processing of code. This
directory is automatically cleaned up by default. However, the SAS Work directory might not be
cleaned up properly due to unexpected errors in processing or termination of SAS sessions. It might
be necessary to monitor the SAS Work directory to avoid a buildup of disk usage.
a. Sign in to SAS Environment Manager as Ahmed using the password Student1.
b. Locate the resource for the SAS Work directory by selecting Resource Services.
c. Enter work directory in the Search field and click the arrow to the far right of the row .
d. Click sasserver.demo.sas.com SAS Home Directory 9.4 SAS work directory. Where is the SAS
Work directory located?
For Linux:
For Windows:
You can confirm the location by opening a SAS session through SAS Studio or SAS Enterprise
Guide and submitting the following code:
proc options option = work;
run;
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-60 Chapter 8 Monitoring Your SAS® Environment
Note: Use Percent is one of the metrics available for this resource.
The Metric Viewer portlet does not provide a resource type of SAS Work directory. It has only
SAS Home Directory and SAS Config Level Directory. Therefore, SAS Work metrics cannot be
displayed directly. The workaround is to create a platform service of type FileServer Directory,
which provides the metrics that we want and then points this new platform service to the OS
directory where SAS Work is located.
e. Select Resources Platforms. Click sasserver.demo.sas.com.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-61
h. Click OK.
i. Click Configuration Properties to configure the resource.
Enter /tmp.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-62 Chapter 8 Monitoring Your SAS® Environment
k. Create a new Metric Viewer portlet on the Dashboard page. Click the Dashboard tab.
l. On the right side at the bottom of the Dashboard page, select Metric Viewer in the Add Content
to this column field and click the button.
m. Click the Configure button to display the Dashboard Settings page for the portlet.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-63
q. Click OK.
In most cases, the Metric Viewer portlet provides the resource types that you want. Therefore,
you can get the metrics that you want to view directly. In this case, we had to use an OS-level
resource type to view those metrics.
2. Defining an Alert for a SAS Server Log File
Log file entries are one type of event that can be configured and customized using SAS Environment
Manager’s log file tracking. For each SAS server, a special file named
sev_logtracker_plugin.properties is automatically set up by the SAS Deployment Wizard. They can
be configured to trap various log entries and capture them as events.
You can add to this file to create events for criteria of your choosing. Because each SAS server has its
own properties file, logging events can be created for specific server types.
In this exercise, you will set up an alert to be triggered whenever a warning message for the I/O
Subsystem appears in the log of the SAS Metadata Server.
a. On the server machine, navigate to the metadata server’s sev_logtracker_plugin.properties file.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-64 Chapter 8 Monitoring Your SAS® Environment
c. Open sev_logtracker_plugin.properties.
#All errors
level.error.1=.*
These entries specify that an event is created whenever a message appears in the SAS log with a
level of Fatal or Error. The message can contain any text. (The period represents any character
and the asterisk says “zero or more of the preceding character,” which is a period, so any and all
characters.)
level.warn.1=.*Access to this account.*is locked out.* specifies that an event is created
whenever a message with a level of Warn appears that also contains the words: Access to this
account and is locked out. Any or no characters can be before, in between, and after these words.
Multiple entries for messages at the same log level must have an incremental number. In the
metadata server properties file, the next warn message to be captured would be
level.warn.3=.*message text here.*
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-65
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-66 Chapter 8 Monitoring Your SAS® Environment
g. On the Detail page, select Alert Configure to display the Alert Configuration page.
i. Name the alert, select the priority, and specify that the alert should be active.
Alert Properties:
Name: I/O Subsystem
Priority: Medium
Description: I/O subsystem warnings in the server log
Condition Set: Select the Event/Logs Level radio button and then select Info in the
Event/Logs Level field.
In the Substring to Match field, enter I/O Subsystem.
These values specify that an alert is issued whenever an event is found for an Info message from
the log containing the string I/O Subsystem.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-67
In the Enable Actions(s) area, select the Each time conditions are met radio button. An alert is
triggered each time I/O Subsystem information appears in the log.
j. Click OK.
3. Searching on the Web for SAS Usage Note on I/O Subsystem
a. Open a new tab in Internet Explorer and click the Home button in the upper right.
b. In the Search field, enter I/O Subsystem.
c. Select the Usage Note 53874.
Note: There are many papers from SAS that can help you with various troubleshooting
techniques. For a complete list of papers useful for troubleshooting system performance
problems, see Usage Note 42197.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-68 Chapter 8 Monitoring Your SAS® Environment
Linux Server
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-69
3. Right-click Instructions.html and select Open. (Double-clicking the file renders it in the
WinSCP editor, not Internet Explorer.)
4. Select Web Application Server in the Overview list. Review the configuration details.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-70 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-71
3. Select Web Application Server in the Overview list. Review the configuration details.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-72 Chapter 8 Monitoring Your SAS® Environment
7) The deployed SAS web applications are listed. You can stop and start a web application from
this location as well.
c. Find the WAR files that are deployed on each web application server instance. They are located
in the sas_webapps directory under the SAS Web Application Server configuration directory.
5. Setting Up a Basic Alert for SAS Web Server in SAS Environment Manager
In this exercise, you create an alert indicating when the SAS Web Server is down and when it is back
up (a recovery alert). You also create an escalation scheme, which is a series of steps to be executed
when the alert fires.
a. Sign in to SAS Environment Manager as Ahmed using the password Student1, if not already
signed in. (Open Internet Explorer on the client machine and select SAS Environment Manager
on the Favorites bar.)
b. Create an escalation scheme.
1) Click the Manage tab.
2) Click the Escalation Schemes Configuration link.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-73
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-74 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-75
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-76 Chapter 8 Monitoring Your SAS® Environment
d. You are now presented with an additional window that enables you to associate this alert with
an escalation scheme. Use the drop-down list to select the WebServerScheme scheme that was
just created.
e. After the escalation scheme is selected, click Return to Alert Definitions to create the recovery
alert.
f. Create the second alert, the recovery alert, which indicates the server is back up.
1) Click New. A new alert definition window appears.
2) Enter the following information:
Name: YesWebServer
Description: SAS Web Server is back up!
Priority: High
Active: Yes
If Condition: Metric Availability = 100% of Baseline Value
Recovery Alert for: NoWebServer
Enable Action Each time conditions are met
Enable Action Filters: (blank)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-77
g. Select Analyze Alert Center. Click the Definition tab. All defined alerts are listed, including
the two that you just defined.
h. Test the new alerts. Go to Resource Browse. Click sasserver.demo.sas.com Pivotal Web
Server 5.4 Web Server.
i. Click Control.
j. Select Stop from the drop-down list and click next to the Control Action field.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-78 Chapter 8 Monitoring Your SAS® Environment
Note: It can take up to five minutes before the system detects that the SAS Web Server is down,
because the default collection interval for it is five minutes.
k. Select Resources. With Servers selected, the SAS Web Server is displayed as Not Available on
the Availability timeline.
Here are some of the locations where alerts appear:
Dashboard Recent Alerts or Problem Resources portlets
on the header of the Environment Manager
Analyze tab Alert Center
event bar for that resource (added automatically when an event is generated)
if you set the alert (notify) to send an email
l. You can look at the other locations as well:
Recent Alerts Portlet on Dashboard Tab
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-79
Note: The default metric collection interval for the Pivotal Web Server is five minutes.
(This can be changed by selecting Manage Monitoring Defaults. Scroll to Pivot Web
Server 5.4 Servers. Select Edit Metric Template to the far right of the entry.) Therefore,
you might wait as long as five minutes before the alert fires and you see results on your
interface.
m. Acknowledge the alert. This enables others on the system to be aware that an administrator is
aware of the problem. You can acknowledge an alert in two places:
the dashboard Recent Alerts portlet
Analyze Alert Center Alerts tab
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-80 Chapter 8 Monitoring Your SAS® Environment
1) On the dashboard, select the box next to the NoWebServer and click ACKNOWLEDGE.
2) You can add a note for the reason. It will show up as acknowledged on the Alerts page. If it is
not fixed within five minutes (as specified when the alert was created), then it will request
acknowledgment again.
n. Restart the SAS Web Server, by issuing the control action. Go to Resources
sasserver.demo.sas.com Pivotal Web Server 5.4 Webserver Control. Select Start and then
click the arrow in the Quick Control area.
o. Within five minutes or less, you should see the recovery alert, called YesWebServer. It appears in
the same places and indicates that the SAS Web Server is running again.
6. (Optional) Configuring the PostgreSQL Server Component to Interact with Your PostgreSQL
RDBMS
There are three PostgreSQL database servers listed under Resources Servers. None of these
servers are currently being monitored because the resources are not fully configured. In this exercise,
you modify the necessary information so that the SAS Web Infrastructure Platform Data Server
resource can be monitored. (This is the PostgreSQL database server with listening port 9432.)
a. Sign in to SAS Environment Manager as Ahmed using password Student1, if not already signed
in. (Open Internet Explorer on the client machine and select SAS Environment Manager on the
Favorites bar.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-81
c. Find the PostgreSQL 9.x server resource in the list. (You can also go to the resource using
the Search bar. In the drop-down list, select PostgreSQL 9.x and click the arrow on the right.)
d. The status of the PostgreSQL server is undetermined. Click the server link
sasserver.demo.sas.com PostgreSQL 9.x localhost:9432.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-82 Chapter 8 Monitoring Your SAS® Environment
e. You see that the server is not well configured. Click Configuration Properties.
PostgreSQL.pass: Student1
PostgreSQL.program or Windows Service:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-83
g. Make sure that the Auto-Discover DataBases, Indexes, and other services? check box is
selected. Then click OK.
h. Click Monitor. After a few minutes (or the required time for the agent to query the system),
you see the server availability, some server metrics, and two new services.
7. (Optional) Administering Logging for SAS Web Infrastructure Platform Data Server
a. Open Internet Explorer on the client machine. Go to the SAS Home page if not already there by
clicking the Home button in the upper right toolbar.
b. Enter PgAdmin III tool in the Search field and click Search.
c. Click the first entry, SAS Web Infrastructure Platform Data Server, dated 2016-01-19.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-84 Chapter 8 Monitoring Your SAS® Environment
d. Click Administering Logging for the Server. Review the logging steps.
The pgAdmin III Tool follows. It is a PostgreSQL database design and management system tool
that can be downloaded and enables you to administer the SAS Web Infrastructure Platform Data
Server.
8. (Optional) Setting Up Log Tracking for a Resource in the SAS Environment Manager
Many of the server-level resources enable the administrator to set up log tracking. This is a method of
monitoring specific log files, usually for specific messages, such as severe errors or other critical
information. By doing this, you are not required to open the log files directly. You can access only the
portion that you need from the user interface. The log file entries are one type of event that can be
configured and customized in SAS Environment Manager.
For SAS servers, a special file, sev_logtracker_plugin.properties, is automatically set up by the
SAS Deployment Wizard. For servers that are not SAS servers, you have to turn on log tracking and
specify the log messages that you want to capture.
In this exercise, you enable log tracking for a SAS Web Application Server. The tc Server
(SASServer1 instance) log file is scanned for start-up completion. If you must restart that server, you
know when it fully started up, and that all the web applications are loaded and ready for users.
Although this server might appear as Available or Started right away, it is not actually ready to
receive requests for 20 to 30 minutes after that, given the necessary full deployment of all the SAS
web applications.
a. Sign in to SAS Environment Manager as Ahmed using the password Student1, if you are not
already logged on.
b. Click Resources Browse.
c. Click sasserver.demo.sas.com tc Runtime SASServer2_1.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-85
d. Click Views Application Management. There are fewer web applications deployed on this
instance, so choose this tc Server to use for log tracking.
f. Scroll to the bottom to the Configuration Properties section, and click Edit.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-86 Chapter 8 Monitoring Your SAS® Environment
h. Click OK at the bottom center of the window. You should see the following message:
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-87
l. When the command state indicates Completed, click the Monitor tab.
The Restart event was recorded and appears in the Events/Logs Tracking timeline at the bottom
of the window, as shown.
If you click the event bubble, a message appears. The server is not yet available because all the
applications were not deployed and started yet.
m. If you wait a few minutes, you can see an additional item on the Events/Logs Tracking timeline.
That second event provides the actual message text from the log file that you specified in your
search earlier: Server startup in XXXXXX ms, as shown above.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-88 Chapter 8 Monitoring Your SAS® Environment
Click Yes. (The server will be paused after you complete the next two wizard pages.)
d. On the first wizard page, select the Foundation repository to analyze and repair. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-89
e. The next wizard page lists the analysis tools that are available. Select all of the tools. Do not click
the check box to Repair immediately. It is recommended that you perform the repairs in a
separate step. Click Analyze.
A message is displayed stating that the server is being paused to Administration mode. The
analysis is then performed. When it is finished, the results are displayed.
If problems are found, the following message is displayed: Analysis has completed and
problems were found. View the log for details.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-90 Chapter 8 Monitoring Your SAS® Environment
f. Click View Log to see information about the errors. Additional details might also be available in
the metadata server log.
Orphaned Objects locates metadata objects that are no longer being referenced.
Click OK to close out of the log.
h. Click Next.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-91
i. The next wizard page displays a list of the analysis tools that found problem situations. Select one
or more tools to run in Repair mode, and click Repair.
j. A message reminds you to back up your metadata before running the repairs. Click Yes to
continue. The repairs are executed. A dialog box indicates whether each repair was completed
successfully.
Note: The log will still show the WARN message. Instead, rerun the Analysis/Repair Tools
without repairing and check the log. You should not see any WARN messages.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-92 Chapter 8 Monitoring Your SAS® Environment
10. Locating the Start-up Scripts and Configuration Files for the Workspace Server
On the server machine, open the script to start the SAS Workspace Server.
What configuration files are read during the server start-up?
appservercontext_env.sh
level_env.sh
Note: These configuration files include other reference to configuration files. The complete
list of configuration files and order of precedence can be found at the end of this
exercise.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-93
Appservercontext_env.bat:
Level_env.bat:
Note: These configuration files include other reference to configuration files. The complete
list of configuration files and order of precedence can be found at the end of this
exercise.
Note: The documentation provides information about the configuration files used by default.
This can be found in the appendix of SAS® 9.4 Intelligence Platform: System
Administration Guide, Fourth Edition.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-94 Chapter 8 Monitoring Your SAS® Environment
1 Windows: \Lev1\server-context\server-name\sasv9.cfg
UNIX: /Lev1/server-context/server-name/sasv9.cfg
2 Windows: \Lev1\server-context\sasv9.cfg
UNIX: /Lev1/server-context/sasv9.cfg
3 Windows: SAS-install-directory\SASFoundation\9.4\sasv9.cfg
UNIX: SAS-install-directory /SASFoundation/9.4/sasv9.cfg
5 Windows: SAS-install-directory\SASFoundation\9.4\locale\sasv9.cfg
UNIX: SAS-install-directory /SASFoundation/9.4/locale/sasv9.cfg
6 Windows: \Lev1\server-context\sasv9_usermods.cfg
UNIX: /Lev1/server-context/sasv9_usermods.cfg
7 Windows: \Lev1\server-context\appserver_autoexec.sas
UNIX: /Lev1/server-context/appserver_autexec.sas
8 Windows: \Lev1\server-context\appserver_autoexec_usermods.sas
UNIX: /Lev1/server-context/appserver_autoexec_usermods.sas
9 Windows: \Lev1\server-context\server-name\sasv9_usermods.cfg
UNIX: /Lev1/server-context/server-name/sasv9_usermods.cfg
10 Windows: \Lev1\server-context\server-name\autoexec.sas
UNIX: /Lev1/server-context/server-name/autoexec.sas
11. (Optional) Adding System Options to the Workspace Server Launch Command
After you have determined the system options that you want to use to start your workspace server,
you can add system options to the workspace server launch command.
a. In SAS Management Console, expand Server Manager SASApp - Logical Workspace
Server. A tree node that represents the physical workspace server is displayed.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-95
b. Right-click the icon for the physical workspace server, and select Properties.
c. Click the Options tab. The command to start the workspace server is displayed.
d. You would edit the text in the Command text box, which by default is set to this:
configuration-directory\SASApp\WorkspaceServer\WorkspaceServer.bat
For example, here is a command with options that improve performance for a workspace server:
configuration-directory\SASApp\WorkspaceServer\WorkspaceServer.bat
-rsasuser -work work-folder -ubufsize 64K -memsize 512M
-realmemsize 400M -sortsize 256M
e. If you wanted to force the workspace server to disconnect idle clients, on this Options tab, click
Advanced Options.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-96 Chapter 8 Monitoring Your SAS® Environment
g. In the Inactive client timeout field, enter a numeric value (minutes) that a connected client is
allowed to remain inactive before the server disconnects the client. Specify a value of 0 to disable
this option.
h. Click Cancel in the Advanced Options dialog box.
i. Click Cancel in the Properties dialog box. (You are not making any changes.)
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8.4 Solutions 8-97
If you want to specify different values for system options, or if you want to
specify additional options, then enter your updates and additions in which of
the following files for a SAS server?
a. sasv9.cfg
b. metadataconfig_usermods.xml
c. sasv9_usermods.cfg
d. autoexec.sas
46
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
8-98 Chapter 8 Monitoring Your SAS® Environment
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 9 Exploring Ongoing
Administration Tasks
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.1 Updating SAS Software 9-3
Objectives
3
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Administers who maintain software deployments must balance the need for
stability with the value of changes. Administrators could apply changes
• as soon as they are released
Maintenance Administration Tasks
• if they address a specific problem
Apply Maintenance Apply Hotfixes
4
Copy rig ht © SA S Institute Inc. A ll rig hts re se rve d.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-4 Chapter 9 Exploring Ongoing Administration Tasks
5
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
The planning that goes into maintenance releases and new software releases is beyond this discussion.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.1 Updating SAS Software 9-5
Hot Fixes
Hot fixes are used to solve critical and frequently recurring problems.
They are tested and supported by SAS.
Hot fixes are packaged or grouped in three ways:
• Individual hot fixes
• Container hot fixes
• Hot fix bundles
6
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
SAS provides hot fixes to previously shipped software. A hot fix is created to resolve a number of
problems, ranging from an isolated code fix for a critical bug uncovered by a specific customer
application to a frequently recurring problem in a common code base. The hot fix tooling has changed
over time to simplify their identification and installation.
Each hot fix from SAS is tested and fully supported and then typically incorporated into the next
maintenance release or full release of the software component or product. Hot fixes are packaged or
grouped in three different ways:
Individual hot fixes – created to fix one product or software component.
Container hot fixes – created to provide fixes for one or more software components that must be hot
fixed together in order to provide a complete resolution to the problem being addressed. In order to
fully install the container hot fix, the container needs to be applied to each machine in the deployment
that contains one or more of the products being fixed by the container.
Hot fix bundles – an accumulation of one or more individual hot fixes. These bundles tend to be
produced (and named) for products such as SAS Marketing Optimization and can contain a number of
fixes for different components within the product. Bundling these fixes makes it simpler for you to
obtain and install them.
For more information about hot fixes, refer to http://ftp.sas.com/techsup/download/hotfix/faq.html.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-6 Chapter 9 Exploring Ongoing Administration Tasks
7
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
ViewRegistry
8
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
The installation of SAS products is logged in the SAS Deployment Registry. ViewRegistry is a reporting
utility that processes the deployment registry to generate a report. This report identifies all SAS 9.2 and
later software that is installed in the current SASHOME location. Installed hot fixes are also logged in the
SAS Deployment Registry and reported in DeploymentRegistry.html.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.1 Updating SAS Software 9-7
Beginning with SAS 9.4 M3, the default output reports only the current release of product components,
which are installed in the current SASHOME. Duplicate product component entries appear only for
products that support side-by-side deployment (for example, SAS Enterprise Guide and SAS Add-In for
Microsoft Office). The -all option can be used to report on all product components that have been
installed in SASHOME.
The ViewRegistry report is generated by executing the JAR file sas.tools.viewregistry.jar. This JAR file
is located in the SASHOME/deploymntreg directory and must be executed from this directory.
Two output files are produced by the reporting utility, DeploymentRegistry.html and
DeploymentRegistry.txt. The HTML and TXT output files are written in the SASHOME/deploymntreg
directory.
Note: In order to run the reporting utility, Windows users must have Write permissions for the
deploymntreg directory (the default location is D:\Program Files\SASHome\deploymntreg)
because the resulting reports are written to this location. UNIX users must have Write permission
to the SASHOME location.
For more information about using the ViewRegistry report, see Usage Note 35968, “Using the
ViewRegistry Report and other methods to determine the SAS® 9.2 and later software releases and hot
fixes that are installed.”
9
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
The SAS Hot Fix Analysis, Download, and Deployment tool (SASHFADD)
analyzes a SAS Deployment Registry (DeploymentRegistry.txt)
creates a Hot Fix Report with information and links to hot fixes, which are eligible to be installed on
the SAS deployment
generates scripts that automate the download of the eligible hot fixes.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-8 Chapter 9 Exploring Ongoing Administration Tasks
10
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.1 Updating SAS Software 9-9
Hot fixes containing updates only to non-English software components: This section might appear in
the Hot Fix Report. It lists hot fixes that can be applied only to systems where the languages listed with
the hot fix are installed for the specific SAS product. These hot fixes do not appear in the SASHFADD
FTP scripts. They must be downloaded by clicking the Download link. Successful installation of these
hot fixes is recorded in the SAS Deployment Registry. If you are ineligible to install these hot fixes
because you have not installed the SAS product for the languages listed, then you can safely ignore the
appearance of these hot fixes in the report. If you do not want to see these hot fixes in the report,
uncomment the line -ENGLISH_ONLY in SASHFADD.cfg.
11
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-10 Chapter 9 Exploring Ongoing Administration Tasks
12
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.1 Updating SAS Software 9-11
13
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
The SAS Deployment Manager includes a task to update the license file in the metadata.
For troubleshooting SID file errors, see Problem Note 56371, “The Renew SAS® Software utility or SAS®
installation process produces an "invalid SID file" error after you select the SID file.”
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-12 Chapter 9 Exploring Ongoing Administration Tasks
Exercises
1) Open Internet Explorer and go to the Home page. You can click the Home button in the
upper right toolbar.
2) In the Search field, enter Usage Note 35968 and click Search.
3) Select the first entry, 35968 – Using the ViewRegistry Report and other methods to
determine the SAS 9.2 and later software releases and hot fixes that are installed, dated
2015-07-16.
b. Review the hot fix FAQ at http://ftp.sas.com/techsup/download/hotfix/faq.html.
c. Review SAS® Hot Fix Analysis, Download, and Deployment Tool Usage Guide at
http://ftp.sas.com/techsup/download/hotfix/HF2/SASHFADD_usage.pdf.
2. Exploring How to Update SAS Licenses
Navigate to support.sas.com/techsup. Use the Search box to search for information about how
to update SAS licenses. For example, you can search for SAS 9.4 update license. Review
the information that is relevant to your deployment version and software.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.2 Finding Resources for SAS Administrators 9-13
Objectives
• Identify areas of support that SAS offers to support the deployment and
administration communities.
• List additional available resources.
17
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
18
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-14 Chapter 9 Exploring Ongoing Administration Tasks
SAS provides a wide array of tools and resources designed to help you find answers and resolve
problems. From the SAS customer support website at support.sas.com, you can access the extensive SAS
knowledge base, where you can find information about SAS software, SAS product documentation, SAS
technical papers, samples, SAS notes, and much more.
Documentation
19
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
SAS documentation is available in multiple formats, based on your needs. Product documentation is
organized by usage, such as Installation, Configuration, and Migration information, Administration
information, or a Programmer’s Bookshelf. There is also extensive search capabilities, by keywords,
release, or product. Documentation on current releases as well as previous releases is provided.
In addition to product documentation, many different forms of technical papers and conference
proceedings are available.
SAS Technical Papers – http://support.sas.com/resources/papers/index.html
SAS Technical Papers » Installation and Enterprise Administration –
http://support.sas.com/resources/papers/tnote/tnote_enterprise.html
SAS Global Forum Conference Proceedings –
http://support.sas.com/events/sasglobalforum/previous/online.html
SAS Presents – Technical Papers and Presentations – http://support.sas.com/rnd/papers/index.html
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.2 Finding Resources for SAS Administrators 9-15
Install Center
20
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
SAS Install Center contains the most up-to-date installation and configuration documentation for SAS
software. The documentation on this site is grouped by SAS release, installation, and configuration type.
System Requirements
21
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Information about supported operating systems and associated platforms can be found in the System
Requirements section of the Knowledge Base on support.sas.com. The supported operating systems
derived from this page are for a set of products made up of the combination of Base SAS and the
orderable server-side products that are installed at the same time as Base SAS.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-16 Chapter 9 Exploring Ongoing Administration Tasks
22
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Samples & SAS Notes provide useful examples of using SAS software. There are different types of SAS
notes available at the Samples & SAS Notes section of the Knowledge Base:
Usage Notes – These notes provide information, examples, and suggestions for usage of SAS software.
Installation Notes – These notes are focused on SAS installations, providing useful information and
references for install-related questions.
Problem Notes – These notes contain useful information about usage problems, and provide
information about workarounds and available hot fixes.
http://support.sas.com/notes/index.html
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.2 Finding Resources for SAS Administrators 9-17
Subscriptions
23
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
E-Newsletters – http://support.sas.com/community/newsletters/index.html
SAS Tech Report
SAS Statistics and Operations Research News
SAS Learning Report
SAS Book Report
SAS Global Certification News
TS-NEWS-L – http://support.sas.com/techsup/news/tsnews.html
SNOTES-L – http://support.sas.com/techsup/news/snotes.html
Security Bulletins – http://support.sas.com/security/alerts.html
RSS feeds and Blogs – http://support.sas.com/community/rss/
SAS-L – User supported Listserv – listserv.uga.edu/archives/sas-l.html
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-18 Chapter 9 Exploring Ongoing Administration Tasks
Administration Online
24
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
There are multiple online communities focused on SAS deployment and administration.
SAS Communities - https://communities.sas.com/
Administrator Blog Series - http://blogs.sas.com/content/sgf/tag/sas-administrators/
Administration and Deployment Community - https://communities.sas.com/t5/Administration-and-
Deployment/bd-p/sas_admin
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9.3 Solutions 9-19
9.3 Solutions
Solutions to Exercises
1. Exploring SAS Software Updates
a. Review the Usage Note that instructs on using the ViewRegistry report.
1) Open Internet Explorer and go to the Home page. You can click the Home button in the
upper right toolbar.
2) In the Search field, enter Usage Note 35968 and click Search.
3) Select the first entry, 35968 – Using the ViewRegistry Report and other methods to
determine the SAS 9.2 and later software releases and hot fixes that are installed, dated
2015-07-16.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
9-20 Chapter 9 Exploring Ongoing Administration Tasks
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
Chapter 10 Learning More
10.1 SAS Resources ............................................................................................................. 10-3
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10.1 SAS Resources 10-3
Objectives
3
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Education
http://support.sas.com/training
4
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10-4 Chapter 10 Learning More
SAS Books
www.sas.com/store/books
5
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
SAS Education enables you to validate your skills and knowledge through
certification and includes the following:
• globally recognized certifications
• preparation materials
• practice exams
http://support.sas.com/certify
6
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10.1 SAS Resources 10-5
Customer Support
http://support.sas.com/techsup/
7
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
8
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10-6 Chapter 10 Learning More
Networking
Social media channels, SAS blogs, and user group organizations enable you to
• interact with other SAS users and SAS staff
• learn new programming tips and tricks
• obtain exclusive discounts.
http://support.sas.com/socialmedia
9
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Objectives
12
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10.2 Beyond This Course 10-7
http://support.sas.com/training/options
13
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Classroom training can be delivered in SAS training centers, in the Live Web
classroom, and at your site.
http://support.sas.com/training/us/paths
SAS e-Learning provides award-winning training when and where you need it.
http://support.sas.com/elearn
14
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10-8 Chapter 10 Learning More
15
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
16
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10.2 Beyond This Course 10-9
http://support.sas.com/training/tutorial
17
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Next Steps
After you complete this course, you have access to extended learning
resources, including the following:
• an electronic copy of the course notes
• links to technical papers
• links to SAS Publishing documentation and books
• links to white papers, SAS Global Forum papers, and much more
To grow your SAS skills, remember to activate the extended learning page for
this course.
18
Copy rig ht © SA S Institute Inc. A ll rig hts reserved.
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.
10-10 Chapter 10 Learning More
Copyright © 2017, SAS Institute Inc., Cary, North Carolina, USA. ALL RIGHTS RESERVED.