Professional Documents
Culture Documents
Copyright Notice
Thecorrectbibliographiccitationforthismanualisasfollows:SASInstituteInc.,Administrators GuideforSASAnalyticsPlatform1.5,Cary,NC:SASInstituteInc.,2009. AdministratorsGuideforSASAnalyticsPlatform1.5 Copyright2009,SASInstituteInc.,Cary,NC,USA. Allrightsreserved.PrintedintheUnitedStatesofAmerica.Nopartofthispublicationmaybe reproduced,storedinaretrievalsystem,ortransmitted,byanyformorbyanymeans,electronic, mechanical,photocopying,orotherwise,withoutthepriorwrittenpermissionofthepublisher, SASInstituteInc.Limitedpermissionisgrantedtostorethecopyrightedmaterialinyoursystem anddisplayitonterminals,printonlythenumberofcopiesrequiredforusebythosepersons responsibleforinstallingandsupportingtheSASprogrammingandlicensedprogramsforwhich thismaterialhasbeenprovided,andtomodifythematerialtomeetspecificinstallation requirements.TheSASInstitutecopyrightnoticemustappearonallprintedversionsofthis materialorextractsthereofandonthedisplaymediumwhenthematerialisdisplayed. Permissionisnotgrantedtoreproduceordistributethematerialexceptasstatedabove. U.S.GovernmentRestrictedRightsNotice.Use,duplication,ordisclosureofthesoftwarebythe governmentissubjecttorestrictionsassetforthinFAR52.22719CommercialComputer SoftwareRestrictedRights(June1987). SASInstituteInc.,SASCampusDrive,Cary,NorthCarolina27513. SASandallotherSASInstituteInc.productorservicenamesareregisteredtrademarksor trademarksofSASInstituteInc.intheUSAandothercountries.
indicatesUSAregistration.
Otherbrandandproductnamesaretrademarksoftheirrespectivecompanies.
Runtime .................................................................................................................. 27
Starting the SAS Analytics Platform Server .................................................. 27
Starting the SAS Analytics Platform Server under Windows ............................................ 27 Starting the SAS Analytics Platform Server under UNIX.................................................. 27
SAS Enterprise Miner Personal Workstation ................................................. 28 Firewall ........................................................................................................ 28 Monitoring the SAS Analytics Platform Server .............................................. 30
Monitoring Using the Analytics Platform Console Application ........................................... 30 Monitoring Using a Web Browser ................................................................................ 34 Monitoring Using a JMX Console ................................................................................. 36
Java Web Start Client Considerations ........................................................... 38 Windows Service Administration .................................................................. 38
Troubleshooting..................................................................................................... 39
i 15 December 2009
ii
Introduction
TheSASAnalyticsPlatformprovidesacommonapplicationframeworkforthefollowinganalytical applications: SASEnterpriseMiner/SASTextMiner SASForecastServer SASModelManager SASWarrantyAnalysis
Centralizingcommonapplicationfunctionalityintooneinstallablecomponentsimplifiestheoverall installationandadministrationprocessfortheseapplications,especiallywhenonetakesadvantageof theserverfunctionalityoftheSASAnalyticsPlatform. MostanalyticsapplicationsthatusetheSASAnalyticsPlatformrequiretheplatformtoberunasa midtierserver,whichprovidesaccesstoitsinstalledapplicationsviaremoteclients. SASEnterpriseMineralsoallowsyoutoruntheSASAnalyticsPlatformasanembeddedservice,so thatrunningamidtierserverisnotnecessary.RunningtheSASAnalyticsPlatforminthiswayis commonlyreferredtoasaPersonalWorkstationdeployment,andisusefulforuserswhopreferto havetheentireapplication(client,remote,andfoundationcomponents)availableononemachine, withoutanydependencyontheavailabilityofanetworkconnection. TheSASAnalyticsPlatformprovidesapplicationsacommonaccesspointtotheSASFoundation Services,theSASMetadataServer,andthevariousSASworkspaceserversdefinedinthemetadata server.
Page 1
Migration
TheSASDeploymentWizardcanbeusedtomigrateconfigurationpropertiesfromaSASAnalytics Platform1.4imagetoconfigureSASAnalyticsPlatform1.5usingamigrationpackagewhichwas createdusingtheSASMigrationUtility. TheSASMigrationUtilityssmu.propertiesfilecontainsapropertynamed SMU.apcore.migration.is_enabledwhichissettofalsebydefault.Onewillneedtochange thisvaluetotrueoncemigrationscriptsareavailableforallofthev913SASAnalyticsPlatformbased applications(SASEnterpriseMiner,SASForecastServer,SASModelManager,andSASWarranty Analysis)whichareconfiguredatthecustomerssite.TheSASMigrationUtilityonlyallowsa customersconfigurationtobemigratedonce,soifthereisaproductsuchasSASWarranty AnalysiswhosereleaseoccurslaterthanSASEnterpriseMiner,SASForecastServerandSASModel Manager,thenthecustomerwouldneedtoeitherwaituntilSASMigrationUtilityscriptswere availableforallconfiguredproductsorperformthemigrationwithoutmigratingSASWarranty Analysisconfiguration. WhenaSASAnalyticsPlatformconfigurationismigrateditwillusesomeoftheprevioussettingsas itsnewconfigurationdefaultsasdescribedbelow. Multicasting o Usesthev913multicastingpreferenceasthedefaultvaluefortheSASDeployment Wizardpromptusedtospecifywhethermulticastservicesshouldbeenabled. Usesthev913RMIsecuritymodepreferenceasthedefaultfortheSASDeployment Wizardpromptusedtospecifywhethernone,someorallRMIservicesaretobesecured usingtheJavaSecureSocketExtension(JSSE). Usesthev913RMIsecuritypreferencesasthedefaultvaluesfortheSASDeployment Wizardpromptsusedtoselectwhichcollectionsofservicesshouldbesecuredusing JSSE. RMIRegistry SASAnalyticsPlatform SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis TheoriginalportsettingsaredescribedintheSASAnalyticsPlatformServersmigrationpackage,but theirvaluesarenotmigratedsinceeachSASAnalyticsPlatform1.5configuredimagedefaultsto usingauniquesetofportswhichallowsonetoindependentlyconfigureuptotenimagessideby side.
RMISecurity o
Page 3
Configuration
TheSASDeploymentWizardisusedtobothinstallandconfiguretheSASAnalyticsPlatform.One mayoptionallymigrateaconfigurationfromav913SASAnalyticsPlatform.UsetheSAS DeploymentManagertounconfiguretheSASAnalyticsPlatform(seeUnconfiguringtheSAS AnalyticsPlatformServerusingtheSASDeploymentManageronpage12). TheSASDeploymentWizardwillpresentaseriesofpromptswhichwillrequireresponsesfromyou tospecifytheconfigurationforaSASAnalyticsPlatformServerassummarizedbelow. SASMetadataServer o host o port EmbeddedTomcatHTTPServer o whethertheembeddedHTTPservershouldbestarted o HTTPport Note: Thisprovidestheabilitytolaunchapplications,suchasSASEnterpriseMinerandSAS ForecastStudio,fromtheSASAnalyticsPlatformmonitorpageusingJavaWebStart. Ports o EmbeddedHTTPServerportTheportusedtocommunicatewiththeembeddedHTTP server. o RMIRegistryportTheportusedbytheRMIregistrytolistenforclientlookup requests.SASAnalyticsPlatformclientsonlyneedtoknowthehostnameandRMI registryporttolocatetheSASAnalyticsPlatformServer. RMIPlainTextportTheportusedbytheRMIserviceswhichusedefaultnonsecure sockets.IfJSSEsecurityisenabledforAllRMIservices,thisportisnotused. o RMISecureSocketsportTheportusedbyRMIserviceswhicharesecuredusingJSSE. ThisportisonlyusedwhenJSSEsecurityisenabled. SASAnalyticsPlatformStartup o AutomaticallystarttheSASAnalyticsPlatformServerThisisthedefaultbehavior. o EnableautomaticdiscoveryoftheserverviamulticastingThisoptionisnotenabledby default.YoushouldenablethisoptioniftheSASForecastServerclientapplicationneeds todiscoverSASAnalyticsPlatformServersbybroadcastingamulticastmessage. SASAnalyticsPlatformIPMulticast: IPMulticastPortthemulticastportusedtocommunicatepresenceofaSAS AnalyticsPlatformServertoapplications. IPMulticastNetaidPortthemulticastportusedtocommunicatepresenceofaSAS AnalyticsPlatformNetaidservertoapplications. IPMulticastTTLThemulticasttimetoliveparameterwhichcanbeusedto restrictthescopeofthemulticastcommunication. SASAnalyticsPlatformStartupTimeoutPeriodSpecifythetimetowaitfortheSAS AnalyticsPlatformtostartup.
Page 5
Securitymode o None(default)Usedefault,nonsecuresocketsforallRMIservices o SomeUseJSSEtosecureyourchoiceofthefollowinggroupsofRMIservices RMIRegistry SASAnalyticsPlatform SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis o AllUseJSSEtosecureallRMIservices Note:IfyouselecttosecureSomeorAllRMIservices,theremainderoftheSASAnalytics PlatformspecificSASDeploymentWizardscreenswillguideyouthroughcreatingaSAS AnalyticsPlatformcertificateandoptionallyimportingthatcertificateintothetruststore.The truststorefortheclientsideJRE(ifonanothermachine)mustbeconfiguredmanuallytoimport thecertificate.
Ports
Portsareallocatedinblocksof10correspondingtothe10levelswhichcanbeconfiguredonagiven machine,whereeachLevNimagedefaultstoauniqueport.ThefollowingtablesummarizestheSAS AnalyticsPlatformServersdefaultportsforeachlevel. Server Embedded Tomcat HTTP Server RMI Registry RMI Service RMI Service secured using JSSE Multicast Discovery Server Multicast Netaid Discovery Server IftheSASAnalyticsPlatformServerisprotectedbyafirewall(seeFirewallonpage28),thenone mustenabletheclientapplicationsaccessbyallowingthemtoopenconnectionstotheservers configuredports. Lev1 6401 6411 6421 6431 6441 6451 Lev2 6402 6412 6422 6432 6442 6452 Lev3 6403 6413 6423 6433 6443 6453 Lev4 6404 6414 6424 6434 6444 6454 Lev5 6405 6415 6425 6435 6445 6455 Lev6 6406 6416 6426 6436 6446 6456 Lev7 6407 6417 6427 6437 6447 6457 Lev8 6408 6418 6428 6438 6448 6458 Lev9 6409 6419 6429 6439 6449 6459 Lev0 6410 6420 6430 6440 6450 6460
RMI Services
ClientapplicationscommunicatewiththeSASAnalyticsPlatformServerusingRMIbasedservices. Bydefault,RMIservicesusedefaultsocketswhicharenotsecure.TheSASAnalyticsPlatformhas beencodedtoenableitsRMIservicestousesocketswhichcanbesecuredusingtheJavaSecure SocketsExtension(JSSE).ThefollowingapplicationsmaybeconfiguredtosecuretheirRMIservices usingJSSE: SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis
Description Use default (non-secure) sockets for RMI communication. Use JSSE to secure RMI communications based on preferences specified in the jsse_selection.config file. Use JSSE to secure RMI communications for all services which have been coded to support RMI security. Note that RMI services which have not been coded to add a capability to be secured will use default (non-secure) sockets.
All
IfthepersonwhoisconfiguringtheSASAnalyticsPlatformServerlacksappropriatepermissions, thenthecustomerwillneedtomanuallyconfigurethekeystoreandtruststoreasamanualpost configurationprocess. OnemaychoosetoeitherusethisapproachtoautomaticallyconfiguretheJSSEkeystoreanddefault truststore(JRE/lib/security/jssecacerts)oronemaychoosetomanuallyconfigurea keystoreand/ortruststore.Themotivationformanuallyconfiguringakeystorewouldbetousea certificatewhichhasbeenverifiedbyaCertificateAuthority,suchasVerisign.Useofsucha certificateeliminatestheneedtomanuallyconfigureatruststoreforaclientapplicationsJRE.These twoapproachesaresummarizedbelow.SeethesectionentitledSecuringRMIServicesUsingJSSE foradditionaldetails.
Self-Signed Certificate
IfsecurityisselectedforRMIServiceswhentheSASAnalyticsPlatformServerisconfiguredaself signedcertificatewillbecreatedintheJSSEkeystorespecifiedbytheuser.Bydefaultakeystore namedapcore.keystoreiscreatedintheSASAnalyticsPlatformsconfigurationdirectory,but analternatelocationmaybespecifiedifdesired. ThiscertificatewillautomaticallybeimportedintotheJREstruststore (JRE/lib/security/jssecacerts)iftheoptiontoimportthecertificateintothetruststoreis selectedwhentheSASAnalyticsPlatformServerisconfigured.Sinceonetruststoreissharedbyall LevNconfiguredimagesacertificatealiasofapcore_<LevelNumber>isused,sothateachLevN imageremainsindependent. IfaclientapplicationisonanothermachineorisconfiguredtouseadifferentJREthantheSAS AnalyticsPlatformServer,thenonemustmanuallyimporttheserverscertificateintotheclientJREs truststore. SeethesectionentitledUsingaSelfSignedCertificateforinformationwhichdescribeshowto importtheserverspubliccertificateintothedefaultJSSEtruststoreusedbyyourclientapplications.
ThedefaultmulticastaddressistheIPv4address239.192.65.80.SincetheSASForecastStudio clientisconfiguredtousethisIPv4address,thisaddressisnotconfigurableusingtheSAS DeploymentWizard. OnemayalsospecifytheTimeToLive(TTL)whichisthemaximumnumberofhostsadatagram maytransitbeforeitisdiscarded.Onemayspecifyavalueof0torestrictthedatagramtothe localhost. ThefollowingtablesummarizesthedefaultmulticastportsforeachLevNimage. Multicast Server Discovery Server Netaid Discovery Server Lev1 6441 6451 Lev2 6442 6452 Lev3 6443 6453 Lev4 6444 6454 Lev5 6445 6455 Lev6 6446 6456 Lev7 6447 6457 Lev8 6448 6458 Lev9 6449 6459 Lev0 6450 6460
Startup Options
TheSASAnalyticsPlatformServercanbeconfiguredtoautomaticallystartonceithasbeen configuredbytheSASDeploymentWizard.Astartuptimeoutdefinestheamountoftime,inunitsof seconds,beforeastartupattemptisdeemedafailure. Ifthisoptionisnotselected,thenonemustmanuallystarttheSASAnalyticsPlatformServerusingits script. Startuppreferences,includingtheminimumandmaximumheapsizefortheJVMaswellas additionalJVMoptionsmaybeconfigured.
10
Windows Service
IftheSASAnalyticsPlatformServerisconfiguredtobestartedasaserviceontheWindowsplatform, thenthefollowingdefaultswillbeusedtospecifytheservicesname,displaynameanddescription.
11
libIfanHTTPServerisenabledintheSASAnalyticsPlatformServer,thenthislib directorywillcontainitsWebapplicationarchive,sas.apps.session.war,whichis createdwhentheSASDeploymentWizardconfigurestheSASAnalyticsPlatformServeror whenoneusestheSASDeploymentManagertorebuildtheSASAnalyticsPlatformServer Webapplication.ThecustomermayalsoaddJavalibrary(.jar)filestothisdirectoryif necessary.NotethatSAS.jarfilesareobtainedfromtheSASVersionedJarRepository (VJR),sothislibdirectoryshouldnotcontainanySAS.jarfiles.Eachapplicationwill haveitsownlibdirectory(forexample,apps/EnterpriseMiner/lib, apps/ForecastServer/lib,etc.)toallowthecustomertoadd.jarsifnecessary. Logs -thisdirectorycontainslogfiles. Tempthisdirectorycontainstemporaryfiles. warsthisdirectoryisusedtorebuildWebarchivefilesfortheembeddedTomcatHTTP Server. workusedbytheinternalWebserverwhenenabled.
Unconfiguring the SAS Analytics Platform Server using the SAS Deployment Manager
IfitbecomesnecessarytounconfiguretheSASAnalyticsPlatformServerusingtheSASDeployment Manager,followthesesteps: 1. 2. StoptheSASAnalyticsServerusingitsscript(Windows:AnalyticsPlatform.bat stop ortheWindowsShortcutifinstalled;UNIX:AnalyticsPlatform.sh stop). StarttheSASDeploymentManager. a. SelecttheRemoveExistingConfigurationradiobutton. b. ChoosetheconfigurationtoberemovedfromtheSelectConfigurationDirectory table. c. e. SpecifytheuserIDandPasswordtobeusedtoconnecttotheSASMetdataServer. Unconfiguretheproducts. d. Selecttheproductswhicharetoberemoved.
12
Configuration Options
IfRMIservicesaretobesecuredusingtheJSSE,thenonemustconfiguretheSASAnalytics PlatformServerskeystoreusingoneofthefollowingtwoapproaches: Notethatifaselfsignedcertificateisused,thenonemustalsoconfiguretheclientJREs truststore(JRE/lib/security/jssecacerts). Thefollowingkeytoolproceduresareapplicabletousingaselfsignedcertificateandusinga certificatewhichhasbeensignedbyaCertificateAuthority. CreateKeystoreCertificateonpage14. ListCertificatesonpage15. DeleteCertificateonpage16. UsingaSelfSignedCertificateonpage17. UsingaCertificateSignedbyaCertificateAuthorityonpage20.
Page 13
4.
14
keytool genkey alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword keyalg RSA Thekeytoolwillthenpromptyoutospecifythefollowing: a. c. e. f. Enteryourfirstandlastname(forexample,MyWebSite). Enterthenameofyourorganization(forexample,MyOrganization). Enterthenameofyourstateorprovince(forexample,MyStateOrProvince). Enterthetwolettercountrycode(forexample,US).
b. Enterthenameofyourorganizationalunit(forexample,MyOrganizationalUnit). d. Enterthenameofyourcityorlocality(forexample,MyCity).
List Certificates
ThisprocedureisusedtoviewalistingofthecertificateswhicharedefinedinaJSSEkeystoreor truststore. Required Input keystores filename keystores password Forexample,todeleteacertificatefromtheJREsdefaultJSSEtruststore (JRE/lib/security/jssecacerts): 1. 2. 3. 4. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetothedirectorywhichcontainsthetruststorefile. Issuethefollowingcommandtodeletethecertificatefromthetruststorefile. Example apcore.keystore secretPassword
15
keytool list -keystore <keystoreFile> -storepass <keystorePassword> Forexample,tolistthecertificatesinthekeystorefileapcore.keystorewhose passwordissecretPasswordonewouldissuethefollowingcommand: keytool list -keystore apcore.keystore -storepass secretPassword
Delete Certificate
Thisprocedureisusedtodeleteacertificatefromakeystoreortruststore.Requiredinputsare describedinthefollowingtable. Required Input keystores filename keystores password certificates alias Forexample,todeleteacertificatefromtheJREsdefaultJSSEtruststore (JRE/lib/security/jssecacerts): 5. 6. 7. 8. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetothedirectorywhichcontainsthetruststorefile(JRE/lib/security). Issuethefollowingcommandtodeletethecertificatefromthetruststorefile. keytool delete alias <certificateAlias> -keystore <truststoreFile> -storepass <truststorePassword> Forexample,todeletethecertificatewhosealiasisanalyticsplatformfromthe truststorefilejssecacertswhosedefaultpasswordischangeitonewouldissue thefollowingcommand: keytool delete alias analyticsplatform -keystore jssecacerts -storepass changeit
16
17
3.
Changetoyourkeystoresdirectory.Chooseadirectorywhichdoesnotresideunderthe SASAnalyticsPlatformServersconfigurationdirectorystructuresincetheconfiguration directorywillbedeletedwhentheSASAnalyticsPlatformServerisunconfigured. Issuethefollowingcommandtocreateaselfsignedcertificateinyourkeystorefile. keytool export alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <certificate.cer> Forexample,toexportapubliccertificateforthealiasanalyticsplatformserverinthe keystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand: keytool export alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword file analyticsplatformserver.cer
4.
5.
Verifythatthekeytoolcreatedacertificatefilenamedanalyticsplatform.cer. Thisfilecontainstheserverspublicselfsignedcertificatewhichcanbeimportedintoa clientJREsdefaultJSSEtruststore(JRE/lib/security/jssecacerts)toenablethe clienttoconnecttoaSASAnalyticsPlatformsRMIserviceswhichhavebeensecured usingtheJSSE. UsetheImport Keystores Certificate into Truststoreprocedurebelowtoimport theserverspubliccertificateintotheclientJREstruststore (JRE/lib/security/jssecacerts).
6.
18
Notethatifthejssecacerts fileisfound,thenthesearchstopsandthecacertsfileisnot used.Perbestpracticerecommendations,theserverspubliccertificatewillbeimportedintoour clientJREsjssecacertsfilewhichcontainstheclientstrustedcertificates. Requiredinputsaredescribedinthefollowingtable. Required Input truststores filename truststores password certificates alias name of the file which contains the public certificate which was exported from the SAS Analytics Platform Servers keystore Forexample,toimporttheSASAnalyticsPlatformServerspubliccertificateintotheclientJREs defaultJSSEtruststore: 1. 2. 3. 4. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin ChangetoyourclientJREslib/securitydirectorywhichisthewheretheJSSEcode willsearchforthejssecacertsfile. IssuethefollowingcommandtoimporttheserverspubliccertificateintotheclientJREs truststorefile(JRE/lib/security/jssecacerts). keytool import alias <certificateAlias> -keystore <truststoreFile> -storepass <truststorePassword> file <analyticsplatfromserver.cer> Forexample,toimporttheserverspubliccertificateforthealias analyticsplatformserverintothetruststorefilejssecacerts,changetothe JRE/lib/securitydirectoryandthenissuethefollowingcommand: Example jssecacerts changeit analyticsplatformserver analyticsplatformserver.cer
19
keytool import alias analyticsplatformserver -keystore jssecacerts -storepass changeit file analyticsplatformserver.cer 5. UsetheList Certificatesprocedureonpage15toverifythatacertificatewhosealiasis analyticsplatformserverwascreatedinthejssecacerts truststore.
20
Required Input keystores filename keystores password certificates alias Name of the file which contains the Certificate Authoritys intermediate certificate.
Forexample,toimportVerisignsprimarycertificateintotheJRE/lib/security/cacerts file: 1. 2. 3. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Downloadtherootcertificatesfrom http://www.verisign.com/support/roots.html andunzipthefiletothe C:\tempdirectory. ChangetoyourJRE/lib/securitydirectorywheretheJREscacertsfileislocated. IssuethefollowingcommandtoimporttheCertificateAuthoritysintermediate certificateintoyourkeystorefile. keytool import alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <intermediateCA.cer> Forexample,toimportacertificateforthealiasintermediateCAintotheJREs cacertsfile,changetotheJRE/lib/securitydirectoryandthenissuethefollowing command: keytool import alias intermediateCA -keystore cacerts -storepass changeit file C:\temp\Root Download Package\Verisign Roots\PCA3ss_v4.509 IfthekeytoolreportsthattheCAscertificateisalreadypresentinthecacertsfile,then thereisnoneedtoreimportit.
4. 5.
21
4.
23
5.
4.
Forexample,toimportasignedcertificateforthealiasanalyticsplatformserverinthe keystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand: keytool import trustcacerts alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword file Cert.cer
25
26
Runtime
ThissectiondiscussesruntimeconsiderationsfortheSASAnalyticsPlatformServer.
Page 27
Firewall
TheapplicationswhosemiddletierisprovidedbytheSASAnalyticsPlatformcanhaveclients accesstheSASAnalyticsPlatformServerthroughafirewall.Toenableclientsoutsideofthe firewalltoaccesstheSASAnalyticsPlatformServer,itisnecessarytopermitclientcomputersto
28
ThefollowingtablesummarizesthedefaultportrequirementsforaLev1configuration: Lev1 Default Port 6401 6411 6421 6431 6441 Description If the embedded Tomcat HTTP Server was enabled during configuration, then this HTTP port must be opened bi-directionally. The RMI Registry port must be opened bi-directionally. If you configured the SAS Analytics Platform Server to not secure its RMI Services using the JSSE, then this port must be opened bi-directionally. If you configured the SAS Analytics Platform Server to secure its RMI Services using the JSSE, then this port needs to be open bi-directionally. If multicast services were enabled during configuration, then this multicast port must be opened to allow clients to access the multicast Discovery Service. This service is used by the Forecast Studio clients application logon dialogs Find Servers feature. If multicast services were enabled during configuration, then this multicast port must be opened to allow clients to access the multicast Netaid Discovery Service.
6451
WindowsXP(atServicePack2level)containsafirewallthatisoftenenabled.TheSecurity CenterWindowsFirewallexceptionsmustincludethefollowingforSASAnalyticsPlatform familyproducts(includingSASEnterpriseMiner,SASForecastStudio,SASInventory ManagementStudio,andSASModelManagementStudio)clientstobeabletoaccesstheSAS AnalyticsPlatformServer,andforotherSASJavaapplications.Defaultpathsareshown. SASAnalyticsPlatform,SASEnterpriseMiner,SASForecastStudio,SASModelManager,and SASWarrantyAnalysisproductsusetheSASprivateJREversion1.5orlater. C:\Program Files\SAS\Shared Files\JRE\1.5\bin SASAnalyticsPlatformfamilyproductJavaWebStart(JWS)clientsusethepubliclyinstalledSun Javalibrary,whichmustbeatversion1.5orlater.Atypicalinstallwouldlocatethelibraryin varyinglocations,butthedefaultis: C:\j2dk1.5.0_12\jre\bin or C:\Program Files\Java\jre1.5.0_12\bin Entriesinthefirewallexceptionlistareusuallysetupautomaticallybythesecuritycenter,butif thereisnoentryfortheSASprivateJREsjava.exeyoumustaddone.TheXPsecuritycenter testedaprogramtypeexceptionnamedJava,andwheneditedshowedthepathtotheSAS privateJREsjava.exeinthePath:fieldoftheexceptionproperties.
29
Testingindicatesthisistheonlyexceptionentrynecessary.Youmustchangethescopeofthe programentry(theresnoportentryinvolved)followingthesesteps: 1. 2. 3. 4. 5. LaunchtheSecurityCenter(fromControlPanel)andenterWindowsFirewall. SelecttheExceptionstabandtheJavaentryinthelist. ClickEdit.ThepathwillcontainthepathtotheJavalibrarynotedabove. ClicktheChangescopebutton. ThetightestsecurityisobtainedbyselectingtheCustomlistandenteringtheIPaddress oftheclientmachineitself,acomma,theIPaddressofthemachineonwhichtheSAS AnalyticsPlatformorsharedplatform(midtier)server(forSASEnterpriseMiner,SAS ForecastServerorSASModelManager)runs,aslash,andafullmask.Forexample, 192.168.9.73,192.168.9.83/255.255.255.255 ThealternativeistoeitherselecttheradiobuttonthatsaysMynetwork(subnet)onlyif theserverisinthesamesubnet,ortoselectAnycomputer(includingthoseonthe internet).SincetheseoptionsapplyonlyfortheSASprivatecopyofJavaandonlySAS EnterpriseMinerwilluseit,theresminimalriskinallowingeitheroption. 6. ClickOKrecursivelytoexitthefirewalldialogandthesettingsareactiveimmediately. ThiswillallowthatJavaprogramtocommunicateonanyportwithanythingrunningoneither machine.Thefirewallwillprotectthatprogramfromreceivinganythingonanyportfromany othermachineifyouusedtheCustomlistoption.
Administration o
Windows OntheWindowsplatformonemaystarttheSASAnalyticsPlatformServerConsoleusingeither itsWindowsshortcutoritsscript. UsetheWindowsshortcut: StartProgramsSASSASConfigurationConfigLevNAnalytics PlatformServerConsole:Start Issuethecommand: AnalyticsPlatformConsole.bat start UNIX OnaUNIXplatformoneshouldstarttheSASAnalyticsPlatformServerConsoleapplication usingthefollowingprocedure: 1. 2. 3. 4. 5. Openaterminalsession. EnsurethatanXserverisrunningandavailable. EnsurethattheDISPLAYenvironmentvariablepointsbacktothemachinebeingused foryourterminalsession. ChangetothedirectorywheretheSASAnalyticsPlatformServerisconfigured. Issuethecommand: ./AnalyticsPlatformConsole.sh start
Problems
AwarningdialogispresentedwithamessagethatsaysCouldnotreachtheAnalytics PlatformServerorServerisnotrunning.IftheSASAnalyticsPlatformServerisnot runningonthismachine,starttheSASAnalyticsPlatformServerandthentrytostartthe SASAnalyticsPlatformServerConsole.Iftheserverfailstostart,thenchecktheSAS AnalyticsPlatformlogfilestodeterminewhytheserverstartupfailed. (UNIX)ifyouseeamessagethatsaysAgraphicalscreenenvironmentisrequiredtorun theconsole,itmeansthatyourXenvironmentisnotsetupcorrectly.Makesureyou havesettheDISPLAYenvironmentvariabletopointbacktotheclientmachineyouare usingforyourterminalsession.
31
TheGeneraltabprovidesanoverviewoftheoverallstatusofthesystem.
TheApplicationstabdisplaysthelistofinstalledapplications,whethertheyhavebeenloaded, andthenumberofclientswhicharecurrentlyusingthatapplication.
32
TheUserstabdisplaystheuserswhichareonline,whentheirsessionstarted,andfromwhichIP addresstheyareconnected.
TheSASUsagetabdisplaysalistofactiveSASworkspacesessions.
33
35
36
JMX Consoles
TherearemanythirdpartyJMXconsoleswhichmaybeused.SomeofthemorepopulateJMX consolesare: jconsole MC4J jManage
SundiscussesMonitoringandManagementusingJMXusingitsjconsolewhichisavailableinthe JDKsbindirectory.LocalJMXaccessisenabledbydefiningtheproperty com.sun.management.jmxremote.Ajmx.configfile,locatedinthedirectorywherethe SASAnalyticsPlatformisconfigured,isprovidedtoenableonetoconfigureJMXproperties.One mayeditthejmx.configfiletospecifyadditionalpropertieswhichmayberequiredto configuretheapplicationtobeaccessedbyaparticularthirdpartyJMXconsole.Refertothethird partyJMXconsolesdocumentationfordetailswhichdescribehowtoconfiguretheapplication tobeaccessedbytheJMXconsole. TheJREmaybemonitoredusingthejconsoletoobserve: Threads Memory Classes MBeans VM
ThefollowingSASFoundationServicesalsoprovideMBeanswhichallowonetomanage runtimestate: DiscoveryServiceMBean o o Listserviceswhichcanbediscovered Getdetailsfordiscoverableservices Listloggingcontexts Changealoggingcontextspriority Getcountofallocatedloggingcontexts Getasummaryofallactivesessioncontexts Quiesce/resumetheSessionService DetermineiftheSessionServiceisquiesced Destroyalloraspecificsessioncontext Getalistofactiveusercontexts Destroyausercontext Getacountofauthenticatedusers Getacountofuserswhofailedtoauthenticate Getfailuredetails GetthedatetheUserServicewasstarted
37
LoggingServiceMBean o o o
SessionServiceMBean o o o o
UserServiceMBean o o o o o o
38
Troubleshooting
Thissectionprovidesinstructionstohelptroubleshoot. TheSASAnalyticsPlatformServerslogfile,AnalyticsPlatform.log,islocatedinitsLogs directory.IftheSASAnalyticsPlatformServerhasbeenconfiguredtobestartedasaWindows Service,thentheLogsdirectorywillalsocontaintheserviceslogfilewrapper.log.
Remote clients are unable to connect when the SAS Analytics Platform Server is running on a multi-homed machine
IftheSASAnalyticsPlatformServersmachineismultihomed,thenoneshoulddesignatetheIP addressofthehosttowhichtheclientwillconnectbysettingthe java.rmi.server.hostnamepropertyasanadditionalJVMoptionwhenconfiguringthe SASAnalyticsPlatformServer. 1. UnconfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentManager(see UnconfiguringtheSASAnalyticsPlatformServerusingtheSASDeploymentManager onpage12). ConfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentWizardand specify-Djava.rmi.server.hostname=ip-address-of-this-machineinthe AdditionalJVMOptionstextfield. Forexample: Djava.rmi.server.hostname=10.40.12.43
2.
The SAS Analytics Platform Server shuts down when your UNIX session is terminated
DependingontheprotocolinwhichyourUNIXsessionwasestablished,youmayfindthatthe SASAnalyticsPlatformServershutsdownwhenyourUNIXsessionisterminated.Inthiscase,it maybenecessarytounsetyourdisplaypriortostartingtheSASAnalyticsPlatformServer. Forexample: unset DISPLAY ./AnalyticsPlatform.sh start
The Forecast Studio application log on window fails to locate the SAS Analytics Platform Server using the Find Servers feature
Thiscanbecausedbythefollowingfactors: ThemulticastdiscoveryservicewasnotenabledintheSASAnalyticsPlatformServer. 1. UnconfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentManager (seeUnconfiguringtheSASAnalyticsPlatformServerusingtheSASDeployment Manageronpage12). 2. UsetheSASDeploymentWizardtoconfiguretheSASAnalyticsPlatformServerand enableitsmulticastdiscoveryserversbyselectingtheEnableautomaticdiscoveryof theserverviamulticastingcheckbox. 3. StarttheSASAnalyticsPlatformServerifitwasnotautomaticallystartedwhenthe SASDeploymentWizardconfiguredtheserver.
Page 39
TheSASForecastStudioclientapplicationisusingthewrongmulticastaddressandport fortheSASAnalyticsPlatformServersmulticastdiscoveryservice.Bydefault,theSAS ForecastStudioclientisconfiguredtousetheIPv4multicastaddress239.192.65.80 and6441forthemulticastportwhichcorrespondstothedefaultsforaLev1SAS AnalyticsPlatformServer.IftheSASAnalyticsPlatformServerhasbeenconfiguredto useadifferentmulticastaddressorport,thentheSASForecastStudioclientslaunch configurationmustbeupdatedtospecifythemulticastaddress/portusingasystem propertynamedsas.apcore.logon.netaid.multicast.servers. Forexample: -Dsas.apcore.logon.netaid.multicast.servers=239.192.65.80:7777 IfmultipleSASAnalyticsPlatformServersneedtobefoundandtheywereconfiguredto useamulticastaddress/portotherthan239.192.65.80:6441,thentheSAS ForecastStudioclientslaunchconfigurationmustbeupdatedtospecifythemulticast address/portsofthemulticastdiscoveryservicesfortheconfiguredSASAnalytics PlatformServers. Forexample: -Dsas.apcore.logon.netaid.multicast.servers=239.192.65.80:6441, 239.192.65.80:6442
When clicking the Java Web Start launch link, a prompt appears to save a jnlp file, instead of launching the application
IftheJavapluginisnotinstalledintheWebbrowser,thenonespecifythattheJavaWebStart executableshouldbeusedtoopenthejnlpfilewhichspecifiestheclientapplicationslaunch configuration.Therefore,youhavethefollowingoptions: UsingInternetExplorer(WindowsPlatform) 1. 2. InstallthefullJavaruntimeenvironmentbyvisitinghttp://www.java.comtoinstallthe JavapluginintoyourWebbrowser. RestartInternetExplorerandrevisittheJavaWebStartlinkforyourapplication.
40
3.
Whenpromptedwithchoicesonwhattodowiththefile,selectOtherfromtheOpen withdropdownlist.
4.
NavigatetowheretheSASprivateJREhasbeeninstalled.Forexample,C:\Program Files\SAS\Shared Files\JRE\1.5.0_12\bin and select the Java Web Start executable javaws.exe.
41
42
support.sas.com
SAS is the world leader in providing software and services that enable customers to transform data from all areas of their business into intelligence. SAS solutions help organizations make better, more informed decisions and maximize customer, supplier, and organizational relationships. For more than 30 years, SAS has been giving customers around the world The Power to Know. Visit us at www.sas.com.