You are on page 1of 48

Administrators Guide for SAS Analytics Platform 1.

Copyright Notice
Thecorrectbibliographiccitationforthismanualisasfollows:SASInstituteInc.,Administrators GuideforSASAnalyticsPlatform1.5,Cary,NC:SASInstituteInc.,2009. AdministratorsGuideforSASAnalyticsPlatform1.5 Copyright2009,SASInstituteInc.,Cary,NC,USA. Allrightsreserved.PrintedintheUnitedStatesofAmerica.Nopartofthispublicationmaybe reproduced,storedinaretrievalsystem,ortransmitted,byanyformorbyanymeans,electronic, mechanical,photocopying,orotherwise,withoutthepriorwrittenpermissionofthepublisher, SASInstituteInc.Limitedpermissionisgrantedtostorethecopyrightedmaterialinyoursystem anddisplayitonterminals,printonlythenumberofcopiesrequiredforusebythosepersons responsibleforinstallingandsupportingtheSASprogrammingandlicensedprogramsforwhich thismaterialhasbeenprovided,andtomodifythematerialtomeetspecificinstallation requirements.TheSASInstitutecopyrightnoticemustappearonallprintedversionsofthis materialorextractsthereofandonthedisplaymediumwhenthematerialisdisplayed. Permissionisnotgrantedtoreproduceordistributethematerialexceptasstatedabove. U.S.GovernmentRestrictedRightsNotice.Use,duplication,ordisclosureofthesoftwarebythe governmentissubjecttorestrictionsassetforthinFAR52.22719CommercialComputer SoftwareRestrictedRights(June1987). SASInstituteInc.,SASCampusDrive,Cary,NorthCarolina27513. SASandallotherSASInstituteInc.productorservicenamesareregisteredtrademarksor trademarksofSASInstituteInc.intheUSAandothercountries.
indicatesUSAregistration.

Otherbrandandproductnamesaretrademarksoftheirrespectivecompanies.

Table of Contents Introduction .............................................................................................................. 1 Migration................................................................................................................... 3 Configuration ........................................................................................................... 5


Ports .............................................................................................................. 6 Embedded Tomcat HTTP Server...................................................................... 6 SAS Foundation Services ................................................................................ 7 RMI Services .................................................................................................. 7 Multicast Discovery Servers ......................................................................... 10 Startup Options ............................................................................................ 10 Windows Service .......................................................................................... 11 File System Layout ....................................................................................... 11 Unconfiguring the SAS Analytics Platform Server using the SAS Deployment Manager ................................................................................... 12

Securing RMI Services Using JSSE ..................................................................... 13


Configuration Options .................................................................................. 13
Create Keystore Certificate ........................................................................................ 14 List Certificates ........................................................................................................ 15 Delete Certificate ..................................................................................................... 16

Using a Self-Signed Certificate ..................................................................... 17


Export Certificate from Keystore ................................................................................. 17 Import Keystores Certificate into Truststore ................................................................ 18

Using a Certificate Signed by a Certificate Authority .................................... 20


Import CAs Primary Certificate into JRE/lib/security/cacerts ........................................... Import CAs Intermediate Certificate into JRE/lib/security/cacerts.................................... Generate Certificate Signature Request (CSR) .............................................................. Submit CSR to Certificate Authority (CA) ..................................................................... Import Certificate Authoritys Reply into Keystore ......................................................... 20 22 23 24 24

Runtime .................................................................................................................. 27
Starting the SAS Analytics Platform Server .................................................. 27
Starting the SAS Analytics Platform Server under Windows ............................................ 27 Starting the SAS Analytics Platform Server under UNIX.................................................. 27

Stopping the SAS Analytics Platform Server ................................................. 28


Stopping the SAS Analytics Platform under Windows ..................................................... 28 Stopping the SAS Analytics Platform under UNIX .......................................................... 28

SAS Enterprise Miner Personal Workstation ................................................. 28 Firewall ........................................................................................................ 28 Monitoring the SAS Analytics Platform Server .............................................. 30
Monitoring Using the Analytics Platform Console Application ........................................... 30 Monitoring Using a Web Browser ................................................................................ 34 Monitoring Using a JMX Console ................................................................................. 36

Java Web Start Client Considerations ........................................................... 38 Windows Service Administration .................................................................. 38

Troubleshooting..................................................................................................... 39

i 15 December 2009

ii

Introduction
TheSASAnalyticsPlatformprovidesacommonapplicationframeworkforthefollowinganalytical applications: SASEnterpriseMiner/SASTextMiner SASForecastServer SASModelManager SASWarrantyAnalysis

Centralizingcommonapplicationfunctionalityintooneinstallablecomponentsimplifiestheoverall installationandadministrationprocessfortheseapplications,especiallywhenonetakesadvantageof theserverfunctionalityoftheSASAnalyticsPlatform. MostanalyticsapplicationsthatusetheSASAnalyticsPlatformrequiretheplatformtoberunasa midtierserver,whichprovidesaccesstoitsinstalledapplicationsviaremoteclients. SASEnterpriseMineralsoallowsyoutoruntheSASAnalyticsPlatformasanembeddedservice,so thatrunningamidtierserverisnotnecessary.RunningtheSASAnalyticsPlatforminthiswayis commonlyreferredtoasaPersonalWorkstationdeployment,andisusefulforuserswhopreferto havetheentireapplication(client,remote,andfoundationcomponents)availableononemachine, withoutanydependencyontheavailabilityofanetworkconnection. TheSASAnalyticsPlatformprovidesapplicationsacommonaccesspointtotheSASFoundation Services,theSASMetadataServer,andthevariousSASworkspaceserversdefinedinthemetadata server.

Page 1

Administrators Guide for SAS Analytics Platform 1.5

Migration
TheSASDeploymentWizardcanbeusedtomigrateconfigurationpropertiesfromaSASAnalytics Platform1.4imagetoconfigureSASAnalyticsPlatform1.5usingamigrationpackagewhichwas createdusingtheSASMigrationUtility. TheSASMigrationUtilityssmu.propertiesfilecontainsapropertynamed SMU.apcore.migration.is_enabledwhichissettofalsebydefault.Onewillneedtochange thisvaluetotrueoncemigrationscriptsareavailableforallofthev913SASAnalyticsPlatformbased applications(SASEnterpriseMiner,SASForecastServer,SASModelManager,andSASWarranty Analysis)whichareconfiguredatthecustomerssite.TheSASMigrationUtilityonlyallowsa customersconfigurationtobemigratedonce,soifthereisaproductsuchasSASWarranty AnalysiswhosereleaseoccurslaterthanSASEnterpriseMiner,SASForecastServerandSASModel Manager,thenthecustomerwouldneedtoeitherwaituntilSASMigrationUtilityscriptswere availableforallconfiguredproductsorperformthemigrationwithoutmigratingSASWarranty Analysisconfiguration. WhenaSASAnalyticsPlatformconfigurationismigrateditwillusesomeoftheprevioussettingsas itsnewconfigurationdefaultsasdescribedbelow. Multicasting o Usesthev913multicastingpreferenceasthedefaultvaluefortheSASDeployment Wizardpromptusedtospecifywhethermulticastservicesshouldbeenabled. Usesthev913RMIsecuritymodepreferenceasthedefaultfortheSASDeployment Wizardpromptusedtospecifywhethernone,someorallRMIservicesaretobesecured usingtheJavaSecureSocketExtension(JSSE). Usesthev913RMIsecuritypreferencesasthedefaultvaluesfortheSASDeployment Wizardpromptsusedtoselectwhichcollectionsofservicesshouldbesecuredusing JSSE. RMIRegistry SASAnalyticsPlatform SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis TheoriginalportsettingsaredescribedintheSASAnalyticsPlatformServersmigrationpackage,but theirvaluesarenotmigratedsinceeachSASAnalyticsPlatform1.5configuredimagedefaultsto usingauniquesetofportswhichallowsonetoindependentlyconfigureuptotenimagessideby side.

RMISecurity o

Page 3

Administrators Guide for SAS Analytics Platform 1.5

Configuration
TheSASDeploymentWizardisusedtobothinstallandconfiguretheSASAnalyticsPlatform.One mayoptionallymigrateaconfigurationfromav913SASAnalyticsPlatform.UsetheSAS DeploymentManagertounconfiguretheSASAnalyticsPlatform(seeUnconfiguringtheSAS AnalyticsPlatformServerusingtheSASDeploymentManageronpage12). TheSASDeploymentWizardwillpresentaseriesofpromptswhichwillrequireresponsesfromyou tospecifytheconfigurationforaSASAnalyticsPlatformServerassummarizedbelow. SASMetadataServer o host o port EmbeddedTomcatHTTPServer o whethertheembeddedHTTPservershouldbestarted o HTTPport Note: Thisprovidestheabilitytolaunchapplications,suchasSASEnterpriseMinerandSAS ForecastStudio,fromtheSASAnalyticsPlatformmonitorpageusingJavaWebStart. Ports o EmbeddedHTTPServerportTheportusedtocommunicatewiththeembeddedHTTP server. o RMIRegistryportTheportusedbytheRMIregistrytolistenforclientlookup requests.SASAnalyticsPlatformclientsonlyneedtoknowthehostnameandRMI registryporttolocatetheSASAnalyticsPlatformServer. RMIPlainTextportTheportusedbytheRMIserviceswhichusedefaultnonsecure sockets.IfJSSEsecurityisenabledforAllRMIservices,thisportisnotused. o RMISecureSocketsportTheportusedbyRMIserviceswhicharesecuredusingJSSE. ThisportisonlyusedwhenJSSEsecurityisenabled. SASAnalyticsPlatformStartup o AutomaticallystarttheSASAnalyticsPlatformServerThisisthedefaultbehavior. o EnableautomaticdiscoveryoftheserverviamulticastingThisoptionisnotenabledby default.YoushouldenablethisoptioniftheSASForecastServerclientapplicationneeds todiscoverSASAnalyticsPlatformServersbybroadcastingamulticastmessage. SASAnalyticsPlatformIPMulticast: IPMulticastPortthemulticastportusedtocommunicatepresenceofaSAS AnalyticsPlatformServertoapplications. IPMulticastNetaidPortthemulticastportusedtocommunicatepresenceofaSAS AnalyticsPlatformNetaidservertoapplications. IPMulticastTTLThemulticasttimetoliveparameterwhichcanbeusedto restrictthescopeofthemulticastcommunication. SASAnalyticsPlatformStartupTimeoutPeriodSpecifythetimetowaitfortheSAS AnalyticsPlatformtostartup.

Page 5

Administrators Guide for SAS Analytics Platform 1.5

Securitymode o None(default)Usedefault,nonsecuresocketsforallRMIservices o SomeUseJSSEtosecureyourchoiceofthefollowinggroupsofRMIservices RMIRegistry SASAnalyticsPlatform SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis o AllUseJSSEtosecureallRMIservices Note:IfyouselecttosecureSomeorAllRMIservices,theremainderoftheSASAnalytics PlatformspecificSASDeploymentWizardscreenswillguideyouthroughcreatingaSAS AnalyticsPlatformcertificateandoptionallyimportingthatcertificateintothetruststore.The truststorefortheclientsideJRE(ifonanothermachine)mustbeconfiguredmanuallytoimport thecertificate.

Ports
Portsareallocatedinblocksof10correspondingtothe10levelswhichcanbeconfiguredonagiven machine,whereeachLevNimagedefaultstoauniqueport.ThefollowingtablesummarizestheSAS AnalyticsPlatformServersdefaultportsforeachlevel. Server Embedded Tomcat HTTP Server RMI Registry RMI Service RMI Service secured using JSSE Multicast Discovery Server Multicast Netaid Discovery Server IftheSASAnalyticsPlatformServerisprotectedbyafirewall(seeFirewallonpage28),thenone mustenabletheclientapplicationsaccessbyallowingthemtoopenconnectionstotheservers configuredports. Lev1 6401 6411 6421 6431 6441 6451 Lev2 6402 6412 6422 6432 6442 6452 Lev3 6403 6413 6423 6433 6443 6453 Lev4 6404 6414 6424 6434 6444 6454 Lev5 6405 6415 6425 6435 6445 6455 Lev6 6406 6416 6426 6436 6446 6456 Lev7 6407 6417 6427 6437 6447 6457 Lev8 6408 6418 6428 6438 6448 6458 Lev9 6409 6419 6429 6439 6449 6459 Lev0 6410 6420 6430 6440 6450 6460

Embedded Tomcat HTTP Server


TheSASAnalyticsPlatformServercanbeconfiguredtostartanembeddedTomcatHTTPServer withintheSASAnalyticsPlatformServersJavaVirtualMachine(JVM). TheSASAnalyticsPlatformServersWebapplicationallowsoneto: launchconfiguredapplications viewtheserversruntimestatus viewtheserversconfiguration

Administrators Guide for SAS Analytics Platform 1.5

AnadvancedconfigurationoptionmaybeusedtospecifywhetheraWebclientsaccesstotheSAS AnalyticsPlatformServersWebapplicationshouldbefilteredbasedupontheIPaddressassociated withtheclientsHTTPrequest.ThisallowsonetocontrolwhichWebapplicationfeaturesare presentedtoaclient.Notethattheremoteaddressmaybetheaddressofaproxyserver.Bydefault, thisfilterisdisabled. Duringconfiguration,iftheStatusFilterisenabled,thenonewillbepromptedtolisttheIPaddresses whichareallowedtoaccesstheSASAnalyticsPlatformsapplications,statusandconfiguration.By defaultrequestsfromallIPaddressesmayaccessapplications,butonlyrequestsfromthelocal machinemayaccesstheSASAnalyticsPlatformsstatusandconfiguration.

SAS Foundation Services


TheSASAnalyticsPlatformServerwillloadmetadatadescribingitsSASFoundationServicesinto theSASMetadataServerwhenitisconfigured.ThisFoundationServicesdeploymentmetadata definestheconfigurationforthefollowingserviceswhichareusedbytheSASAnalyticsPlatform Server: AuthenticationService InformationService LoggingService SessionService StoredProcessService UserService

RMI Services
ClientapplicationscommunicatewiththeSASAnalyticsPlatformServerusingRMIbasedservices. Bydefault,RMIservicesusedefaultsocketswhicharenotsecure.TheSASAnalyticsPlatformhas beencodedtoenableitsRMIservicestousesocketswhichcanbesecuredusingtheJavaSecure SocketsExtension(JSSE).ThefollowingapplicationsmaybeconfiguredtosecuretheirRMIservices usingJSSE: SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis

TheJSSEReference,locatedat http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html, providesaguidetotheJSSE. Onemayspecifytosecurenone,someorallRMIcommunicationsasdescribedinthefollowingtable.

Administrators Guide for SAS Analytics Platform 1.5

Mode None Some

Description Use default (non-secure) sockets for RMI communication. Use JSSE to secure RMI communications based on preferences specified in the jsse_selection.config file. Use JSSE to secure RMI communications for all services which have been coded to support RMI security. Note that RMI services which have not been coded to add a capability to be secured will use default (non-secure) sockets.

All

IfRMIservicesaretobesecuredusingJSSE,thenonemustconfigureaJSSEkeystorefortheSAS AnalyticsPlatformServer.IfRMIservicesaretobesecured,thenaJSSEkeystoreisconfiguredwitha selfsignedcertificatewhosedistinguishednamewasspecifiedwhentheSASAnalyticsPlatform ServerwasconfiguredusingtheSASDeploymentWizardwhichwillpromptforthecertificates distinguishednameasshownbelow.

AllconfiguredLevNimagesshareacommonJRE.PerJSSEbestpractices,theJREsdefaultJSSE truststore(JRE/lib/security/jssecacerts)willbeused.Passwordstoaccessboththekeystore andtruststoremustbespecifiedwhentheSASAnalyticsPlatformServerisconfigured.TheSAS AnalyticsPlatformServersSASDeploymentWizardconfigurationscriptwillconfigureboththe keystoreandtruststoreassumingthatthepersonispermittedtoexecutetheJREskeytoolandhas writepermissiontotheJRE/lib/securitydirectorywherethejssecacertstruststorefileis located.

Administrators Guide for SAS Analytics Platform 1.5

IfthepersonwhoisconfiguringtheSASAnalyticsPlatformServerlacksappropriatepermissions, thenthecustomerwillneedtomanuallyconfigurethekeystoreandtruststoreasamanualpost configurationprocess. OnemaychoosetoeitherusethisapproachtoautomaticallyconfiguretheJSSEkeystoreanddefault truststore(JRE/lib/security/jssecacerts)oronemaychoosetomanuallyconfigurea keystoreand/ortruststore.Themotivationformanuallyconfiguringakeystorewouldbetousea certificatewhichhasbeenverifiedbyaCertificateAuthority,suchasVerisign.Useofsucha certificateeliminatestheneedtomanuallyconfigureatruststoreforaclientapplicationsJRE.These twoapproachesaresummarizedbelow.SeethesectionentitledSecuringRMIServicesUsingJSSE foradditionaldetails.

Self-Signed Certificate
IfsecurityisselectedforRMIServiceswhentheSASAnalyticsPlatformServerisconfiguredaself signedcertificatewillbecreatedintheJSSEkeystorespecifiedbytheuser.Bydefaultakeystore namedapcore.keystoreiscreatedintheSASAnalyticsPlatformsconfigurationdirectory,but analternatelocationmaybespecifiedifdesired. ThiscertificatewillautomaticallybeimportedintotheJREstruststore (JRE/lib/security/jssecacerts)iftheoptiontoimportthecertificateintothetruststoreis selectedwhentheSASAnalyticsPlatformServerisconfigured.Sinceonetruststoreissharedbyall LevNconfiguredimagesacertificatealiasofapcore_<LevelNumber>isused,sothateachLevN imageremainsindependent. IfaclientapplicationisonanothermachineorisconfiguredtouseadifferentJREthantheSAS AnalyticsPlatformServer,thenonemustmanuallyimporttheserverscertificateintotheclientJREs truststore. SeethesectionentitledUsingaSelfSignedCertificateforinformationwhichdescribeshowto importtheserverspubliccertificateintothedefaultJSSEtruststoreusedbyyourclientapplications.

Certificate Authority Signed Certificate


AnotheroptionistohaveaCertificateAuthority(CA),suchasVerisign,signyourcertificate,sothat youdontneedtoconfiguretheclientJREstruststore.Inthiscase,whentheclientapplication attemptstoconnecttotheSASAnalyticsPlatformServeritwillpromptitsusertoaccepttheservers certificatewhichhasbeensignedbytheCA. Duringconfiguration,onemayoptionallycreateacertificatesignaturerequest(CSR)fileforthe certificatewhichhasbeencreatedinthekeystore.ThisCSRfilecanbesubmittedtoaCertificate Authority(CA)suchasVeriSigntobesigned.TheCAwillreturnasignedcertificatewhichwillneed tobeloadedintothekeystoreusingtheJREskeytoolutility. ItisrecommendedthatthekeystoreiscreatedinadirectorywhichdoesnotresidewithintheSAS AnalyticsPlatformconfigurationdirectorywhichisdeletedwhentheSASAnalyticsPlatformServer isunconfigured.AlsonotethatifmultipleLevNimagesareconfigured,thatonemaywanttosharea keystoreamongallconfiguredLevNimagesratherthanindividuallyconfiguringakeystoreforeach LevNimage. SeeUsingaCertificateSignedbyaCertificateAuthorityonpage20whichdescribeshowto manuallyconfiguretheSASAnalyticsPlatformServerskeystoretouseacertificatewhichhasbeen signedbyaCA.

Administrators Guide for SAS Analytics Platform 1.5

Securing Selected Services


IftheuserdecidesthatsecurityisonlyrequiredforsomeoftheRMIservices,thentheusermay selecttheSomesecuritymodeandthenselectthegroupsofserviceswhichneedtobesecuredusing JSSE. RMIRegistry SASAnalyticsPlatform SASEnterpriseMiner SASForecastServer SASModelManager SASWarrantyAnalysis

Forexample,onemayspecifythattheSASAnalyticsPlatform,RMIRegistryandSASEnterprise MinerservicesaretobesecuredusingJSSEwhiletheSASForecastServer,SASModelManagerand SASWarrantyAnalysisserviceswillnotbesecured.

Multicast Discovery Servers


TheSASAnalyticsPlatformServermaybeconfiguredtoenabletwomulticastdiscoveryservers. MulticastdiscoveryserversaredisabledbydefaultsinceonlytheSASForecastServerapplication usesthisfeature.IfMulticastDiscoveryisenabled,thenonecanconfigurethemulticastaddressand portsforthefollowingmulticastservers: DiscoveryServerusedtoobtainruntimestatus NetAidDiscoveryServerusedbyclientstolocateSASAnalyticsPlatformServers

ThedefaultmulticastaddressistheIPv4address239.192.65.80.SincetheSASForecastStudio clientisconfiguredtousethisIPv4address,thisaddressisnotconfigurableusingtheSAS DeploymentWizard. OnemayalsospecifytheTimeToLive(TTL)whichisthemaximumnumberofhostsadatagram maytransitbeforeitisdiscarded.Onemayspecifyavalueof0torestrictthedatagramtothe localhost. ThefollowingtablesummarizesthedefaultmulticastportsforeachLevNimage. Multicast Server Discovery Server Netaid Discovery Server Lev1 6441 6451 Lev2 6442 6452 Lev3 6443 6453 Lev4 6444 6454 Lev5 6445 6455 Lev6 6446 6456 Lev7 6447 6457 Lev8 6448 6458 Lev9 6449 6459 Lev0 6450 6460

Startup Options
TheSASAnalyticsPlatformServercanbeconfiguredtoautomaticallystartonceithasbeen configuredbytheSASDeploymentWizard.Astartuptimeoutdefinestheamountoftime,inunitsof seconds,beforeastartupattemptisdeemedafailure. Ifthisoptionisnotselected,thenonemustmanuallystarttheSASAnalyticsPlatformServerusingits script. Startuppreferences,includingtheminimumandmaximumheapsizefortheJVMaswellas additionalJVMoptionsmaybeconfigured.

10

Administrators Guide for SAS Analytics Platform 1.5

IftheSASAnalyticsPlatformServerisconfiguredonamultihomedmachine,thenoneshould specifythejava.rmi.server.hostnamepropertyasanadditionalJVMoption(forexample, -Djava.rmi.server.hostname=10.192.33.45)

Windows Service
IftheSASAnalyticsPlatformServerisconfiguredtobestartedasaserviceontheWindowsplatform, thenthefollowingdefaultswillbeusedtospecifytheservicesname,displaynameanddescription.

File System Layout


TheSASAnalyticsPlatformconfiguresintoadirectorywhoselocationisspecifiedbytheSAS DeploymentWizard.Thisdirectorycontainsscriptsusedtostart/stoptheapplication,configuration filesandthefollowingsubdirectories: appstheapplicationsdirectoryintowhichindividualapplicationsareconfigured,each withintheirownsubdirectory.Forexample: o EnterpriseMiner o ForecastServer o ModelManager o WarrantyAnalyisis conftheconfigurationdirectoryfortheembeddedTomcatHTTPServer.

11

Administrators Guide for SAS Analytics Platform 1.5

libIfanHTTPServerisenabledintheSASAnalyticsPlatformServer,thenthislib directorywillcontainitsWebapplicationarchive,sas.apps.session.war,whichis createdwhentheSASDeploymentWizardconfigurestheSASAnalyticsPlatformServeror whenoneusestheSASDeploymentManagertorebuildtheSASAnalyticsPlatformServer Webapplication.ThecustomermayalsoaddJavalibrary(.jar)filestothisdirectoryif necessary.NotethatSAS.jarfilesareobtainedfromtheSASVersionedJarRepository (VJR),sothislibdirectoryshouldnotcontainanySAS.jarfiles.Eachapplicationwill haveitsownlibdirectory(forexample,apps/EnterpriseMiner/lib, apps/ForecastServer/lib,etc.)toallowthecustomertoadd.jarsifnecessary. Logs -thisdirectorycontainslogfiles. Tempthisdirectorycontainstemporaryfiles. warsthisdirectoryisusedtorebuildWebarchivefilesfortheembeddedTomcatHTTP Server. workusedbytheinternalWebserverwhenenabled.

Unconfiguring the SAS Analytics Platform Server using the SAS Deployment Manager
IfitbecomesnecessarytounconfiguretheSASAnalyticsPlatformServerusingtheSASDeployment Manager,followthesesteps: 1. 2. StoptheSASAnalyticsServerusingitsscript(Windows:AnalyticsPlatform.bat stop ortheWindowsShortcutifinstalled;UNIX:AnalyticsPlatform.sh stop). StarttheSASDeploymentManager. a. SelecttheRemoveExistingConfigurationradiobutton. b. ChoosetheconfigurationtoberemovedfromtheSelectConfigurationDirectory table. c. e. SpecifytheuserIDandPasswordtobeusedtoconnecttotheSASMetdataServer. Unconfiguretheproducts. d. Selecttheproductswhicharetoberemoved.

12

Securing RMI Services Using JSSE


Thissectiondescribesprocedureswhichmaybeusedtoconfiguretheserverskeystoreandthe clientJREstruststoretoenableaclienttoaccesstheSASAnalyticsPlatformServersRMI servicesiftheyhavebeenconfiguredtobesecuredusingtheJavaSecureSocketExtension(JSSE). InstructionsareprovidedforkeytoolprocedureswhichmaybeusedtoconfigureaJSSEkeystore fortheSASAnalyticsPlatformServerandtoconfigureaclientapplicationJREstruststore.These proceduresmaybeusedtomanuallyconfigureJSSEkeystoreandoptionallyclientJRE truststoresiftheSASAnalyticsPlatformServersRMIserviceshavebeenconfiguredtobe securedusingtheJSSE. FormoreinformationaboutworkingtheJavasKeyandCertificateManagementTool, keytool,visitthefollowingsites: KeyandCertificateManagementToolforWindowsat http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html. KeyandCertificateManagementToolforSolarisandLinuxat http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html.

Configuration Options
IfRMIservicesaretobesecuredusingtheJSSE,thenonemustconfiguretheSASAnalytics PlatformServerskeystoreusingoneofthefollowingtwoapproaches: Notethatifaselfsignedcertificateisused,thenonemustalsoconfiguretheclientJREs truststore(JRE/lib/security/jssecacerts). Thefollowingkeytoolproceduresareapplicabletousingaselfsignedcertificateandusinga certificatewhichhasbeensignedbyaCertificateAuthority. CreateKeystoreCertificateonpage14. ListCertificatesonpage15. DeleteCertificateonpage16. UsingaSelfSignedCertificateonpage17. UsingaCertificateSignedbyaCertificateAuthorityonpage20.

Page 13

Administrators Guide for SAS Analytics Platform 1.5

Create Keystore Certificate


ThisprocedureisusedtocreateaselfsignedcertificateinaJSSEkeystoreforusebytheSAS AnalyticsPlatformServer.Requiredinputsaredescribedinthefollowingtable. Required Input keystores filename key algorithm keystores password certificates alias certificates distinguished name Example apcore.keystore RSA secretPassword analyticsplatformserver CN=MyWebSite OU=MyOrganizationalUnit O=MyOrganization L=MyCity ST=MyStateOrProvince C=US Forexample,tocreateacertificatefortheSASAnalyticsPlatformServerskeystore: 1. 2. 3. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetoyourkeystoresdirectory.Chooseadirectorywhichdoesnotresideunderthe SASAnalyticsPlatformServersconfigurationdirectorysincetheconfigurationdirectory willbedeletedwhentheSASAnalyticsPlatformServerisunconfigured. Issuethefollowingcommandtocreateaselfsignedcertificateinyourkeystorefile. keytool genkey alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> keyalg <keyAlgorithm> Forexample,tocreateacertificatewhosealiasisanalyticsplatformserverinthe keystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand:

4.

14

Administrators Guide for SAS Analytics Platform 1.5

keytool genkey alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword keyalg RSA Thekeytoolwillthenpromptyoutospecifythefollowing: a. c. e. f. Enteryourfirstandlastname(forexample,MyWebSite). Enterthenameofyourorganization(forexample,MyOrganization). Enterthenameofyourstateorprovince(forexample,MyStateOrProvince). Enterthetwolettercountrycode(forexample,US).

b. Enterthenameofyourorganizationalunit(forexample,MyOrganizationalUnit). d. Enterthenameofyourcityorlocality(forexample,MyCity).

g. Ifyouaresatisfiedwiththeinformationthatyouenteredintheprevioussteps, enteryattheprompt. h. Accepttheprompttousethekeystorespasswordasthecertificatespassword. 5. 6. Verifythatthekeytoolcreatedakeystorefilenamedapcore.keystore. UsetheList Certificatesproceduredescribedonpage15toverifythatacertificate whosealiasisanalyticsplatformserverwascreatedinthekeystore.

List Certificates
ThisprocedureisusedtoviewalistingofthecertificateswhicharedefinedinaJSSEkeystoreor truststore. Required Input keystores filename keystores password Forexample,todeleteacertificatefromtheJREsdefaultJSSEtruststore (JRE/lib/security/jssecacerts): 1. 2. 3. 4. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetothedirectorywhichcontainsthetruststorefile. Issuethefollowingcommandtodeletethecertificatefromthetruststorefile. Example apcore.keystore secretPassword

15

Administrators Guide for SAS Analytics Platform 1.5

keytool list -keystore <keystoreFile> -storepass <keystorePassword> Forexample,tolistthecertificatesinthekeystorefileapcore.keystorewhose passwordissecretPasswordonewouldissuethefollowingcommand: keytool list -keystore apcore.keystore -storepass secretPassword

Delete Certificate
Thisprocedureisusedtodeleteacertificatefromakeystoreortruststore.Requiredinputsare describedinthefollowingtable. Required Input keystores filename keystores password certificates alias Forexample,todeleteacertificatefromtheJREsdefaultJSSEtruststore (JRE/lib/security/jssecacerts): 5. 6. 7. 8. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetothedirectorywhichcontainsthetruststorefile(JRE/lib/security). Issuethefollowingcommandtodeletethecertificatefromthetruststorefile. keytool delete alias <certificateAlias> -keystore <truststoreFile> -storepass <truststorePassword> Forexample,todeletethecertificatewhosealiasisanalyticsplatformfromthe truststorefilejssecacertswhosedefaultpasswordischangeitonewouldissue thefollowingcommand: keytool delete alias analyticsplatform -keystore jssecacerts -storepass changeit
16

Example jssecacerts changeit analyticsplatform

Administrators Guide for SAS Analytics Platform 1.5

Using a Self-Signed Certificate


IfsecurityisselectedforRMIServiceswhentheSASAnalyticsPlatformServerisconfigureda selfsignedcertificatewillbecreatedintheJSSEkeystore.Bydefaultakeystorenamed apcore.keystoreiscreatedintheSASAnalyticsPlatformsconfigurationdirectory,butan alternatelocationmaybespecifiedifdesired. ThiscertificatewillbeimportedintotheJREsdefaulttruststore (JRE/lib/security/jssecacerts)iftheoptiontoimportthecertificateintothetruststoreis selectedwhentheSASAnalyticsPlatformServerisconfigured.Sinceonetruststoreissharedby allLevNconfiguredimagesacertificatealiasofapcore_<LevelNumber>(forexample, apcore_1foraLev1image)isused,sothateachLevNimageremainsindependent. IfaclientapplicationisonanothermachineorisconfiguredtouseadifferentJREthantheSAS AnalyticsPlatformServer,thenonemustmanuallyimporttheserverscertificateintotheclient JREstruststore. UsethisapproachifyoudonotwanttohaveaCertificateAuthoritysignacertificatefortheSAS AnalyticsPlatformServerandwillensurethattheserverspublicselfsignedcertificateis importedintotheJREsdefaulttruststoreusedbyallclientapplications.Usethefollowing proceduretoconfigureaselfsignedcertificateintheserverskeystoreandthenimportthe serverspubliccertificateintotheclientJREstruststore. 1. 2. 3. CreateKeystoreCertificateonpage14. ExportCertificatefromKeystoreonpage17. ImportKeystoresCertificateintoTruststoreonpage18(foreachclientJRE).

Export Certificate from Keystore


ThisprocedureisusedtoexportacertificatefromaJSSEkeystore.Requiredinputsaredescribed inthefollowingtable. Required Input keystores filename keystores password certificates alias name of the output file created by the keytool which will contain the servers public certificate Forexample,tocreateacertificatefortheSASAnalyticsPlatformServerskeystore: 1. 2. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Example apcore.keystore secretPassword analyticsplatformserver analyticsplatformserver.cer

17

Administrators Guide for SAS Analytics Platform 1.5

3.

Changetoyourkeystoresdirectory.Chooseadirectorywhichdoesnotresideunderthe SASAnalyticsPlatformServersconfigurationdirectorystructuresincetheconfiguration directorywillbedeletedwhentheSASAnalyticsPlatformServerisunconfigured. Issuethefollowingcommandtocreateaselfsignedcertificateinyourkeystorefile. keytool export alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <certificate.cer> Forexample,toexportapubliccertificateforthealiasanalyticsplatformserverinthe keystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand: keytool export alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword file analyticsplatformserver.cer

4.

5.

Verifythatthekeytoolcreatedacertificatefilenamedanalyticsplatform.cer. Thisfilecontainstheserverspublicselfsignedcertificatewhichcanbeimportedintoa clientJREsdefaultJSSEtruststore(JRE/lib/security/jssecacerts)toenablethe clienttoconnecttoaSASAnalyticsPlatformsRMIserviceswhichhavebeensecured usingtheJSSE. UsetheImport Keystores Certificate into Truststoreprocedurebelowtoimport theserverspubliccertificateintotheclientJREstruststore (JRE/lib/security/jssecacerts).

6.

Import Keystores Certificate into Truststore


ThisprocedureisusedtotakeaselfsignedcertificatewhichhasbeenexportedfromtheSAS AnalyticsPlatformServersJSSEkeystoreandthenimportitintoaclientapplicationsJRE truststore. Foraclienttoauthenticateaservereithertheserverskeystoremustcontainacertificatewhich hasbeensignedbyaCertificateAuthority(CA)ortheclientstruststoremustcontaintheservers publiccertificate.Thisprocedureisusedforthecasewhereaselfsignedcertificateisusedbythe serverwhichrequirestheclienttoimportapubliccertificatewhichhasbeenexportedfromthe serverskeystore. WhenyoucreateaTrustManager,theSunimplementationfirstchecksforanalternatecacerts filebeforefallingbacktothestandardcacertsfile.ThisenablesyoutoprovideaJSSEspecific setoftrustedcertificatesseparatefromthosewhichmaybepresentinthecacerts forcode signingpurposes.

18

Administrators Guide for SAS Analytics Platform 1.5

JSSEusesthefollowingsearchordertolocatethetruststore: 1. 2. 3. -Djavax.net.ssl.trustStore=<trustStoreFilePath> <java_home>\lib\security\jssecacerts <java_home>\lib\security\cacerts

Notethatifthejssecacerts fileisfound,thenthesearchstopsandthecacertsfileisnot used.Perbestpracticerecommendations,theserverspubliccertificatewillbeimportedintoour clientJREsjssecacertsfilewhichcontainstheclientstrustedcertificates. Requiredinputsaredescribedinthefollowingtable. Required Input truststores filename truststores password certificates alias name of the file which contains the public certificate which was exported from the SAS Analytics Platform Servers keystore Forexample,toimporttheSASAnalyticsPlatformServerspubliccertificateintotheclientJREs defaultJSSEtruststore: 1. 2. 3. 4. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin ChangetoyourclientJREslib/securitydirectorywhichisthewheretheJSSEcode willsearchforthejssecacertsfile. IssuethefollowingcommandtoimporttheserverspubliccertificateintotheclientJREs truststorefile(JRE/lib/security/jssecacerts). keytool import alias <certificateAlias> -keystore <truststoreFile> -storepass <truststorePassword> file <analyticsplatfromserver.cer> Forexample,toimporttheserverspubliccertificateforthealias analyticsplatformserverintothetruststorefilejssecacerts,changetothe JRE/lib/securitydirectoryandthenissuethefollowingcommand: Example jssecacerts changeit analyticsplatformserver analyticsplatformserver.cer

19

Administrators Guide for SAS Analytics Platform 1.5

keytool import alias analyticsplatformserver -keystore jssecacerts -storepass changeit file analyticsplatformserver.cer 5. UsetheList Certificatesprocedureonpage15toverifythatacertificatewhosealiasis analyticsplatformserverwascreatedinthejssecacerts truststore.

Using a Certificate Signed by a Certificate Authority


ThissectiondescribestheprocedureswhichareusedtoconfiguretheSASAnalyticsPlatform ServerskeystoretouseacertificatewhichhasbeensignedbyaCertificateAuthority.Ifoneuses thisapproach,thenonedoesnotneedtoconfiguretheclientJREstruststoresincetheservers certificatecanbeverifiedbytheCertificateAuthority.Theclientwillbepromptedtoacceptthe serverscertificatewhichwillhavebeenverifiedbytheCertificateAuthority. Verisignprovidesinstructionstodescribehowtoinstallitsprimaryandintermediatecertificates intotheJREslib/security/cacertsfileifthecertificatesarenotalreadypresent.Ifthe certificateisalreadydefinedinthecacertsfilewhenoneattemptstousethekeytooltoimport thecertificatethenapromptisissuedprovidingnotificationthatthecertificateisalreadydefined. Thereisnoneedtoreplacethecertificateifthecertificateisalreadydefined. 1. 2. OncetheCertificateAuthoritysprimaryandrootcertificatesaredefinedintheJREs lib/security/cacertsfile,thenonemustcreateacertificateintheSASAnalyticsPlatform Serverskeystore,generateacertificatesignaturerequest(CSR)filewhichwillbesubmittedto theCertificateAuthorityandthenimporttheCAsreplybackintothekeystore. 1. 2. 3. 4. CreateKeystoreCertificateonpage14. GenerateCertificateSignatureRequest(CSR)onpage23. SubmitCSRtoCertificateAuthority(CA)onpage24. ImportCertificateAuthoritysReplyintoKeystoreonpage24. ImportCAsPrimaryCertificateintoJRE/lib/security/cacerts(below). ImportCAsIntermediateCertificateintoJRE/lib/security/cacerts(onpage22).

Import CAs Primary Certificate into JRE/lib/security/cacerts


Thisprocedureisusedtoimportacertificateauthoritysprimaryrootcertificateintothe JRE/lib/security/cacertsfile.Requiredinputsaredescribedinthefollowingtable.Refer totheCAsdocumentationforspecificinstructions.Forexample,viewVerisignsinstructionsfor Tomcat.VerisignsPrimaryPCARootCertificatesmaybedownloadedfrom http://www.verisign.com/support/roots.html.

20

Administrators Guide for SAS Analytics Platform 1.5

Required Input keystores filename keystores password certificates alias Name of the file which contains the Certificate Authoritys intermediate certificate.

Example cacerts (JRE/lib/security) changeit intermediateCA intermediateCA.cer

Forexample,toimportVerisignsprimarycertificateintotheJRE/lib/security/cacerts file: 1. 2. 3. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Downloadtherootcertificatesfrom http://www.verisign.com/support/roots.html andunzipthefiletothe C:\tempdirectory. ChangetoyourJRE/lib/securitydirectorywheretheJREscacertsfileislocated. IssuethefollowingcommandtoimporttheCertificateAuthoritysintermediate certificateintoyourkeystorefile. keytool import alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <intermediateCA.cer> Forexample,toimportacertificateforthealiasintermediateCAintotheJREs cacertsfile,changetotheJRE/lib/securitydirectoryandthenissuethefollowing command: keytool import alias intermediateCA -keystore cacerts -storepass changeit file C:\temp\Root Download Package\Verisign Roots\PCA3ss_v4.509 IfthekeytoolreportsthattheCAscertificateisalreadypresentinthecacertsfile,then thereisnoneedtoreimportit.

4. 5.

21

Administrators Guide for SAS Analytics Platform 1.5

Import CAs Intermediate Certificate into JRE/lib/security/cacerts


Thisprocedureisusedtoimportacertificateauthoritysintermediatecertificateintothe JRE/lib/security/cacertsfile.Requiredinputsaredescribedinthefollowingtable.Refer totheCAsdocumentationforspecificinstructions.Forexample,viewVerisignsinstructionsfor Tomcat.Verisignsintermediatecertificatemaybeobtainedfrom http://sww.sas.com/computersecurity/ca/intermediate_verisign.509. Required Input keystores filename keystores password certificates alias Name of the file which contains the Certificate Authoritys intermediate certificate. Forexample,toimportVerisignsintermediatecertificateintothe JRE/lib/security/cacertsfile: 1. 2. 3. 4. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin ChangetoyourJRE/lib/securitydirectorywheretheJREscacertsfileislocated. IssuethefollowingcommandtoimporttheCertificateAuthoritysintermediate certificateintoyourkeystorefile. keytool import alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <intermediateCA.cer> Forexample,toimportacertificateforthealiasintermediateCAintotheJREs cacertsfile,changetotheJRE/lib/securitydirectoryandthenissuethefollowing command: keytool import alias intermediateCA -keystore cacerts -storepass changeit file intermediateCA.cer IfthekeytoolreportsthattheCAscertificateisalreadypresentinthecacertsfile,then thereisnoneedtoreimportit.
22

Example cacerts (JRE/lib/security) changeit intermediateCA intermediateCA.cer

Administrators Guide for SAS Analytics Platform 1.5

Generate Certificate Signature Request (CSR)


Thisprocedureisusedtogenerateafilewhichcontainsacertificatesignaturerequestforaself signedcertificatedefinedintheSASAnalyticsPlatformServersJSSEkeystore.ThisCSRfilemay thenbesubmittedtoacertificateauthoritytobeverified.Notethatthealiasmustbethesame valueusedtogeneratethecertificateinthekeystore. Required Input keystores filename keystores password certificates alias name of the output file created by the keytool which will contain the certificate signature request (CSR) Forexample,usethefollowingproceduretogenerateacertificatesignaturerequest(CSR)file whichcanbesubmittedtoaCertificateAuthority: 1. 2. 3. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetoyourkeystoresdirectory.Chooseadirectorywhichdoesnotresideunderthe SASAnalyticsPlatformServersconfigurationdirectorystructuresincetheconfiguration directorywillbedeletedwhentheSASAnalyticsPlatformServerisunconfigured. IssuethefollowingcommandtogeneratetheCSRwhichistobesubmittedtothe CertificateAuthority. keytool certreq alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <certificateSignatureRequest.csr> Forexample,toimportasignedcertificateforthealiasanalyticsplatformserver inthekeystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand: keytool certreq alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword file analyticsplatformserver.csr Example apcore.keystore secretPassword analyticsplatformserver analyticsplatformserver.csr

4.

23

Administrators Guide for SAS Analytics Platform 1.5

5.

VerifythatthekeytoolcreatedaCSRfilenamedanalyticsplatform.csr.Thisfile containsthecertificatesignaturerequestwhichmustbesubmittedtoaCertificate Authority.

Submit CSR to Certificate Authority (CA)


Thisprocedureisusedtosubmitacertificatesignaturerequest(CSR)filetoacertificateauthority (CA),suchasVerisign,tobeverified.TheCAwillreplywithafilewhichmustthenbeimported intotheSASAnalyticsPlatformServersJSSEkeystore. 1. 2. Submitthecertificatesignaturerequest(CSR)filetoaCertificateAuthority(CA)suchas Verisign.ContactyourcompanysIT,NetworkorSecuritygroupforassistance. TheCAwillreplywithanemailprovidingthecertificateasafileattachmentorincluded inthebodyoftheemailmessage.Ifthecertificateisinthebodyoftheemail,then copy/pasteitintoatextfileusingeitherNotepadorvi.Donotuseaneditorwhichmay addextracharacterstherebycorruptingthecertificatessignature.

Import Certificate Authoritys Reply into Keystore


Thisprocedureisusedtotakeacertificateauthoritysreplytoacertificatesignaturerequest (CSR)andthenimportitintotheSASAnalyticsPlatformServerskeystore.Requiredinputsare describedinthefollowingtable.Notethatthealiasmustbethesamevalueusedtogeneratethe privatekeyandtheCSRwhichwassubmittedtotheCA. Required Input keystores filename keystores password certificates alias Name of the file which contains the Certificate Authoritys reply to the certificate signature request. Forexample,toimportanSSLcertificateobtainedfromaCertificateAuthorityintotheSAS AnalyticsPlatformServerskeystore: 1. 2. 3. Openacommandwindow. EnsurethatthepathcontainstheJRE/binfolder.Forexample: set path=%path%;C:\Program Files\Java\jre1.5.0_12\bin Changetoyourkeystoresdirectory.Chooseadirectorywhichdoesnotresideunderthe SASAnalyticsPlatformServersconfigurationdirectorystructuresincetheconfiguration directorywillbedeletedwhentheSASAnalyticsPlatformServerisunconfigured. IssuethefollowingcommandtoimporttheCertificateAuthoritysignedcertificateinto yourkeystorefile. keytool import -trustcacerts alias <certificateAlias> -keystore <keystoreFile> -storepass <keystorePassword> file <certificateReplyFromCA.cer>
24

Example apcore.keystore secretPassword analyticsplatformserver Cert.cer

4.

Administrators Guide for SAS Analytics Platform 1.5

Forexample,toimportasignedcertificateforthealiasanalyticsplatformserverinthe keystorefileapcore.keystore,changetothedirectorywhichwillcontainthe keystoreandthenissuethefollowingcommand: keytool import trustcacerts alias analyticsplatformserver -keystore apcore.keystore -storepass secretPassword file Cert.cer

25

Administrators Guide for SAS Analytics Platform 1.5

26

Runtime
ThissectiondiscussesruntimeconsiderationsfortheSASAnalyticsPlatformServer.

Starting the SAS Analytics Platform Server


TheSASAnalyticsPlatformisstartedbytheuseofascript.WhentheSASAnalyticsPlatform Serverfirststarts,itneedstoconnecttotheSASMetadataServerinordertoinitializeitsruntime environment.Bydefault,theserverisconfiguredtouseapersistedsetofcredentialsinorderto connecttotheSASMetadataServer. Allconfiguredapplicationsarediscoveredduringthisinitializationphase.Thus,ifyouwantto configureanotherSASAnalyticsPlatformapplication,thenonemuststoptheSASAnalytics PlatformServer,usetheSASDeploymentWizardtoconfigurethenewapplicationandthen restarttheSASAnalyticsPlatformServersothatthenewapplicationwillberecognized. OntheWindowsplatform,theSASAnalyticsPlatformServercanbeautomaticallystartedwhen itisconfiguredusingtheSASDeploymentWizard.OnemayalsoconfiguretheSASAnalytics PlatformServerasaWindowsService.Thesectionsbelowdetailthestepsrequiredtostartthe SASAnalyticsPlatformforeachsupportedOSenvironment.

Starting the SAS Analytics Platform Server under Windows


Bydefault,theserverisconfiguredtousetheTrustedUsercredentialinordertoconnecttothe SASMetadataServer.

DOS Console Output


UsetheWindowsshortcuttostarttheserver. StartProgramsSASSASConfigurationConfigLevNAnalyticsPlatform Server:Start ThiswillstarttheSASAnalyticsPlatformServerinaDOSconsolewindow.Theserverisready toreceiveclientswhenthemessageWaitingforclientsappearsatthebottomofthescreen. YoucanalsoopenaDOSwindowandchangetothedirectorywheretheSASAnalyticsPlatform Serverisconfiguredandtype: AnalyticsPlatform.bat start or AnalyticsPlatform.bat start > .\Logs\myLog.txt Thisletsyoucontrolthenameofthelogfileusedtocapturethevarioussystemmessages.

Starting the SAS Analytics Platform Server under UNIX


UnderUNIX,youwillneedtoopenaterminalsessionandchangetothedirectorywheretheSAS AnalyticsPlatformServerisconfigured.Issuethecommand: ./AnalyticsPlatform.sh start TheserverisreadytoreceiveclientswhenthemessageAnalyticsPlatformstartedappearsat thebottomofthescreen.

Page 27

Administrators Guide for SAS Analytics Platform 1.5

Bydefault,systemlogmessagesaresenttostdout,soyoucanusecommonUNIXshellsyntax toredirectthesemessagestoalogfile: ./AnalyticsPlatform.sh start > ./Logs/myLog.txt

Stopping the SAS Analytics Platform Server


Occasionallyitmaybenecessarytostoptheserver,suchasinthecasewhenyouneedtorestartit whenconfiguringanewapplicationorunconfiguringanapplication.Youcaneitherusethe scriptsprovidedtoissuetheshutdowncommandorshutdowntheserverusingtheSAS AnalyticsPlatformServerConsoleapplication.

Stopping the SAS Analytics Platform under Windows


UsetheWindowsshortcut: StartProgramsSASSASConfigurationConfigLevNAnalyticsPlatform Server:Stop ThiswillcausetheSASAnalyticsPlatformServertostopafterapproximately5seconds. Alternatively,youcanopenaDOSwindow,navigatetothedirectorywheretheSASAnalytics Platformisconfiguredandissuethecommandspecifyingthenumberofsecondstowaitbefore initiatingtheshutdown: AnalyticsPlatform.bat stop -t seconds

Stopping the SAS Analytics Platform under UNIX


Openaterminalsession,makesureyouhaveanXserverrunningandavailable,andchangeto thedirectorywheretheSASAnalyticsPlatformServerisconfigured.Issuethecommand specifyingthenumberofsecondstowaitbeforeinitiatingtheshutdown: ./AnalyticsPlatform.sh stop t seconds Note:TheSASAnalyticsPlatformservercanalsobeshutdownusingtheUNIXsas.serversscript.

SAS Enterprise Miner Personal Workstation


TheSASAnalyticsPlatformistypicallyrunasamidtierservertoallowclientstoremotely accessthesetofapplicationswhichareconfiguredintheSASAnalyticsPlatformServer. NoteforSASEnterpriseMinerUsers:SASEnterpriseMinerofferstheabilitytorunasapersonal workstation.Therefore,itisnotnecessarytoruntheSASAnalyticsPlatformasaserverifyouonlyintend torunSASEnterpriseMinerinthismode. ASASEnterpriseMinerpersonalworkstationapplicationwillhavetheSASAnalyticsPlatform installedontheclientmachine,butwillrunitinternallyasitsexclusiveclient. However,ifyouintendtohavemultipleclientsshareacommonaccesspointthatiscentrally administered,thenitisnecessarytodedicateonemidtiermachinefortheSASAnalytics PlatformServer.Usingthismidtieralsoallowsindividualapplicationstorealizebenefitsbeyond centralizedadministration.

Firewall
TheapplicationswhosemiddletierisprovidedbytheSASAnalyticsPlatformcanhaveclients accesstheSASAnalyticsPlatformServerthroughafirewall.Toenableclientsoutsideofthe firewalltoaccesstheSASAnalyticsPlatformServer,itisnecessarytopermitclientcomputersto
28

Administrators Guide for SAS Analytics Platform 1.5

bidirectionallyaccessthefollowingports(seePortsonpage6)whicharedescribedinthe sectionwhichdiscussesConfiguration: RMIRegistry RMIService(ifRMIservicesarenotconfiguredtobesecured) RMIServicesecuredusingJSSE(ifRMIservicesareconfiguredtobesecured) EmbeddedTomcatHTTPServer(ifenabled) MulticastDiscoveryService(ifmulticastservicesareenabled) MulticastNetaidDiscoveryService(ifmulticastservicesareenabled)

ThefollowingtablesummarizesthedefaultportrequirementsforaLev1configuration: Lev1 Default Port 6401 6411 6421 6431 6441 Description If the embedded Tomcat HTTP Server was enabled during configuration, then this HTTP port must be opened bi-directionally. The RMI Registry port must be opened bi-directionally. If you configured the SAS Analytics Platform Server to not secure its RMI Services using the JSSE, then this port must be opened bi-directionally. If you configured the SAS Analytics Platform Server to secure its RMI Services using the JSSE, then this port needs to be open bi-directionally. If multicast services were enabled during configuration, then this multicast port must be opened to allow clients to access the multicast Discovery Service. This service is used by the Forecast Studio clients application logon dialogs Find Servers feature. If multicast services were enabled during configuration, then this multicast port must be opened to allow clients to access the multicast Netaid Discovery Service.

6451

WindowsXP(atServicePack2level)containsafirewallthatisoftenenabled.TheSecurity CenterWindowsFirewallexceptionsmustincludethefollowingforSASAnalyticsPlatform familyproducts(includingSASEnterpriseMiner,SASForecastStudio,SASInventory ManagementStudio,andSASModelManagementStudio)clientstobeabletoaccesstheSAS AnalyticsPlatformServer,andforotherSASJavaapplications.Defaultpathsareshown. SASAnalyticsPlatform,SASEnterpriseMiner,SASForecastStudio,SASModelManager,and SASWarrantyAnalysisproductsusetheSASprivateJREversion1.5orlater. C:\Program Files\SAS\Shared Files\JRE\1.5\bin SASAnalyticsPlatformfamilyproductJavaWebStart(JWS)clientsusethepubliclyinstalledSun Javalibrary,whichmustbeatversion1.5orlater.Atypicalinstallwouldlocatethelibraryin varyinglocations,butthedefaultis: C:\j2dk1.5.0_12\jre\bin or C:\Program Files\Java\jre1.5.0_12\bin Entriesinthefirewallexceptionlistareusuallysetupautomaticallybythesecuritycenter,butif thereisnoentryfortheSASprivateJREsjava.exeyoumustaddone.TheXPsecuritycenter testedaprogramtypeexceptionnamedJava,andwheneditedshowedthepathtotheSAS privateJREsjava.exeinthePath:fieldoftheexceptionproperties.
29

Administrators Guide for SAS Analytics Platform 1.5

Testingindicatesthisistheonlyexceptionentrynecessary.Youmustchangethescopeofthe programentry(theresnoportentryinvolved)followingthesesteps: 1. 2. 3. 4. 5. LaunchtheSecurityCenter(fromControlPanel)andenterWindowsFirewall. SelecttheExceptionstabandtheJavaentryinthelist. ClickEdit.ThepathwillcontainthepathtotheJavalibrarynotedabove. ClicktheChangescopebutton. ThetightestsecurityisobtainedbyselectingtheCustomlistandenteringtheIPaddress oftheclientmachineitself,acomma,theIPaddressofthemachineonwhichtheSAS AnalyticsPlatformorsharedplatform(midtier)server(forSASEnterpriseMiner,SAS ForecastServerorSASModelManager)runs,aslash,andafullmask.Forexample, 192.168.9.73,192.168.9.83/255.255.255.255 ThealternativeistoeitherselecttheradiobuttonthatsaysMynetwork(subnet)onlyif theserverisinthesamesubnet,ortoselectAnycomputer(includingthoseonthe internet).SincetheseoptionsapplyonlyfortheSASprivatecopyofJavaandonlySAS EnterpriseMinerwilluseit,theresminimalriskinallowingeitheroption. 6. ClickOKrecursivelytoexitthefirewalldialogandthesettingsareactiveimmediately. ThiswillallowthatJavaprogramtocommunicateonanyportwithanythingrunningoneither machine.Thefirewallwillprotectthatprogramfromreceivinganythingonanyportfromany othermachineifyouusedtheCustomlistoption.

Monitoring the SAS Analytics Platform Server


TheSASAnalyticsPlatformServerprovidessomemonitoringtoolsthathelpyouwhenrunning theSASAnalyticsPlatformasamidtierserver.Pleaseseethefollowingsectionsformore information: MonitoringUsingtheAnalyticsPlatformConsoleApplicationbelow. MonitoringUsingaWebBrowseronpageonpage34. MonitoringUsingaJMXConsoleonpageonpage36.

Monitoring Using the Analytics Platform Console Application


TheSASAnalyticsPlatformServerConsoleisaJavaSwingapplicationwhichallowsonetoview basicconfigurationandruntimestatusinformationfortheserver. Configuration o o Status o o Listofthenumberofclientusersessionscurrentlyattachedtotheserver NumberofactiveSASworkspacesessionsthathavebeeninitiatedviathisserver CapabilitytoshutdowntheSASAnalyticsPlatformServer Listofconfigurationproperties Listofconfiguredapplications

Administration o

Starting the Console


BeforestartingtheSASAnalyticsPlatformconsole,youmusthavealreadystartedtheSAS AnalyticsPlatformServeronthesamemachinewhereyouplantoruntheconsole.
30

Administrators Guide for SAS Analytics Platform 1.5

Windows OntheWindowsplatformonemaystarttheSASAnalyticsPlatformServerConsoleusingeither itsWindowsshortcutoritsscript. UsetheWindowsshortcut: StartProgramsSASSASConfigurationConfigLevNAnalytics PlatformServerConsole:Start Issuethecommand: AnalyticsPlatformConsole.bat start UNIX OnaUNIXplatformoneshouldstarttheSASAnalyticsPlatformServerConsoleapplication usingthefollowingprocedure: 1. 2. 3. 4. 5. Openaterminalsession. EnsurethatanXserverisrunningandavailable. EnsurethattheDISPLAYenvironmentvariablepointsbacktothemachinebeingused foryourterminalsession. ChangetothedirectorywheretheSASAnalyticsPlatformServerisconfigured. Issuethecommand: ./AnalyticsPlatformConsole.sh start

Problems
AwarningdialogispresentedwithamessagethatsaysCouldnotreachtheAnalytics PlatformServerorServerisnotrunning.IftheSASAnalyticsPlatformServerisnot runningonthismachine,starttheSASAnalyticsPlatformServerandthentrytostartthe SASAnalyticsPlatformServerConsole.Iftheserverfailstostart,thenchecktheSAS AnalyticsPlatformlogfilestodeterminewhytheserverstartupfailed. (UNIX)ifyouseeamessagethatsaysAgraphicalscreenenvironmentisrequiredtorun theconsole,itmeansthatyourXenvironmentisnotsetupcorrectly.Makesureyou havesettheDISPLAYenvironmentvariabletopointbacktotheclientmachineyouare usingforyourterminalsession.

Using the Console


TheAnalyticsPlatformConsolewindowusesatabbedlayouttoorganizeitsinformation. Generalprovidesanoverviewofconfigurationpropertiesandruntimestatus Applicationsdisplaysthelistofinstalledapplications,whethertheyhavebeenloaded, andthenumberofclientswhicharecurrentlyusingthatapplication Usersdisplaystheuserswhichareonline,whentheirsessionstarted,andfromwhich IPaddresstheyareconnected SASUsagedisplaysalistofactiveSASworkspacesessions Optionscontrolstherefreshpollingrateoftheconsolewindowandprovidesanaction whichcanbeusedtoshutdowntheserver

31

Administrators Guide for SAS Analytics Platform 1.5

TheGeneraltabprovidesanoverviewoftheoverallstatusofthesystem.

TheApplicationstabdisplaysthelistofinstalledapplications,whethertheyhavebeenloaded, andthenumberofclientswhicharecurrentlyusingthatapplication.

Note: IfYesappearsintheLoadedcolumnforanapplication,itmeansthattheapplicationMidTier softwarehasbeenloadedintomemory.Thishappenswhenthatapplicationisrequestedbyauser sincetheSASAnalyticsPlatformServerwasstarted.SASModelManagerisalwaysloadedsince itforcesSASAnalyticsPlatformtoloaditduringstartuptime.Ifitisnotloaded,somethingis wrongwithSASModelManager.

32

Administrators Guide for SAS Analytics Platform 1.5

TheUserstabdisplaystheuserswhichareonline,whentheirsessionstarted,andfromwhichIP addresstheyareconnected.

TheSASUsagetabdisplaysalistofactiveSASworkspacesessions.

33

Administrators Guide for SAS Analytics Platform 1.5

TheOptionstabletsyoucontroltherefreshrateoftheconsolewindowandprovidesyouwitha buttonwhichcanbeusedtoshutdowntheserver(whenyouinvokethisaction,theconsole applicationwillexit).

Monitoring Using a Web Browser


ItispossibletomonitortheSASAnalyticsPlatformServerremotelyusingyourWebbrowser. TheinformationprovidedviayourWebbrowser,andtheinformationprovidedbytheconsole applicationoverlaptoalargedegree.However,itisnotpossibletoshutdowntheserverusing theWebinterface,andyoumustmanuallyrefreshtheinformationusingyourbrowsersrefresh button. Note: ThisremotemonitoringfacilityisonlyavailablewhentheembeddedHTTPserverisenabled.By default,theSASAnalyticsPlatformisinstalledwiththisfeatureenabled. OnceyouhavestartedtheSASAnalyticsPlatformServer,useyourWebbrowsertopointtothe servermachine,rememberingtoaddtheporttotheURL.TheLev1defaultportis6401,butyou canconfiguretheembeddedTomcatHTTPServersportwhenyouconfiguretheSASAnalytics PlatformServerusingtheSASDeploymentWizard. Forexample,ifthemachineonwhichyouarerunningtheSASAnalyticsPlatformServeris calledmyhost.mydomain.comusingthedefaultLev1port,thenyoucanpointyourWeb browserto: http://myhost.mydomain.com:6401 Ifeverythingisrunningcorrectly,youwillseeapagesimilartotheoneonthenextpagewhichis organizedusingasmanyasthreetabs:Applications,ActivityandConfiguration.Ifyouhave enabledtheStatusFilterservlet,thenthetabsthatyouseewilldependupontheIPaddressfrom whichthepagewasaccessed.NotethattheStatusFilterservletisdisabledbydefault(whichis thesamebehaviorasinSASAnalyticsPlatform1.4).IftheStatusFilterisenabledduring configuration,thenonemayconfiguretheIPaddresseswhichareallowedtoaccesseachtab.For example,onemaywanttoallowanyonetoaccesstheApplicationstab,butonlyallowaccessto theActivityandConfigurationtabsfromthemachineonwhichtheAnalyticsPlatformServer wasdeployed.
34

Administrators Guide for SAS Analytics Platform 1.5

TheApplicationstabliststheconfiguredapplications.Someapplicationsmayprovidelinksto theirownWebpageswhileothersmayprovidealinkwhichcanbeusedtostartaclient applicationusingJavaWebStarttechnology.JavaWebStartletsclientswhichhaveJavainstalled launchapplicationsfromaWebpagewithouthavingtorunaseparateinstallprogramonthe clientsmachine.YoucanaccesstheApplicationstabdirectlyat: http://myhost.mydomain.com:6401/AnalyticsPlatform/Status?page=applicati ons.

TheActivitytabdisplaysdynamicsysteminformationsuchasthetimethattheserverstarted, thenumberofusersonline,thenumberofactiveSASworkspacesessions,etc.Youcanaccessthe Activitytabdirectlyat: http://myhost.mydomain.com:6401/AnalyticsPlatform/Status?page=summary.

35

Administrators Guide for SAS Analytics Platform 1.5

TheConfigurationtabdisplaystheSASAnalyticsPlatformServersconfigurationinformation. YoucanaccesstheConfigurationtabdirectlyat: http://myhost.mydomain.com:6401/AnalyticsPlatform/Status?page=configura tion.

Monitoring Using a JMX Console


JavaManagementExtensions(JMX)allowJavaapplicationstobemonitoredandmanagedvia: managementbeans(MBeans)whichallowonetomonitortheJVMsuseofthreads, memory,etc. serviceswhichprovideamanagementbean,suchastheSASFoundationServices.They mayalsobemanagedbyinvokingoperationsfromathirdpartyJMXconsole.

36

Administrators Guide for SAS Analytics Platform 1.5

JMX Consoles
TherearemanythirdpartyJMXconsoleswhichmaybeused.SomeofthemorepopulateJMX consolesare: jconsole MC4J jManage

SundiscussesMonitoringandManagementusingJMXusingitsjconsolewhichisavailableinthe JDKsbindirectory.LocalJMXaccessisenabledbydefiningtheproperty com.sun.management.jmxremote.Ajmx.configfile,locatedinthedirectorywherethe SASAnalyticsPlatformisconfigured,isprovidedtoenableonetoconfigureJMXproperties.One mayeditthejmx.configfiletospecifyadditionalpropertieswhichmayberequiredto configuretheapplicationtobeaccessedbyaparticularthirdpartyJMXconsole.Refertothethird partyJMXconsolesdocumentationfordetailswhichdescribehowtoconfiguretheapplication tobeaccessedbytheJMXconsole. TheJREmaybemonitoredusingthejconsoletoobserve: Threads Memory Classes MBeans VM

ThefollowingSASFoundationServicesalsoprovideMBeanswhichallowonetomanage runtimestate: DiscoveryServiceMBean o o Listserviceswhichcanbediscovered Getdetailsfordiscoverableservices Listloggingcontexts Changealoggingcontextspriority Getcountofallocatedloggingcontexts Getasummaryofallactivesessioncontexts Quiesce/resumetheSessionService DetermineiftheSessionServiceisquiesced Destroyalloraspecificsessioncontext Getalistofactiveusercontexts Destroyausercontext Getacountofauthenticatedusers Getacountofuserswhofailedtoauthenticate Getfailuredetails GetthedatetheUserServicewasstarted
37

LoggingServiceMBean o o o

SessionServiceMBean o o o o

UserServiceMBean o o o o o o

Administrators Guide for SAS Analytics Platform 1.5

Java Web Start Client Considerations


AutomaticdownloadsofclientfilescanbeaccomplishedusingJavaWebStart(JWS). Deployingclientfilesinthismannereliminatestheneedtoinstalltheclientapplicationmanually oneachdesktopmachine.Italsoeliminatesthepossibilityoftheclientapplicationversionnot matchingtheserverversion.Whenyoulaunchtheapplicationinthismanner,alloftherequired JARfilesareautomaticallydownloadedtothedesktop.Youmightbepromptedafewtimesfor securitypurposesandaskedifyouwanttocreateadesktopicon.Ifanewversionisinstalledon theserver,thentheupdatedversionautomaticallyinstallsbeforetheclientapplicationis invoked. ClientsforSASEnterpriseMiner,SASForecastStudio,andSASModelManagercanbelaunched bytheJavaWebStartfacilitiesenabledwithintheSASAnalyticsPlatformServer.Theclientscan belaunchedbyclickingtheirlinkontheApplicationstabfoundintheApplicationssectionof theSASAnalyticsPlatformServerStatuspage. TheclientscanalsobelaunchedbyadirectURLreferenceorshortcut: SASEnterpriseMiner http://server.domain.com:port/EnterpriseMiner/main.jnlp SASForecastStudio http://server.domain.com:port/Forecasting/main.jnlp SASModelManager http://server.domain.com:port/ModelManager/main.jnlp

SASAnalyticsPlatformfamilyproductJavaWebStartclientsusethepubliclyinstalledJavaJRE library,whichmustbeatversion1.5orlater.TheseproductsareavailablefromSun Microsystems,IBM,orHewlettPackard,dependingontheplatformoftheclientworkstation. ThemostcommonworkstationistheWindowsplatform,andSunsJavainstallautomatically updatestheJavaWebStartlaunchingmechanismwithinWebbrowsersinstalledonWindows.

Windows Service Administration


Onemaystart,stop,restartandremovetheSASAnalyticsPlatformServersWindowsService usingthelaunchscript.Windowsshortcuts,ifinstalled,mayalsobeusedtostartandstopthe SASAnalyticsPlatformsWindowsService.Oneshouldusethesescriptsifthereiseveraneedto stopandstarttheSASAnalyticsPlatformServer. TheSASAnalyticsPlatformServersWindowsServicewillbestoppedandremovedwhenthe SASDeploymentManagerunconfigurestheSASAnalyticsPlatformServer. Windows Service Action Start Stop Restart Uninstall Command Line AnalyticsPlatform.bat start AnalyticsPlatform.bat stop AnalyticsPlatform.bat restart AnalyticsPlatform.bat remove

38

Troubleshooting
Thissectionprovidesinstructionstohelptroubleshoot. TheSASAnalyticsPlatformServerslogfile,AnalyticsPlatform.log,islocatedinitsLogs directory.IftheSASAnalyticsPlatformServerhasbeenconfiguredtobestartedasaWindows Service,thentheLogsdirectorywillalsocontaintheserviceslogfilewrapper.log.

Remote clients are unable to connect when the SAS Analytics Platform Server is running on a multi-homed machine
IftheSASAnalyticsPlatformServersmachineismultihomed,thenoneshoulddesignatetheIP addressofthehosttowhichtheclientwillconnectbysettingthe java.rmi.server.hostnamepropertyasanadditionalJVMoptionwhenconfiguringthe SASAnalyticsPlatformServer. 1. UnconfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentManager(see UnconfiguringtheSASAnalyticsPlatformServerusingtheSASDeploymentManager onpage12). ConfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentWizardand specify-Djava.rmi.server.hostname=ip-address-of-this-machineinthe AdditionalJVMOptionstextfield. Forexample: Djava.rmi.server.hostname=10.40.12.43

2.

The SAS Analytics Platform Server shuts down when your UNIX session is terminated
DependingontheprotocolinwhichyourUNIXsessionwasestablished,youmayfindthatthe SASAnalyticsPlatformServershutsdownwhenyourUNIXsessionisterminated.Inthiscase,it maybenecessarytounsetyourdisplaypriortostartingtheSASAnalyticsPlatformServer. Forexample: unset DISPLAY ./AnalyticsPlatform.sh start

The Forecast Studio application log on window fails to locate the SAS Analytics Platform Server using the Find Servers feature
Thiscanbecausedbythefollowingfactors: ThemulticastdiscoveryservicewasnotenabledintheSASAnalyticsPlatformServer. 1. UnconfiguretheSASAnalyticsPlatformServerusingtheSASDeploymentManager (seeUnconfiguringtheSASAnalyticsPlatformServerusingtheSASDeployment Manageronpage12). 2. UsetheSASDeploymentWizardtoconfiguretheSASAnalyticsPlatformServerand enableitsmulticastdiscoveryserversbyselectingtheEnableautomaticdiscoveryof theserverviamulticastingcheckbox. 3. StarttheSASAnalyticsPlatformServerifitwasnotautomaticallystartedwhenthe SASDeploymentWizardconfiguredtheserver.
Page 39

Administrators Guide for SAS Analytics Platform 1.5

TheSASForecastStudioclientapplicationisusingthewrongmulticastaddressandport fortheSASAnalyticsPlatformServersmulticastdiscoveryservice.Bydefault,theSAS ForecastStudioclientisconfiguredtousetheIPv4multicastaddress239.192.65.80 and6441forthemulticastportwhichcorrespondstothedefaultsforaLev1SAS AnalyticsPlatformServer.IftheSASAnalyticsPlatformServerhasbeenconfiguredto useadifferentmulticastaddressorport,thentheSASForecastStudioclientslaunch configurationmustbeupdatedtospecifythemulticastaddress/portusingasystem propertynamedsas.apcore.logon.netaid.multicast.servers. Forexample: -Dsas.apcore.logon.netaid.multicast.servers=239.192.65.80:7777 IfmultipleSASAnalyticsPlatformServersneedtobefoundandtheywereconfiguredto useamulticastaddress/portotherthan239.192.65.80:6441,thentheSAS ForecastStudioclientslaunchconfigurationmustbeupdatedtospecifythemulticast address/portsofthemulticastdiscoveryservicesfortheconfiguredSASAnalytics PlatformServers. Forexample: -Dsas.apcore.logon.netaid.multicast.servers=239.192.65.80:6441, 239.192.65.80:6442

Iftheclientisrunningfrombehindafirewall,thentheFindServersfeaturewillfail. EntertheserverlocationintheServerfieldandclickLogOn. Ifmulticastingisdisabled,thentheFindServersfeaturewillfail.Entertheserver locationintheServerfieldandclickLogOn.

Note: TheSASForecastServer3.1:AdministratorsGuidecontainsinformationabouthowto configureSASForecastServer.Foracopyofthisguide,contactyourSASconsultantorSAS TechnicalSupport.

When clicking the Java Web Start launch link, a prompt appears to save a jnlp file, instead of launching the application
IftheJavapluginisnotinstalledintheWebbrowser,thenonespecifythattheJavaWebStart executableshouldbeusedtoopenthejnlpfilewhichspecifiestheclientapplicationslaunch configuration.Therefore,youhavethefollowingoptions: UsingInternetExplorer(WindowsPlatform) 1. 2. InstallthefullJavaruntimeenvironmentbyvisitinghttp://www.java.comtoinstallthe JavapluginintoyourWebbrowser. RestartInternetExplorerandrevisittheJavaWebStartlinkforyourapplication.

UsingFirefox(AllPlatforms) Useadifferentbrowser,suchasMozillaFirefox.Firefoxallowsyoutoassociateanapplication withafiletype.ToconfigureFirefoxforJavaWebStart,dothefollowing: 1. 2. InstallFirefoxbyvisitinghttp://www.mozilla.com. StartFirefoxandclicktheJavaWebStartlaunchlinkforyourapplication.

40

Administrators Guide for SAS Analytics Platform 1.5

3.

Whenpromptedwithchoicesonwhattodowiththefile,selectOtherfromtheOpen withdropdownlist.

4.

NavigatetowheretheSASprivateJREhasbeeninstalled.Forexample,C:\Program Files\SAS\Shared Files\JRE\1.5.0_12\bin and select the Java Web Start executable javaws.exe.

41

Administrators Guide for SAS Analytics Platform 1.5

42

support.sas.com
SAS is the world leader in providing software and services that enable customers to transform data from all areas of their business into intelligence. SAS solutions help organizations make better, more informed decisions and maximize customer, supplier, and organizational relationships. For more than 30 years, SAS has been giving customers around the world The Power to Know. Visit us at www.sas.com.

You might also like