By default, the multicast communication
is protected with encryption because it conveys credentials. This
default setting for encryption uses a fixed encryption key that is
built into the software and is common to all SAS middle-tier software.
This strategy prevents access to the multicast communication from
unauthorized listeners. This setting might be sufficient for deployments
where multicast communication is isolated from the user community
with a firewall, a TTL option, or the deployment is in an isolated
data center.
If your middle tier
meets any of the following criteria, then you might want to set a
multicast authentication token value:
-
the middle-tier environment is
not well isolated from end-user access
-
the security procedures at your
site require protection among administrative and operational staff
in various roles
-
you want more protection against
eavesdroppers and unauthorized participants
For these deployments, set a multicast authentication
token value that is known only to the appropriate personnel. A multicast
authentication token is a password-like string that is needed to connect
to the multicast group and create a site-specific encryption key.
In a multi-tier configuration, the SAS Deployment Wizard displays
a prompt for a multicast authentication token on each tier that has
an application participating in multicast communication. The same
authentication token value must be specified for each tier in the
same SAS deployment (each tier associated with the same metadata server).
The multicast authentication
token has an interaction with the multicast.security property. By
default, clients that want to join a multicast group to receive messages
are required to provide an authentication token for the join request.
(This is true whether a custom token value is used or if the default
token value that is built into the software is used.) If you determine
this process is causing an impact on performance, or that it is unnecessary,
you can disable the use of authentication tokens. If you set the
multicast.security property to NONE, encryption and authentication
are disabled. If you set the property to ENCRYPT, then encryption
is enabled with no authentication of the join request.