Previous Page | Next Page

Server Configuration, Data Retrieval, and Risk

Choices in Workspace Server Pooling

About Workspace Server Pooling

Benefits and Risks of Server-Side Pooling

Which Requests Are Eligible to Use Pooling?

Which Eligible Requests Actually Use Pooling?

Modifying the Initial Pooling Configuration


About Workspace Server Pooling

The primary purpose of pooling is to enhance performance by avoiding the time penalty that is associated with launching all workspace servers on demand. In pooling, a set of workspace servers are made available to process certain types of query requests. In general, pooling is used when a relational information map is queried, processed, opened, or used indirectly (through a report).

The initial configuration in a new deployment conforms to the following general recommendations:


Benefits and Risks of Server-Side Pooling

Server-side pooling offers the following benefits:

Server-side pooling introduces the following risks:

The following table summarizes the trade-offs. For completeness, the table includes a column for a standard workspace server that uses SAS token authentication and a column for a standard workspace server that uses either form of host authentication (credential-based or Integrated Windows authentication).

Summary: Comparison of Workspace Server Configurations
Advantage Pooled Not Pooled
Server-Side Client-Side SAS Token Host
Performance and Compatibility:
Improves performance of Web applications. [check]
[check]


Compatible with spawner-based load balancing. [check]

[check]
[check]
Compatible with Web authentication. [check]
[check]
[check]

Accommodates batch generation of scheduled reports.1 [check]

[check]

Fully compatible with Integrated Windows authentication.2 [check]

[check]

Security:
The SAS identity of the requesting user (or group) is used for metadata layer evaluations. [check]

[check]
[check]
Server access security is supported. [check]

[check]
[check]
The server is controlled by designated client applications.
[check]


The user (or group) host identity is passed to the host layer.


[check]
The user (or group) host identity is passed to SQL Server.3


[check]
1 Credentials for the workspace server are available to the batch generation process.

2 Accommodates requests through SAS Intelligent Query Services for a workspace server (for example, opening an information map after logging on to SAS Enterprise Guide using Integrated Windows authentication).

3 If the workspace server's host authentication is by IWA and any additional configuration requirements are met.


Which Requests Are Eligible to Use Pooling?

Only requests that are handled by a particular query services software component are eligible to use pooling. That software component is primarily used to query, process, open, or otherwise interact with a relational information map.

Note:   In SAS Enterprise Guide and the SAS Add-In for Microsoft Office, not all such requests are eligible. If the libraries that an information map references can be assigned within an existing SAS session, a request to open that information map is not eligible to use pooling. To ensure that such requests are eligible, limit physical (host operating system) access to the directories that are referenced by that information map's libraries. Deny access to users and grant access to the host identity under which a pooled server runs.  [cautionend]

Note:   Similar requests that don't involve a relational information map aren't eligible, because those requests aren't handled by the query services component. For example, requests to open a report that directly contains a stored process or open a report that contains OLAP data are not eligible.   [cautionend]

Note:   A few specialized low-level tasks (such as dynamically building a list of prompt values) are eligible, because the query services component is used for those tasks.  [cautionend]

Not all requests that can use pooling actually do so. See the following topic.


Which Eligible Requests Actually Use Pooling?

Use of pooling for eligible requests is constrained as follows:

client-side pooling

can be used for eligible requests in only specially configured Web applications. For example, if SAS Web Report Studio's configuration includes a pool administrator, that application uses client-side pooling to process information maps.

server-side pooling

can be used for eligible requests in any application. For example, server-side pooling can be used to process information maps from SAS Web Report Studio, SAS Information Map Studio, SAS Enterprise Guide, and the SAS Add-In for Microsoft Office. However, eligible requests don't use server-side pooling in the following circumstances:

  • If a Web application has a configured pool administrator, requests from that application don't use server-side pooling.

  • If there is no logical pooled workspace server [icon] under a particular application server [icon], requests for resources that are assigned to that application server can't use server-side pooling.

  • If a user doesn't have the ReadMetadata permission for the logical pooled workspace server [icon], requests made by that user can't use server-side pooling.

    Note:   If you chose to limit ReadMetadata permission permission for the server, be sure to preserve necessary access for service identities.  [cautionend]

    Note:   If the Use Server Access Security check box on the logical server's Options tab is cleared, users don't need ReadMetadata permission. This check box should always be selected.  [cautionend]

The following figure summarizes the decision sequence that determines what type of server processes an eligible request. Most of the determinative factors can be controlled by an administrator.

Use of Pooling (Applies to Only Eligible Requests)

[Use of Pooling (Applies to Only Eligible Requests)]

In the preceding figure, the bold (green) text and arrows mark the decision path in a new deployment with the default configuration. In such a deployment, there are two logical workspace servers within the general-use application server (for example, SASapp):


Modifying the Initial Pooling Configuration

If you are concerned about the risk that server-side pooling introduces, and that concern outweighs the advantages of server-side pooling, consider these options:

See Also

BI Row-Level Permissions

Hiding Server Definitions

Host Access to SAS Tables

Criteria for a Designated Launch Credential

Configuring Client-side Pooling in the SAS Intelligence Platform: Application Server Administration Guide

Previous Page | Next Page | Top of Page