 |
|
| Encryption Model |
About SAS/SECURE
| What Does SAS/SECURE Provide? |
SAS/SECURE makes industry-standard encryption algorithms available for use in the SAS Intelligence Platform as follows:
-
SAS/SECURE enables you to provide stronger protection for data in transit than is provided by SASProprietary encoding. This affects communications among SAS servers and between SAS servers and SAS desktop clients. Here are the supported algorithms by host:
-
On UNIX and z/OS, SAS/SECURE supports AES (Advanced Encryption Standard), AES predecessors (DES and TDES), and the RC4 and RC2 algorithms.
-
On Windows, SAS/SECURE supports algorithms that are included in the Microsoft Cryptographic API.
-
-
SAS/SECURE enables you to provide stronger protection for stored passwords than is provided by SASProprietary encoding. This affects both passwords that are stored in the metadata and passwords that are included in configuration files. The only supported industry-standard algorithm for stored passwords is AES (SAS003).
- CAUTION:
- Passwords that are stored in SAS003
format become unusable and inaccessible if SAS/SECURE is unavailable.
If SAS/SECURE is installed, the default format for stored passwords is SAS003. It is important to keep your SAS/SECURE license current. If you choose to discontinue use of SAS/SECURE, you must revert all stored passwords to SAS002 format before uninstalling the software. To revert passwords, set STOREPASSWORDS="SAS002", restart the metadata server, and use SAS Management Console to re-enter passwords in any logins that need to include passwords.
![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
Note: In the SAS Intelligence Platform, SAS/SECURE
provides only encryption features. Other security features (such as metadata
authorization, single sign-on, and use of SSL by SAS applications that run
in a third-party Web application server) are not related to SAS/SECURE.
| How Are SAS/SECURE Features Surfaced? |
SAS/SECURE isn't an interactive software product (like SAS Management Console) or a product that has its own SAS language elements (like SAS/ACCESS). In the SAS Intelligence Platform, SAS/SECURE features are surfaced as follows:
-
In server invocation commands, the -netencralg option support values other than SASProprietary only if you have SAS/SECURE.
-
In SAS Management Console, server encryption algorithm values other than SASProprietary are supported only if you have SAS/SECURE.
Note: All algorithms are listed regardless of whether you have SAS/SECURE. Do not select a value other than SASProprietary unless you have licensed SAS/SECURE. Use the same algorithm and level on all servers.
-
In the PWENCODE procedure, the METHOD option supports the SAS003 value (AES) only if you have SAS/SECURE.
-
In the RETURNPASSWORDS and STOREPASSWORDS options in the metadata server's omaconfig.xml file, the SAS003 value (AES) is supported only if you have SAS/SECURE.
| Licensing and Availability of SAS/SECURE |
Licensing and availability for SAS/SECURE is as follows:
-
Although SAS/SECURE is automatically included in all deployment plan files that include Base SAS, SAS/SECURE is not licensed as part of Base SAS. SAS/SECURE requires a separate license on each SAS server machine. Client-side licenses are not needed.
-
Availability of SAS/SECURE is subject to import and export restrictions. Some countries have import restrictions on products that contain encryption. The U.S. has export restrictions on products that contain encryption.
-
SAS/SECURE is not supported on VMS.
See Also:
|
Encryption in SAS |
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.