If you need to change
over-the-wire encryption settings after installation is complete,
use the following instructions.
-
Update server configuration
files as follows:
-
In the operating system
that hosts the metadata server, navigate to your equivalent of
SAS/Config/Lev1/SASMeta/MetadataServer/
.
-
To change the algorithm, add the
NETENCRALG setting that you need to the sasv9_usermods.cfg file.
-
To change the encryption level,
copy the entire OBJECTSERVERPARMS line from the sasv9.cfg file into
the sasv9_usermods.cfg file. Then edit the CEL value in the usermods
version of the file.
For example, to encrypt
all traffic with AES, add these lines:
-netencralg "AES"
-objectserverparms "cel=everything {other-parameters}"
On
z/OS, exclude the
initial hyphens and add equal signs as follows:
netencralg="AES"
objectserverparms="cel=everything {other-parameters}"
Note: Do not specify a NETENCRALG
value other than SASProprietary unless you have licensed
SAS/SECURE
on all SAS server machines.
-
(Optional) If your deployment
offers direct connections from clients to the OLAP server, make the
same updates to that server's configuration file.
Note: The OLAP server's configuration
file is in your equivalent of
SAS/Config/Lev1/SASApp/OLAPServer/
.
-
Update server metadata
definitions as follows:
-
In SAS Management Console,
under
Server Manager, select the metadata
server's definition
.
Note: To get to the server definition,
you must expand the application server node
and the logical server node
.
-
Right-click the first
connection object
, and select
Properties.
-
In the
Connection dialog
box, select the
Options tab and click
Advanced
Options. Adjust the settings as necessary.
-
In the
Advanced
Options dialog box, select the
Encryption tab.
Note: Do not select a value other
than SASProprietary unless you have licensed
SAS/SECURE on all SAS
server machines.
Repeat the preceding
steps for each server that is launched by the object spawner (the
stored process server, the workspace server, and the pooled workspace
server).
-
Stop, restart, and validate
the servers.
Tip
Only those components that
can conform to a server’s encryption requirements are able
to connect to that server. Additional configuration might be necessary
to make
SAS/SECURE available to other components such as SAS Remote
Services or the SAS Framework Data Server, so that they can connect.
SAS/SECURE is documented in
Encryption in SAS.