Windows: TCP/IP Access Method |
Task List |
Configure the Windows spawner service.
Configure user rights and security services (optional).
Assign user rights if the server is to run secured.
Specify security service options to encrypt client/server data transfers.
Start the Windows spawner at the server.
Note: If the Windows spawner is not being used, there are no server tasks.
Note: SAS/CONNECT permits TCP/IP connections between clients outside a firewall to spawners that run on hosts inside a firewall. For details, see Configuring SAS/CONNECT for Use with a Firewall.
Configuring the Windows Spawner Service |
To enable clients to connect to a Windows server by using the Windows spawner, configure the spawner service in the SERVICES file at the server. For details, see Configuring the SERVICES File.
Assigning User Rights for a Server That Is Running Secured |
If you use only SSPI for authentication, setting user rights is unnecessary.
If you use the simulated logon method of authentication, the following user rights must be set at the server machine:
"Act as part of the operating system" for the user who runs the spawner
"Increase quotas" for the user who runs the spawner
"Replace process level tokens" for the user who runs the spawner
"Log on as batch job" for all clients who need to connect to the server
For details about the simulated logon and SSPI method of authentication, see Data Security for SAS/CONNECT or SAS/SHARE Servers.
Encrypting Data in Server/Client Transfers |
If an encryption service is configured at the server, you can specify SAS options to encrypt data that a server transfers to a client. For example:
options netencrypt netencryptalgorithm=ssl;
The NETENCRYPT option specifies that all data transfers between a server and a client will be encrypted. SSL is the encryption service that is specified in the NETENCRYPTALGORITHM= option. For details about encryption, see Encryption in SAS.
Starting the Windows Spawner |
You must start the Windows spawner on a Windows server to enable clients to connect to it. The spawner program resides on a server and listens for SAS/CONNECT client requests for connection to the server. After the spawner program receives a request, it starts a server session. For details about starting the Windows spawner, see Windows Spawner.
Specifying the -SECURITY option in the Windows spawner start-up command requires authentication of connecting clients.
If an encryption service has been configured at the server, set the appropriate encryption options when starting the spawner.
SAS/CONNECT Server Example |
Setting these options on the command line restricts access to ports 5020 through 5050.
options tcpportfirst=5020; options tcpportlast=5050;
The following example shows the spawner start-up command. The TCP/IP access method is specified. The -FILE option executes the MYSAS.CMD file, which starts a SAS session.
c:\sas\connect\sasexe\spawner -comamid tcp -file mysas.cmd
For details about the contents of a command file and how to run the Windows spawner, see Windows Spawner. Options that are specified during spawner start-up override options that are specified in a server configuration file.
Copyright © 2008 by SAS Institute Inc., Cary, NC, USA. All rights reserved.