Server Encryption :: SAS(R) Federation Server 3.2: Administrator's Guide

Introduction

SAS Federation Server supports two methods of encryption strength: SAS Proprietary and DataFlux Secure.

SAS Proprietary

SASProprietary is a fixed encoding algorithm that is included with SAS Federation Server. It requires no additional product licenses and is the default encryption method if DataFlux Secure is not installed. The SAS proprietary algorithm is strong enough to protect your data from casual viewing. SASProprietary provides a medium level of security. SAS/SECURE and SSL provide a high level of security.

DataFlux Secure

Overview

DataFlux Secure is an add-on product that provides industry encryption capabilities in addition to the SASProprietary algorithm. DataFlux Secure requires additional licensing and it must be installed on each server that will use encryption. DataFlux Secure provides encryption of data in transit. It does not provide authentication or authorization capabilities.

The AES – 256-bit keys encryption algorithm is used by SASProprietary and DataFlux Secure.

Specifying the Encryption Method

By default, the encryption is set to SASProprietary. You can also decide how much data is encrypted in communication between a client and SAS Federation Server. This is specified by setting the CLIENTENCRYPTIONLEVEL using the ObjectServerParms option in dfs_serv.xml. See the SAS Federation Server Configuration Reference for more information on this option.

Password Encryption

SAS Federation Server provides a utility to encrypt user passwords from plain-text format. The encryption method depends on the encryption method in use for SAS Federation Server. See Utilities for SAS Federation Server for additional information about password encryption.