Using SAS Scalable Performance Data (SPD) Server with an Internet Firewall

Overview of Using SPD Server with a Firewall

SPD Server and its clients communicate through ports that permit requests to be sent to the server and that send and receive data (such as table rows) between client and server. If the server is running with an Internet firewall, the ports that the client and server use must be configured so that the firewall allows the communication. This section describes the SPD Server server and client ports, as well as how to assign and configure them for use with an Internet firewall.

SPD Server clients communicate with the SPD Server name server via the SPD Server name server listen port. The name server listen port is used by clients (such as Base SAS) when LIBNAME and SQL CONNECT statements are issued. The LIBNAME and SQL CONNECT statements must be able to pass through a firewall. The name server listen port is also used by ODBC data sources that need to communicate with the SPD Server name server.

SPD Server clients communicate with the SPD Server host whenever a client needs to complete a LIBNAME connection, or whenever a client needs to issue SPD Server operator commands. LIBNAME connections and operator commands must be able to access the SPD Server listen port and the SPD Server operator port through existing firewalls.

When an SPD Server server completes a client request for a LIBNAME connection, it creates an SPD Server base user proxy process. The user proxy handles all of the client data requests. The proxy process requires multiple ports: a port to receive data commands from the client, a port to receive operator commands from the client, and a port for each open table to send and receive data between client and server. Therefore, the SPD Server Base user proxy requires a range of port numbers that must be accessible through the firewall.

Assigning SPD Server Ports That Require Firewall Access

SPD Server Name Server Listen Port

You can specify the SPD Server name server listen port by using well-known port definitions that are declared in the operating system's services file. You can also use the SPD Server command-line interface to specify the listen port. In the services file, the spdsname specification corresponds to the listen port. For UNIX installations, you can define the SPD name server listen port in the rc.spds start-up script. The NSPORT parameter in the rc.spds start-up script defines the SPD Server name server listen port. If NSPORT is not defined in the rc.spds start-up script, the SPD name server uses the spdsname service entry.

SPD Server Listen Port and SPD Server Operator Port

You can specify the SPD Server listen and operator ports by using well-known port definitions that are declared in the operating system's services file. You can also use the SPD Server command-line interface. In the operating system's services file, the spdsserv_sas specification corresponds to the SPD Server listen port. The spdsserv_oper specification corresponds to the SPD Server operator port. For UNIX installations, you can also define the SPD Server listen and operator ports in the rc.spds start-up script for UNIX installations. In an rc.spds start-up script, the SRVLPORT parameter defines the listen port, and the SRVOPORT parameter defines the operator port. If the listen and operator ports are not defined, or are defined as zero values, the SPD Server uses spdsserv_sas and spdsserv_oper in the operating system's services file. If there are no listen or operator ports defined in the operating system's services file, then SPD Server chooses any available ports for listen and operator port functions by default. This is the normal mode of operation when SPD Server clients and servers run in environments that do not have firewalls.

SPD Server Base Proxy Ports

You must use the SPD Server MINPORTNO= and MAXPORTNO= server parameter specifications to define the available range of ports for the SPD Server Base Proxy processes. You must specify both the MINPORTNO= and MAXPORTNO= parameters when you define the range of port numbers that are available to communicate with SPD Server clients that might be outside of a firewall. If the SPD Server parameters for MINPORTNO= and MAXPORTNO= are not specified, an SPD Server Base proxy process uses any port that is available to communicate with its SPD Server client. This is the normal mode of operation when SPD Server clients and servers run in environments that do not have firewalls.

How many port numbers do you need to reserve for SPD Server Base user proxy processes? Each SPD Server Base user proxy process produces its own command port. You can access the command port via command-line specifications that are issued by an SPD Server client. You can access the operator port for a command port by using PROC SPDO operator commands.

Each SPD Server host table that is opened also creates its own port. Each SPD Server table port becomes a dedicated data transfer connection that is used to stream data transfers to and from the SPD Server client. SPD Server host table ports are normally assigned dynamically, unless MINPORTNO= and MAXPORTNO= parameters have been specified.

If MINPORTNO= and MAXPORTNO= parameters have been specified, then SPD Server host table ports are assigned from within the port range that is defined by the minimum and maximum port parameter statements. The port range that is specified by the MINPORTNO= and MAXPORTNO= parameters must be able to accommodate the maximum number of concurrent LIBNAME connections required at the server, as well as the I/O data streams that travel between the SPD Server Base processes on the host and the SPD Server clients.