SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 64060: Invocation of the SAS® Web Application Server might be very slow in some UNIX operating environments

DetailsAboutRate It

In some UNIX environments (especially Linux and Solaris), invocation of SAS Web Application Server might be extremely slow. This behavior occurs when you use Advanced Encryption Standard (AES) or other RSA security algorithms with SAS/SECURE™ software.

The problem occurs because the AES algorithm consumes random numbers in order to perform encryption. These random numbers are read by Java from the device /dev/random. If the supply of random numbers in this device is exhausted, any attempt to read from the device blocks the Java process that is trying to read from the device.  This block remains in effect until a new random number is available or until a time-out occurs.

The solution is to configure Java to use /dev/./urandom instead of /dev/random. Because the keys that SAS® uses to load metadata are not long in duration, the use of /dev/./urandom to generate random numbers is both secure and effective.

To use the /dev/urandom device:

  1. Submit the following command to verify that the /dev/urandom device exists on your system:
    ls –l /dev/urandom

    If the device is found, the command returns results similar to the following:

    cr--r--r-- 1 root root 1, 9 Dec 22 16:33 /dev/urandom)
  2. Configure Java to use /dev/./urandom instead of /dev/random. To do that, add the following parameter to the JAVA_OPTS environment variable in the setenv.sh script, which is located in the SAS-configuration-directory/Lev1/Web/WebAppServer/SASServer1_1/bin/ directory:
    -Djava.security.egd=file:/dev/./urandom
  3. Restart SAS Web Application Server.


Operating System and Release Information

Product FamilyProductSystemProduct ReleaseSAS Release
ReportedFixed*ReportedFixed*
SAS SystemSAS Web Application Server64-bit Enabled AIX9.49.459.4 TS1M09.4 TS1M6
64-bit Enabled Solaris9.49.459.4 TS1M09.4 TS1M6
HP-UX IPF9.49.459.4 TS1M09.4 TS1M6
Linux for x649.49.459.4 TS1M09.4 TS1M6
Solaris for x649.49.459.4 TS1M09.4 TS1M6
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.