SAS 9.1.3 Integration Technologies » Server Administrator's Guide


Getting Started
Overview of Administration
Getting Started Without the SAS Configuration Wizard
Choosing a Server Configuration
Planning for Metadata
Getting Started With the SAS Configuration Wizard
Initial Directories
Initial Security
Initial Servers and Services
Initial Load-Balancing Stored Process Server Configuration and Security
Additional Planning
Setting Up Libraries
Initial Access Control
Getting Started

Initial Load-Balancing Stored Process Server Configuration and Security

After you run the SAS Configuration Wizard to setup a stored process server, the initial load-balancing SAS Stored Process Server configuration is set up with three MultiBridge connections so that the object spawner can start up to three stored process server processes. The object spawner will balance the workload across these processes. The object spawner runs on the server host, listens for client requests, and connects clients to the appropriate server process.

The SAS Metadata Server contains the spawner, server, and security metadata for the load-balancing stored process server configuration. The object spawner must connect to the SAS Metadata Server, and the metadata must be appropriately configured to enable the spawner to start the load-balancing stored process server processes. The following diagram shows the initial security setup and process flow for the load-balancing stored process server and spawner configuration:

Note: On Windows, all user IDs would be machine or domain qualified (for example, europe\sastrust).

Diagram showing how Security for SAS Configuration Wizards load-balancing stored process server

As shown in the previous diagram, the object spawner obtains the metadata information to start a load-balancing stored process server as follows:

  1. When the spawner is started, it reads a metadata configuration file named omrconfig.xml that contains information to access the SAS Metadata Server. This metadata configuration file specifies the following information:

    • the location of the SAS Metadata Server
    • the user ID that the spawner will use to connect to the metadata server

    By default, the omrconfig.xml file contains the user ID sastrust, which is owned by the SAS Trusted User.

  2. The object spawner connects to the SAS Metadata Server using the user ID specified in omrconfig.xml. (By default, this is SAS Trusted User (for example, sastrust)). The SAS Trusted User's credentials are authenticated against the SAS Metadata Server's authentication provider.

  3. On the SAS Metadata Server, the connection from the object spawner is associated with the user that owns the sastrust user ID, SAS Trusted User. The spawner (as the SAS Trusted User) reads the metadata information for the server and spawner configuration.

    Note: The SAS Trusted User's login credentials can view the server's multi-user login credentials (sassrv) because the SAS Trusted User is a member of the SAS General Server group and the SAS General Servers group owns the server's multi-user login credentials (sassrv).

The object spawner then has the necessary metadata to launch a server. The following diagram shows the flow for a client request and server launch.

Diagram showing client/server sequence for SAS Configuration Wizard's load-balancing stored process server

The flow is as follows:

  1. When a client requests a server, the client is authenticated against the host authentication provider for the server.

  2. If the object spawner needs to launch a new stored process server, the object spawner uses the credentials of the server's multi-user login (sassrv) to launch the load-balancing stored process server.

Note: Because the stored process server runs under the credentials for the multi-user stored process server, each client can only access information for which the multi-user credentials are authorized.

To summarize, in your initial load-balancing stored process server configuration, you must ensure that security is configured properly, as follows:

  • On the SAS Metadata Server, ensure that the SAS Trusted User is a member of the SAS General Servers group

  • In the metadata configuration file, omrconfig.xml, ensure that the SAS Trusted User's credentials are specified.

  • On the SAS Metadata Server, ensure that the group login owned by the SAS General Servers group is specified in the stored process server definition (on the Credentials tab).

  • Ensure that the user ID and password of the group login for the SAS General Servers group matches the account on the host authentication provider for the stored process server.

To improve performance, you can add a second load-balancing stored process server machine. For details, see Overview of Load Balancing.