SAS 9.1.3 Integration Technologies » Server Administrator's Guide


Setting up a COM/DCOM Connection
Server and Client Requirements
Summary of Setup Steps
Planning Your Server Configuration Metadata
Standard Server Metadata
Creating Metadata Using SAS Management Console
Defining Servers
Modifying Servers
Custom Workspace Servers
OLAP Servers
Enabling DCOM on the Server and the Client
Configuring SAS for DCOM
Setting SAS Permissions on the Server
Default on Windows NT/2000
Per Application on Windows NT/2000
Default on Windows XP  Server 2003
Per Application on Windows XP / Server 2003
Configuring DCOM on Windows XP SP2 / Server 2003 SP1
Configuring COM/DCOM for Active Server Page Access
Accessing a Local COM IOM Server from an Active Server Page
Accessing a Remote DCOM IOM Server from an Active Server Page
Administering the Server:
Creating a Metadata Configuration File in SAS
Using ITConfig
Troubleshooting
Reference Materials
AppIDs for Configuring DCOM
Object Server Parameters
Fields for the Server Definition
COM/DCOM

Accessing a Local COM IOM Server from an Active Server Page

When you access a local COM IOM server from an Active Server Page (ASP), SAS and Internet Information Services (IIS) are both installed on the same machine.

Note: This configuration is not recommended. If you have SAS and a Web server ruining on the same machine, they might compete for resources.

To configure local COM IOM in an ASP, you must ensure that the user who is launching the process has the proper permissions. Follow the configuration instructions to configure permissions either for Windows NT 4, or for Windows 2000 and XP.

Configuring Windows NT4 with IIS to Access a Local COM IOM Server

In IIS 4, the System account owns the IIS process and all of its child processes. When the local COM IOM server launches through an active server page (ASP), the launching user is identified as the System account. Use dcomcnfg to verify that the System account has launch and access permissions for the SAS.Workspace (SAS Version 9.1) application.

Note: This configuration will work for all of the supported authentication methods in IIS 4.

  1. Start dcomcnfg.

  2. Select SAS.Workspace (SAS Version 9.1) and then select Properties.

  3. Select the Security tab. If the System account does not have access and launch permissions, add the access and launch permissions.

Configuring Windows 2000 or XP with IIS to Access a Local COM IOM Server

In IIS 5, all processes, both pooled and isolated, are now COM+ Applications. For this reason, you must configure an additional level of security and add different users to the access and launch permissions for the SAS.Workspace (SAS Version 9.1) application. For more details, refer to Configuring Windows 2000 or XP with IIS 5 Remote DCOM and COM+ Settings.

There are two different types of authentication, Anonymous Access and Basic Authentication.

Note: If you are using Windows XP as your Web server platform, it is recommended that you use Basic Authentication instead of Anonymous Access.

Anonymous Access

Enabling anonymous access allows all inbound Web clients to use the identity of the IUSR_<machine name> user. The IWAM_<machine name> user launches the IIS process. Therefore, you must configure the following security permissions:

  • access permissions for both the IUSR_<machine name> and the IWAM_<machine name> users to access the SAS.Workspace (SAS Version 9.1) application
  • launch permissions for the IWAM_<machine name> user

where <machine name> is the name of your machine or a slight variation. These users are part of the \\<machine name>* domain and will appear if you click Show Users.

By default, the IUSR_<machine name> and IWAM_<machine name> users have launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

  1. Start dcomcnfg and modify the properties for SAS.Workspace (SAS Version 9.1).

  2. Add access and launch permissions for the following:

    • IUSR_<machine name> (Internet Guest Account)
    • IWAM_<machine name> (Launch IIS Process Account)

Basic Authentication

Note: This configuration also works for Integrated Windows authentication.

For basic authentication, all inbound Web clients must authenticate as a specific user in order to gain access to the Web page. The following security options must be configured:

  • access permissions for any user that will be accessing the Web page. Configure access permissions to the SAS.Workspace (SAS Version 9.1) application, as well as the IWAM_<machine name> user.
  • launch permissions for the IWAM_<machine name> user. The IIS process is still launched by the IWAM_<machine name> user.

By default, the IWAM_<machine name> has launch permissions for all DCOM applications. However, use dcomcnfg to verify that the launch permissions are properly configured.

  1. Start dcomcnfg and modify the properties for SAS.Workspace (SAS Version 9.1).

  2. Add launch and access permissions (Launch IIS Process Account) for the IWAM_<machine name> user.

  3. Add access permissions for any user that will be accessing the ASP through the Web. To add access permissions for users, use dcomcnfg to do either of the following:

    • add each user individually
    • create a group of users and then add that group.