Previous Page | Next Page

OpenVMS: TCP/IP Access Method

Prerequisites for Using TCP/IP under OpenVMS

Task List

Software Requirements

Ensure that the following requirements are met:

SAS/CONNECT and SAS/SHARE Network Security

Encryption is the process of transforming plaintext into a less readable form (called ciphertext) by using a mathematical process. The ciphertext is translated back to plaintext for anyone who can supply the appropriate key, which is necessary for decrypting (or unlocking) the ciphertext.

SAS/CONNECT and SAS/SHARE support the SASproprietary network security service in the OpenVMS operating environment. SASproprietary is a fixed encoding algorithm that is included with Base SAS software and is available in all SAS supported operating environments. It requires no additional SAS product licenses.

For complete details about setting up and using an encryption service, see Encryption in SAS. After an encryption service is set up in your environment, you set a SAS encryption option that is appropriate to the encryption service and to the requirements of the client or the server session.

SAS/CONNECT Options Only

TCPMSGLEN n

defines the size of the buffer (in bytes) that the TCP/IP access method uses for breaking up a message that it sends to or receives from the SAS/CONNECT application layer during a SAS/CONNECT session. The application layer uses a message size that is stored in the TBUFSIZE option (default 32768) that you can specify in the SIGNON statement or as a SAS option. For details, see the TBUFSIZE= system option in the SAS/CONNECT User's Guide.

If TBUFSIZE is larger than TCPMSGLEN, the TCP/IP access method breaks the message into a buffer whose size is defined by TCPMSGLEN and issues the number of send and receive messages that are necessary to complete the message transaction.

The value for TCPMSGLEN (default 32768) must be set at both the client and server. If the values that are set for TCPMSGLEN at the client and at the server are different, the smaller value of the two is used during the SAS/CONNECT session.

Example: 

TCPMSGLEN:==65536
TCPPORTFIRST=port-number (set at the server)
TCPPORTLAST=port-number (set at the server)

restrict the range of TCP/IP ports that clients can use to remotely access servers.

Within the range of 0 through 32767, assign a beginning value to TCPPORTFIRST and an ending value to TCPPORTLAST. To restrict the range of ports to only one port, set the values for TCPPORTFIRST and TCPPORTLAST to the same number. Consult with your network administrator for advice about setting these values.

At the server, you can set TCPPORTFIRST and TCPPORTLAST in a SAS start-up command or in the configuration file.

In the following example, the server is restricted to the TCP/IP ports 4020 through 4050: 

/tcpportfirst=4020;
/tcpportlast=4050;
TCPTN3270

supports connections to z/OS servers that use the full-screen 3270 Telnet protocol. The script file TCPTS032.SCR is provided. See SAS/CONNECT Sign-on Scripts for TCP/IP under OpenVMS for a complete list of sign-on scripts.

Note:   You must use the environment variable form to set TCPTN3270.  [cautionend]

To set the TCPTN3270 variable, enter the following command at the client: 

TCPTN3270:==1

If you do not set this variable, the TCP/IP access method uses the Telnet line-mode protocol by default.

SAS/SHARE Options Only

TCPSEC:==_SECURE_ (set at the server)

specifies whether the TCP/IP access method verifies user access authority before allowing clients to access the server. The TCPSEC option must be set at the server before the server session is started.

_SECURE_

requires that the TCP/IP access method verify the authority of clients that attempt to access the server. Each client must supply a user ID and a password that are valid at the server.

Example: 

TCPSEC:==_SECURE_

If you do not set this variable, the TCP/IP access method does NOT verify the authority of clients that attempt to access the server.

Previous Page | Next Page | Top of Page

Copyright © 2008 by SAS Institute Inc., Cary, NC, USA. All rights reserved.