Server Encryption :: SAS(R) Federation Server 4.1: Administrator's Guide

Introduction

SAS Federation Server supports two methods of encryption strength: SAS Proprietary Encryption and DataFlux Secure.

SAS Proprietary Encryption

SAS Proprietary Encryption is a fixed encoding algorithm that is included with SAS Federation Server. It requires no additional product licenses and is the default encryption method if DataFlux Secure is not installed. The SAS Proprietary Encryption algorithm is strong enough to protect your data from casual viewing. SAS Proprietary Encryption provides a medium level of security. SAS/SECURE and SSL provide a high level of security.

DataFlux Secure

Overview

DataFlux Secure is an add-on product that provides industry encryption capabilities in addition to the SAS Proprietary Encryption algorithm. DataFlux Secure requires additional licensing and it must be installed on each server that will use encryption. DataFlux Secure provides encryption of data in transit. It does not provide authentication or authorization capabilities.

The AES – 256-bit keys encryption algorithm is used by SAS Proprietary Encryption and DataFlux Secure.

Specifying the Encryption Method

SAS Proprietary Encryption (SASProprietary) is the default encryption for SAS Federation Server. You can also decide how much data is encrypted in communication between a client and SAS Federation Server. This is specified by setting the CLIENTENCRYPTIONLEVEL using the ObjectServerParms option in dfs_serv.xml. See the SAS Federation Server Configuration Reference for more information on this option.

Password Encryption

SAS Federation Server provides a utility to encrypt user passwords from plain-text format. The method of encryption depends on the encryption method in use for SAS Federation Server. See Utilities for SAS Federation Server for additional information about password encryption.