Configuring the Analytics Environment for SASHDAT Encryption

In release 2.94, the SAS High-Performance Analytics environment supports reading and writing files using AES encryption with 256-bit keys. (This feature is very similar to the AES encryption provided by the SAS BASE Engine.)
Note: For U.S. export purposes, SAS designates each product based on the encryption algorithms and the product’s functional capability. The ability to encrypt SASHDAT files is available to most commercial and government users inside and outside the U.S. However, some countries (for example, Russia, China, and France) have import restrictions on products that contain encryption, and the U.S. prohibits the export of encryption software to specific embargoed or restricted destinations.
To enable the SAS High-Performance Analytics environment to read and write SASHDAT using encryption, follow these steps:
  1. The software that is needed for the SAS High-Performance Analytics environment is available from within the SAS Software Depot that was created by the site depot administrator: depot-installation-location/standalone_installs/SAS_High-Performance_Encryption_Installation/3_6/Linux_for_x64.
  2. Copy TKGrid_SEC_x86_64.sh to the /tmp directory of the root node of the cluster.
  3. Log on to the machine that is the root node of the cluster or the data appliance with a user account that has the necessary permissions.
  4. Change directories to the desired installation location, such as /opt.
  5. Run the TKGrid_SEC_x86_64 shell script in this directory.
  6. Respond to the prompts from the shell script:
    Configuration Prompts for the TKGrid_SEC_x86_64 Shell Script
    Shared install or replicate to each node? (Y=SHARED/n=replicated)
    If you are installing to a local drive on each node, then specify n and press Enter to indicate that this is a replicated installation. If you are installing to a drive that is shared across all the nodes (for example, NFS), then specify Y and press Enter.
  7. If you selected a replicated installation at the first prompt, you are now prompted to choose the technique for distributing the contents to the appliance nodes: 
    The install can now copy this directory to all the machines
listed in 'filename' using scp, skipping the first entry.
Perform copy? 
(YES/no)
    Press Enter if you want the installation program to perform the replication. Enter no if you are distributing the contents of the installation directory by some other technique.
    Note: The contents of TKGrid_SEC must be distributed to every machine in the analytics cluster.
    The shell script creates a lib2 subdirectory and a file named VERSION2.
    Tip
    If you are using Hadoop as your data provider, make sure that you follow the steps described for your distribution of Hadoop in Modifying Co-Located Hadoop .
  8. To validate your analytics environment, proceed to Validating the Analytics Environment Deployment.
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: June 19, 2017