options set=GRIDHOST="grid001.example.com" set=GRIDINSTALLLOC="/opt/TKGrid"; options metaserver="server.example.com" metaport=8561; 1 options metauser=sasdemo metapass="secret"; libname hdfs sashdat path="/hps" signer= "https://server.example.com/SASLASRAuthorization"; 2 data hdfs.heart(replace=yes); 3 set sashelp.heart; run; proc lasr create port=10010 signer="https://server.example.com/SASLASRAuthorization"; 4 performance nodes=all; run; proc lasr add data=hdfs.heart signer= "https://server.example.com/SASLASRAuthorization" 5 signerfilepolicy noclass port=10010 verbose; run; libname example sasiola tag="hps" signer="https://server.example.com/SASLASRAuthorization"; proc imstat signer="https://server.example.com/SASLASRAuthorization"; table example.heart; save fullpath path="/hps/heart2" signerfilepolicy replace; 6 run;
1 | The metadata-related options enable the SAS session to communicate with the SAS Metadata Server and to read encryption settings that are stored in metadata. |
2 | The SIGNER= option is used so that the engine can determine the metadata settings that are associated with a library. This enables the engine to exchange keys with the metadata server for decrypting tables as they are read. The library encryption settings also determine when an in-memory table should be encrypted as it is saved as a SASHDAT file. |
3 | If
a SASHDAT engine
library is registered in metadata that specifies encryption settings
for a Hadoop server on host grid001.example.com (the GRIDHOST environment
variable) and directory /hps (the PATH=
option), then the Heart table is read from Sashelp and written to /hps/heart.sashdat in
encrypted form.
|
4 | In a metadata environment, a server must be started with the SIGNER= option. |
5 | The
encrypted /hps/heart.sashdat file is
decrypted and loaded to memory by the server.
|
6 | Because
the /hps directory that is associated with the Hadoop server is associated
with encryption settings in SAS metadata (the same circumstance as
item 3), the /hps/heart2.sashdat file
is created with encryption.
|
options set=GRIDHOST="grid001.example.com" set=GRIDINSTALLLOC="/opt/TKGrid"; libname hdfs sashdat path="/hps"; data hdfs.heart(replace=yes encrypt=aes encryptkey="secret"); set sashelp.heart; run; proc lasr create port=10010; performance nodes=all; run; proc lasr add data=hdfs.heart encryptkey="secret" noclass port=10010 verbose; run; libname example sasiola tag="hps"; proc imstat; table example.heart; save fullpath path="/hps/heart2" encryptkey="moresecret" replace; run;