Understanding TLS Authentication for SPD Server :: SAS® Scalable Performance Data Server 5.3: Administrator's Guide

TLS authentication can be configured at two levels. At a minimum, TLS specifies that the client should perform server authentication by verifying the server’s certificate. This basic configuration is achieved by identifying the location of the certificates and the TLS public key and private key on the server with TLS options. Client authentication, which specifies that the server should also verify the client’s certificate, can also be configured, but it is optional.

For SPD Server, the server authentication options affect socket connections for the SPDSSERV process and the SPDSBASE user proxy. The SPDSSERV process authenticates the user ID and password specified in the SPD Server LIBNAME statement. The SPDSBASE user proxy plans and executes SAS DATA step requests made through the SASSPDS LIBNAME engine.

The client authentication options affect socket communications made from the SASSPDS LIBNAME engine to an SPDSBASE process, or communication from one SPDSBASE process to another SPDSBASE process. These processes plan and execute SQL queries made using implicit and explicit pass-through to SPD Server. For more information about SPDSBASE processes, see Managing SPDSBASE Processes.

To ensure secure sockets communication for all requests, configure both server and client authentication options.