IT Administrator: How it Works

The Integration Technologies Administrator allows a user with administration privileges to create, modify, and delete objects on an LDAP server. The objects that the administrator can manage are grouped into five categories:

Publish Framework: Publish channels and subscribers, including subscriber groups
SAS Configuration: SAS servers, spawners, and SAS logins
SAS Archiving: Archives and archive paths
Applications: Stored SAS processes and stored process paths
SAS Data Sources: Identifiers for SAS libraries, tables, and columns, which can then be used by clients

To better understand the objects that the Administrator creates as well as the relationships between the objects, let's look at the structure of the LDAP directory.

LDAP Overview

The Lightweight Directory Access Protocol (LDAP) was created to help manage network data such as users, resources, and security from a central location.

Conceptually, an LDAP server maintains a hierarchy of objects. An object is made up of name/value pairs called attributes. An object is based on a class, which defines which attributes are required for the object, and which are optional. The set of defined classes and their attributes is called the Directory Schema.

The layout of the classes is called the Directory Information Tree (DIT). Beginning from the top of the tree, the path to each class in the tree is called its distinguished name. Each distinguished name in the tree is unique. Distinguished names are defined from the lower element up to the root, which is typically a country (c), followed by an organization (o).

In the tree below, the root of the tree is o=SAS Institute, c=US.

The distinguished name for the ABC Toys entry is cn=ABC Toys, o=SAS Institute, c=US.

c=US
  o=SAS Institute (the base)
    cn=ABC Toys
      cn=SAS
         sascomponent=sasPublishSubscribe
           cn=saschannels
           cn=sassubscribers 
         sascomponent=sasServer
           cn=sasservers
           cn=sasspawners
           cn=saslogins
         sascomponent=Archiving
           cn=sasarchivepaths

The cn= entries under the sascomponent= entries are the objects that the Administrator defines. Under the cn=sassubscribers entry will be a number of sassubscribercn objects, each of which defines a specific SAS subscriber or subscriber group. Likewise, a number of sasservercn objects will be defined under the cn=sasservers entry, each defining a specific SAS server. For example:

Publish Framework objects

Selecting Publish Framework in the Integration Technologies Administrator gives you access to the LDAP definitions for

channels (saschannelcn objects)
subscribers (sassubscribercn objects)

Channels

The channel definition lets you specify a channel, which is a conduit for sending information from a publisher to all users subscribed to the channel. In addition to specifying descriptive information (such as name, description, and subject), you can also add subscribers to the channel. The subscribers you add must have entries in the LDAP directory.

You can create archive paths underneath a channel definition for use by that channel. The definitions for archive path and any archives contained in the path are displayed under the channel in the tree. See SAS Archiving objects for more information.

Subscribers

The subscriber definition lets you specify information for a subscriber, which is any recipient of information published to a channel. Each subscriber definition must point back to a person reference in the LDAP directory. In addition to identifying the person reference for the subscriber, you can also specify a number of options for the subscriber, including where the user receives information, what format to use when sending information, and what filers to apply to the the information.

SAS Configuration objects

Selecting SAS Configuration in the Administrator lets you create and modify LDAP definitions for

servers
spawners
SAS logins

Creation of server and spawner definitions is automated through the Integration Technologies Server Wizard. The Wizard guides you through the process of defining a COM/DCOM or IOM Bridge server and spawner, if one is required.

Server definitions are grouped according to their purpose under a series of logical names. For example, you could use a logical name of Payroll to group all the servers that could be used for payroll operations. Because a single server can be used for more than one purpose, each server definition can be associated with several logical names.

The spawner definitions also use logical names, but their function is to determine which servers the spawner can connect to. When a request is sent to a spawner to start a SAS session on a server, the spawner checks the server definitions to find one that has logical names that are a subset of the spawner's.

For example, if the definition for spawnerABC includes the logical names Payroll, Accounting and Finance, that spawner could start any of these servers:

server1 - logical name Payroll
server2 - logical name Accounting
server3 - logical name Payroll, Finance

However, it could not start this server:

server4 - logical name Inventory

Servers

The Administrator creates the server definitions through the Wizard, then lets you modify the definitions as needed through the properties panel. The server definition includes:

Domain: The server's domain. In order for a spawner to work with the server, the spawner must be defined for the same domain (in addition to having matching logical names).
Protocol: IOM Bridge or COM/DCOM protocols, as well applicable service or port IDs.
Logical name: All logical names under which this server can operate.
Machines: All machines on which the server can run.
Encryption: Client and server algorithms, what content to encrypt
SAS logins: The SAS logins available to start a SAS session.
Commands: The command to start the SAS session on the server.
Maximum workspaces per pool: The maximum number of workspaces that will be available for any workspace pool that is established with the server.

Spawners

When a server definition requires that a spawner also be defined, the Wizard automatically goes through the spawner definition process. As with the server definitions, you can then modify the definitions as needed through the properties panel. The spawner definition includes:

Domain: The spawner's domain. In order for a spawner to work with the server, the spawner must be defined for the same domain (in addition to having matching logical names).
Protocol: IOM Bridge or COM/DCOM protocols, as well applicable service or port IDs.
Logical name: All logical names under which this spawner can operate.
Connection information: Service, port and passwords for master, operator, and UUID connections
Machines: All machines on which the spawner can run.
Encryption: The modules path and key length for encryption
Logging: The path to the log file and whether to use verbose logging
OS/390: The OS/390 logical unit name

SAS Logins

A SAS login may need to be available in order to start a SAS session on a server or to connect to a client. SAS logins are a convenient method for providing the credentials necessary for a spawner to start a SAS session. Each SAS login definition contains a user name, password, and domain, as well as a pointer to the user's person reference entry in the LDAP directory. When a spawner specifies a SAS login when starting a SAS session, it has access to all the information specified in the login definition (and the user's LDAP entry) without having to explicitly provide it. The spawner can create sessions using SAS logins without having to keep track of the specifics of a user's ID and permissions.

SAS logins may be used to provide credentials when creating a client connection. Whether or not SAS logins are required depends on the method calls used to start the server or create the connection. If the method calls request a logical name, SAS logins are required. Otherwise, SAS logins are not required, but if you do not use them, you must track and specify the user credentials manually.

The SAS login definition includes:

Person reference: The person reference entry in the LDAP directory for the user. The person reference entry is created outside of the Administrator application
User: The user ID
Password: The user's password
Domain: The domain on which the user ID is valid.
Logical name: The logical name of the SAS server with which this login is associated (used only with workspace pooling).
Min workspace size: The number of workspaces currently serving or waiting to service a request (used only with workspace pooling).
Min available workspaces: The number of workspaces waiting to service a request (used only with workspace pooling).

SAS Archiving objects

Selecting SAS Archiving in the Administrator lets you create and modify LDAP definitions for archive paths. Archives are stored copies of packages that have been published using SAS Publish and Subscribe. Archive paths and archives are also present in Publish Framework under individual channels. Archive paths created under individual channels are for use by that channel exclusively.

Archive Paths

The archive path contains the location where a server can publish an archive package. The archive path definition includes:

Archive path: The full path name for the location to which archives are to be published.
Logical name: The logical name for the path, used to identify valid publishing paths.

Stored Process objects

Selecting Applications in the Administrator lets you create and modify LDAP definitions for stored processes and stored process paths. A stored process is a SAS program that is saved (in a stored process path) and can be executed at a later time by an Integration Technologies user or application.

Stored Process Paths

The stored process path defines the location where stored processes are kept. The stored process path definition includes:

Stored process path: The full path name for the location where stored processes are kept.
Logical names: All logical names associated with the path.

Stored Processes

The stored process definitions provide information about saved SAS programs. The stored process definition includes:

Description: An identifying description of the process
Stored process value: The name of the stored SAS program
Portal JSP: The Java stored page (JSP) from which a user or application can access the program.
Parameters: Sets of parameters that are passed to the SAS program upon execution

Data Source Objects

Selecting SAS Data Sources in the Manager Bar lets you create and modify LDAP definitions for library, table, and column data source definitions. A data source is a SAS library, table, or column that is identified by an LDAP entry. Client applications can use the LDAP entry to locate the data source and access the information in the source.

Libraries

The library definition contains information to create a SAS LIBREF statement for the library, including the name, libref, path, and options. You can associate one or more logical names with the data source to identify the server on which the library resides.

Tables

The table definition contains information required to identify a SAS table, including the name, the distinguished name of the library containing the table, and any password protections needed for the table. As with the library definition, you can associate a table definition with a logical name to identify the location of the table.

Columns

The table definition contains the information required to identify a column in a table. You must have already identified the parent table as a data source before you can identify a column. The information required for a column definition includes the column name, type, and length, as well as any formats or informats applied to the column.