home-SAS    SAS-SAAS    First steps    Installation    Hardening    Operational    Using    My Notes
Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

Planning SAS installation, First steps


design - prepare

Machines

Generic Design

Information - background

Design Usage
The designed system should be usuable, customers wanting to using it.
Also should it be reliable and trustable.
Design Servers
Understanding the Anatomy of a SAS® Deployment (pdf)   you tube SAS Servers are not machines (physical/virtual) other words: SAS Server context, SAS Server soup.

The designer has to figure out these different usage of the word "servers" at a SAS environment.

Before installing a lot of questions needed to be answered.
Type of hardware? Performane? Security requirements -policies?
Auditing & Monitoring requirements?

Has the SAS admin (see My Notes) the knowledge needed for this?
Has your designer the knowledge needed for all this?
Is the architect aligned with all planning and goals?
blog big data security   blog business versus IT



Generic decision points

The following document describes a lot. Even thinking about: single operating system image or multiple operating system images?

SAS is running a meta data server with in core-database. With this approach a 64-bit OS is a requirement. If you would go with a 32-bit system you will opposed with the 2Gb limit sizing and get it at unwanted moments. supported Operating Systems with SAS

Somewhere you have the business-data stored you want to analyse. Choose an OS that has the lest limitations to reach those data.

Seek for comparisons OS compared wiki Choose one with the lest problems to manage in your situation. Linux IOS Android are look a like s, see: Unix

Choose one you can manage well at a pricing acceptable for you in aspect of Performance. A GRID approach, servers working together, is a good approach in heavy loads. For fall back scenarios a grid environment is the basic idea. See SAS Tuning & design chapter. With 9.x meta data server this is the starting point to design/implement.



Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

Choosing Server type

Physical or Virtual is a matter of disaster & recovery and performance.

And now I have to do a statement that always get discussed:
Windows AD is the most advanced with security and is the best. Unix and Unix versions (apple included) are the most troublesome to security.

MS unix compare     somewhat oudated (1998) but contains relevant information sweden universitys


  Generic Unix
linux logo
Windows Server
Windows logo
Mainframe
Mainframe img
Security There is no fundamental reason to do a security implementation different on these operating systems. Just the way you have to do it is different. It it is the way of implementation of security.

Yes of course it is possible to get a secure environment. But see the security notes at Unix. Windows is the most advanced easy to manage. See the security notes at Windows. Mainframe (Z/OS) is very well. Still central managed and high quality. Just to get all involved machines central managed isn´t possible.
Home Must be manageable. This is where personal settings and also programs and data is stored To be solved by mount-points. The home location can be stressful by other guidelines For home we have the challenge of the requirement of running a personal session.
Within server environments this can be blocked by server administrators
Windows has now mklink options to redirect .
to be solved by Storage management (HSM SMS) of the mainframe.
The classic mainframe home approach is the same as using TSO
SAS Work Must be manageable. The is generic maintained storage to be used during the processing of tasks. To be solved by mount-points. Some more different locations possible in aspect to tuning By default it is part of users home (local temp).
Within server environments this can be blocked by server administrators, needing an other location.
to be solved by Storage management (HSM SMS) of the mainframe.
The classic mainframe home approach has explicitly limitations on sizing on files.
Business Storage Must be manageable by you business. Is solved by mount-points. Is solved by network-shares. Within 2008 (Win7) it look likes coming up the mount points approach.
Never the less no dedicated locations on servers should be used.
to be solved by Storage management (HSM SMS) of the mainframe.
Maintenance
business
should be possible. During migrations you need sometimes other (logical) machines. With Unix this is not commonly implemented. Pvcs from serena is a well known tool With Windows this is not commonly implemented. However when DTAP is recognized shares and security groups will be present.
Eeclipse for java development with (rational) support for life cyclemanagement is in contrary well known and designed.
Mainframe hsitory is full of this DTAP approach. Tools like Endevor from CA SCM exist for a lng time.
Maintenance
middelware
should be possible. During migrations you need sometimes two versions of SAS on one machine. An Unix version is the best to have. It is as simple to copy the software to the designed location Windows is the worst option to have
The thing that bothers is the windows-registry. This is updated with the installation of SAS. When two versions of SAS are on the same machine they will have in no time conflicting requirements
Mainframe is normally maintained in is own mainframe way. This is not the same as the way SAS does (see installing).
Performance It is mostly hardware driven. Tuning to get it well running is mostly requiring more adequate knowledge. A shared also named grid environment is possible if NSF is allowed little possibilities to tune, you should choose a tier design appropriate. As most effort in the market is on this hardware it will be mostly no problem Can be very well tuned as it is designed for high availability multi-user



linux logo

Unix (Server)



papers
Security notes
You have take care in these aspects:
  1. How much you have to do with file- and map attributes (chmod) at your users and support
  2. Normal read/write/execute at owner and group level and the differences at directories versus files must be understood
  3. The Set Group ID (SGID) and Sticky bit at directory level must be understood. These options are needed to get it implemented secured
  4. The usage with dedicated keys to isolate to special functions & functionality is a requirement following the limitations. ACL approach options exist but not standard.
  5. Not able to get it central managed. Need for additional administrators
  6. The Set User ID (SUID) is needed just by the spawners as documented. Must be accepted by security and auditing
  7. Basics of Unix with UID (User IDentification) and GID (Group IDentification) are the numbers (32-bit limit 64K, 64-bit higer?) identifying a group or user. Logical names are not leading, they are just shown if known.
papers
Generic notes future
Many Unix versions exist. The basic principles are almost the same. So you can select one of supported versions. Unix and all look a like (Linux Apple Android) is hobbyistic. What I mean that in contrary to IBM Microsoft & Apple there is no leader in the development/evolution or standardization.

A lot of tools on the market to get something implemented, not standardized by the supplier. The supplier doesn't exist as there are so many of them.

The market development is evolving to the Unix approach. So we have a lot of challenges.




Windows logo

Windows (Server)



papers
Security notes
The AD (Active Directory) approach guarantees a central managed monitored secure environments for all involved machines. This cannot be by-passed in a simple way.

The options with SAS are the most friendly with IWA (Integrated Windows Authentication).
The very advanced design of the security is leading to not easily to understand behavior. Resulting to some requirements with an installation to get running.

As the AD is mostly maintained with an old central organized department is often very to get something realized.
So having this advanced security option is its mostly not possible because of lack of cooperation. In such cases an Unix version is a better option


Windows has now takeown (take ownership) option looking the security to be the same basics as Unix.
papers
Generic notes future
Microsoft is the owner and supplier of Windows.

The security has developed from absent in 1980&s to very advanced with Win-7.
With the strong tools like SQL-server, Office and a better price as most others (apple) Microsoft has good chances to be a leader for liong time.




Mainframe img

Mainframe (Server)



papers
Security notes
A point of concern is that the mainframe approach is considered to be outdated. The environment is not known well anymore. On the other side it one of the best in reliability tuning and performance. In the installation with security some complete different options have to done. As the Mainframe is running an Unix kernel you also get all these issue to be done.
papers
Generic notes Future
IBM is the only one delivering the hardware and the operating system.


Some notes about status IBM mainframe. Gartner 2004     computerworld 2011 z169 moving into combined windows Unix

complex
Mainframe Without integrations technologies
Servers without SAS integration technologies can be accessed (biov) Overview of servers by: SAS/CONNECT servers, which provide computing resources on remote machines where SAS Integration Technologies is not installed

You can use SAS data sets (tables), the default SAS storage format, to store data of any granularity. (biov) Default SAS Storage by: For shared access to SAS tables, you can use SAS/SHARE software, which provides concurrent Update access to SAS files for multiple users

For some years a presentation at global forum is given: "Makes the Mainframe Behave Like a Modern Computer" 061-2012     106-2010     053-2007     065-31    
The keywords phrases are: Eguide using SAS/connect with rsubmit to get Mainframe data to a BI server.

complex
DI Data integration Studio, SAS/Connect - Other Servers
The design of SAS is using SAS/connect at many places. It is a main feature in the environment. etlug, Overview of a Data Integration Environment Is nicely presenting the picture not only local SAS but also SAS/Connect and other servers.
DI environment



Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

Develop Test Production

DTAP lifecycle

Different levels as D,T,A aside P

Levn Subdirectory

Very little about this Subject to be found at SAS. Contents of the Levn Subdirectory (bisag)
DTAP as generic topic to be the foundation able to implement with SAS.


Test management





Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

Sizing Machines , Multi Tier

bi di SAS img
When you have a SAS solution you normally also get SAS BI/DI server.

What you have with SAS BI / DI server is presented in the picture, picture can be enlarged)

If you have al Classic Foundation approach with included "SAS-integration technologies"
it is the same as the metadata server part of BI/DI. Its used mainly for Eguide

If you have al Classic Foundation approach with included "SAS-intrnet"
it is the same as the mid-tier part of BI/DI. The SAS-intrnet approach also looks like using the SP-server

Out of the list of Servers can be chosen to:
  1. place on one(1) logical machine (2-tier), or multiple machines metdataserver segregated, web-server segregated. (3,4-tier)
  2. To set up redundancy of the meta data server (Server Tier, Meta)
    a duplication within a grid solution is possible (starting with 93)

Several types of desktop software

It varies from:
  1. Web-based (right top)
  2. Java based to RMI-server
  3. Java based to meta data server
  4. Windows dedicated
  5. local processing - classic (right bottom)

Several types of Servers

there are:
  1. Server Tier, Meta: Meta data Server ,Log server (left top)
  2. Server Tier, Calc: Workspace, Stored Process, Olap Server and others. Managed by Object Spawner
  3. Mid tier: Web server (with Java container webdav) RMI Server to meta data server
  4. Classic SAS processing between Data-tier and Server-tier. Classic SAS/connect spawner included
  5. Data tier: Database Servers(left side)


SAS SAAS (cloud computing)

IO Storage - networking

De business data must be stored somewhere (IO Storage) an it must be able to be processed (networking). So depending on the business needs, the hardware must be configured

When processing some settings in a personalized key environment must be available (home).
When processing temporary IO storage must be sufficient available and responding well enough (work).
Tuning is an operational process

Memory & CPU´s

The meta data server is running the meta data database in-core. When heavily loaded is should be setup in a dedicated logical machine.

The Mid tier is web-based. It should be easily to connect by a DNS-name. It can be a dedicated logical machine

The Server Tier, part Calculation , is running the business environment. It can share the same meta data server but running on different logical machines with the Object spawner as central point on each of them.

The business needs will result in a load that must be covered. In the installation guideline of each product some starting point can be found.
Tuning is an operational process



Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

Anticipate & Extrapolate

Design with Performance & Tuning in mind

The experiences of the operational life supporting SAS should be taken into account. The design issues relating to performance I have place in separate chapters.
Virtualiaztion has advantages on total hardware usage. Performance shouldn´t be forgotten. complex

Additional notes

geniaal handys

Default SAS Storage

You can use SAS data sets (tables), the default SAS storage format, to store data of any granularity. (biov) Default SAS Storage by: For shared access to SAS tables, you can use SAS/SHARE software, which provides concurrent Update access to SAS files for multiple users


eguide
geniaal handys

The major SAS clients

Your server environment is at no use without clients, the client software. It is possible to run the server part on your desktop, on a virualized desktop it is not really sensible. There are web-clients, but the are limited in fucntionality (see design figures)

The most important cleint these days is Enterpise Guide. There are reference to see this direction, sasegforprogrammers a blog (2009) sas-enterprise-guide-for-sas-programmers 166-2011 proceeding sastraining 2012/01/20

An other important client is the office Addin (SAS AMO). Running SAS from MS-Outlook MS-PowerPoint MS-Word or MS-Excel.

These two clients are closely integrating within the Microsoft environment. Working with these client is very attractive. At the moment of installing however, there are more technical requirements to be solved.



Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom

together

SAS Consultancy


bi-sasp

Proceedings Forums

The proceedings /forums sugi documents contains a lot of architecture information, for example: 374-2011 re-architecting or 341-2009 Centrally managed Service
Cite: Creating the platform for SAS Business Analytics as a centrally managed service requires a carefully planned out architecture for the hardware and software perspectives. However, over time this perpetuates a robust, manageable and efficient set of applications that are easier to manage and faster to deploy yet they remain fault tolerant in relation to each other. This type of architecture is better suited to an enterprise-level deployment in that economies of scale provide much of the cost savings realized.

Some challenges to handle are:



SAS Consultants Checklist (92 Unix approach) I

The customer will make sure that the following requirements and prerequisites are met.
  1. A UNIX server and a Windows workstation (client) are available. This server is dedicated exclusively to running SAS. Both machines meet the system requirements as described in: sysreqs index
  2. Both machines must run an OS that is supported, according to what is published at: sysreqs host The OS on the server needs to be supported for both 9.2 BI Server Tier and 9.2 BI Mid Tier.
  3. The customer needs to fulfill the prerequisites for Pre-Installation Steps for JBoss, WebLogic, and WebSphere Application Servers with SAS® 9.2 that are described in: preinstall appserver
  4. The customer will install the appropriate Java 2 SDK version according to what is described in: JDK third party
  5. The SAS software has been downloaded and placed on the server. This downloaded software is known as the SAS Software Depot.
  6. The SAS Software Depot is accesible from the client, in order to perform the deployment of client components.
  7. The SAS consultant will have access to the root password of the server.
  8. On the server there will be a group called sas. There will be three acounts whose primary group will be sas. These accounts will be:
    sasinst User to perform the installation and configuration of SAS. This user owns the deployed SAS directories and files
    sassrv User for execution of SAS processes that benefit of a load balancing mechanism (Stored Process servers and Pooled Workspace Servers)
    sasdemo User for functional testing of the software
  9. The SAS consultant will have access to the credentials of all of them and will be able to log on with any of them.
  10. The sasinst user is allowed to schedule jobs using the cron scheduler.
  11. The SAS consultant will be able to connect to the server using the sasinst account or the root account. The connection will be done with a graphical terminal using X-Windows, and it will be possible to use a UNIX desktop. The xterm application will be found in the PATH variable. The customer will provide a client computer that will run the X Server software, which will be used to perform the required actions.
  12. There is a computer with Internet connection and the possibility to connect an USB storage device with additional software. The purpose of this is to be able to bring additional pieces of software (third party tools, utilities, custom shell scripts, hotfixes) to the server. The common way to perform this is to have a workstation with connection to Internet and connection to USB storage and upload files (using SFTP, FTP, or SCP) to the server.
  13. There is a Windows workstation available with no SAS software installed. All the generic SAS clients (DI Studio, Enterprise Guide, Management Console, Information Map Studio, OLAP Cube Studio, add-in for Microsoft office) will be deployed to this workstation. Microsoft Office 2007 must be pre-installed on this workstation to be able to to install the add-in for Microsoft Office. There will be a local administrator account available to perform the deployment on the clients.
  14. The customer will make sure that it is easy to create accounts on the server for the different business users that will use SAS. All the accounts need to have the group sas as primary group. All the business users will perform the authentication against the host authentication services of the server. No other authentication mechanism will be used for business users
  15. The server will contain six different areas of storage for the following purposes:
    SAS Software Depot 15 GB;
    SAS Installation Folder 10 GB;
    Configuration Folder 15 GB;
    Web Applications 20 GB;
    Data Size depends on customer data;
    Temporary Data The result of the formula 3 * (# concurrent users) * (size average working set)
    All these areas will be owned by the sasinst account, having sas as group.
  16. The appropriate administrators of the infrastructure will be promptly available to assist in case they are needed.
  17. The following ports are available on the server. From all workstations where SAS clients will be deployed, these ports can be reached:
    SAS/CONNECT Server and Spawner 7551
    SAS/SHARE Server 8551
    SAS Metadata Server 8561
    SAS Object Spawner - Operator Port 8581
    SAS Object Spawner: pooled workspace server port bank 1 8801
    SAS Object Spawner: pooled workspace server port bank 2 8811
    SAS Object Spawner: pooled workspace server port bank 3 8821
    Workspace Server 8591
    SAS Stored Process Server: Bridge connection 8601
    SAS Stored Process Server: load balancing connection 1 (MultiBridge) 8611
    SAS Stored Process Server: load balancing connection 2 (MultiBridge) 8621
    SAS Stored Process Server: load balancing connection 3 (MultiBridge) 8631
    SAS Pooled Workspace Server 8701
    SAS Deployment Tester - Server 10021
    JBoss HTTP Server Port 8080
    JBoss HTTPS Server Port 8443
    JBoss RMI Port 1099
    SAS Remote Services Application 5091

SAS Consultants Checklist (92 Unix approach) II

  • The customer will make sure that the server is recognized by a DNS name in the whole network of the organization. SAS recommends to use a DNS alias for this operation. It has the advantage that changing the server requires less re-configuration on the SAS side, since the alias will remain the same.
  • In the case that there is a connection to a database using a SAS/ACCESS module the following additional requirements apply:
  • SAS will be allowed to change the permissions in any location that is below the areas mentioned earlier:
    1. SAS Software Depot;
    2. SAS Installation Folder;
    3. SAS Configuration Folder;
    4. SAS Web Applications;
    5. SAS Data;
    6. SAS Temporary Data.
    7. SAS actions and deliverables

  • SAS will perform the following actions. All actions and deliverables that are not listed are not included in this deployment service.
    1. Create pre-requisites on the machine.
      • Installation of the appropriate version of JUNIT.
      • Installation of the appropriate version of JBoss.
      • Assignment of proper permissions to different folders.
    2. Deployment of the licensed SAS server components.
      • Integrated Windows Authentication will not be enabled.
      • SAS Internal accounts will be used where appropriate.
      • All web applications will be deployed automatically in a single instance of JBoss.
      • In the case that SAS/ACCESS is part of the software order, the SAS consultant will create a single library definition in the metadata for each SAS/ACCESS type, with a maximum of three libraries. The PC File Server will not be installed.
      • A single SAS environment will be configured.
      • All server components are deployed on a single server.
    3. Deployment of licensed SAS client applications.
      • Installation of the SAS Clients on one Windows workstation.
      • During the deployment all choices that are made are recorded in a response file.
      • Creation of a script that will install silently (with the option of restart the workstation). This script will use the recorded response file. The customer can user this script together with the SAS software depot to deploy the SAS Clients to other workstations.
    4. Functional Test of the configuration.
    5. Functional tests will be performed from the configured workstation to make sure that the server is giving proper functional responses.
    6. Creation of housekeeping scripts for the following activities. These scripts can be scheduled to make sure the housekeeping tasks are executed regularly:
      • Clean the WORK area;
      • Creation of a backup of the metadata to the file system;
      • Cleaning logs.
    7. Documentation of the deployment.
      • At the end of the activities, documentation will be provided that describes the technical details of the deployment. This documented will be structured according to the standards of the SAS TLM department.
    8. Handover of the system.
    9. At the end of the deployment activities, the SAS consultant will run the function tests mentioned earlier together with the customer to demonstrate the correct operation of the software. During this demonstration the consultant will also briefly explain the components of the system and the documentation. The handover will take about one hour. Apart from the handover, no time is reserved for answering questions by the SAS consultant during the deployment.



    believe If you are happy with all these requirements pre-assumptions delegated responsibility to the consultant, open security, let it be.
    If you are not happy with this, read the chapter -hardening installation- part after installing. A secure maintainable installation should start by the design.
    Probably when sensitive information you have no other option then not acccept this approacht as forced by regualations & policies (SOX Basel Solvency).


    modern

    SAS 94

    Announcements Presentations - changes approach


    Changes made public at release moment (documentation)
    The difference with 9.3 is not that big, most is the same. Functional:
    Many to be read at the: "what is new" and "what is different" notes. What is new 9.4 Some remarks: Technical:
    Aside the announced changes like the webserver one, many more of this kind. Some remarks: Other:
    Namings, licensing and Bundling. Some remarks:



    modern

    SAS announcements 12.3

    It is the segregation of base and Statistics modules having introduced different version numbers.
    Altough the version now is STAT 12.3 as released with SAS 9.4 it is the same as STAT 12.1 .

    modern

    SAS announcements 6.3

    It is the segregation of the VA Visual Analytics, focussed on presetation end end user analytics version numbers.
    interesting:



    Generic    Server types    DTAP - Meta Lev    Sizing     Notes release changes       top bottom
    home-SAS    SAS-SAAS    First steps    Installation    Hardening    Operational    Using    My Notes

    © 2012 J.A.Karman (25 feb 2012)