Читать книгу SAS Administration from the Ground Up - Anja Fischer - Страница 8
ОглавлениеChapter 3: Administration Tools
The SAS Jedi: SAS Management Console
SAS Management Console Connection Profiles
Working in SAS Management Console
SAS Environment Manager
Monitoring your SAS Environment
Best Practices for Monitoring
Users, Groups and SAS Environment Manager
Administration Menu
SAS Management Console or SAS Environment Manager?
SAS Deployment Manager
Update Passwords
Rebuild Web Applications / Deploy Web Applications
Remove Existing Configuration
Renew SAS Software and Update SID File in Metadata
Manage SAS File Types
Update Host Name Reference
Apply Hot Fixes
Update Existing Configuration
Change Passphrase
Locale Setup manager
Uninstalling SAS Software
SAS Web Administration Console
Summary
Introduction
Now that you have the SAS architecture under your belt, you do need some administration tools to support your SAS deployment. In this chapter, I would like to share with you the how to use the four SAS administration tools, namely the SAS Management Console, SAS Environment Manager, SAS Deployment Manager and SAS Web Administration Console. SAS Management Console is a desktop client that provides you with control for your SAS deployment to create, manage and administer metadata, such as users, groups and roles, libraries, and more. SAS Environment Manager is a web client which can also be used to create, manage and administer metadata. In addition, it is a great monitoring and reporting tool for your SAS environment. It is a great tool for checking on the health of your environment. You can use the SAS Deployment Manager to manage your environment in such a way that it enables you to – for example – update your license file, add or remove products, backup, and so on. With the SAS Web Administration Console, you can monitor which users are logged on to SAS web applications, view audit reports of logon and logoff activities, manage web-layer authorization, and more.
Why did I choose to write a chapter about SAS admin tools where we have an abundance of documentation available, covering it all? Well, I believe that every newbie needs a sense of direction, info about the value a certain SAS tool provides, and to understand the purpose of the different SAS admin tool available to you. Enjoy the fact that there is one chapter covering the SAS tools that you need versus having to read through all the documentation. In the Appendix for this chapter, you will find some good supporting resources.
Let’s get started.
The SAS Jedi: SAS Management Console
Introduction
SAS Management Console is an admin desktop client – which, as the name suggests, is a client that is for admins, and should not be installed on users’ machines (except, of course, if they handle certain admin tasks). SAS Management Console enables you to create metadata and manage your SAS environment. As it is a desktop client, it requires that every admin has it installed.
| Note: Please consider carefully whether a user needs to have SAS Management Console installed. Always keep in mind that using SAS Management Console provides access to all your assets, such as users, groups, libraries, security, and so forth.If a user has some admin tasks, for example, creating certain libraries, then make sure you have the appropriate permissions in place to protect the rest of your SAS metadata. |
SAS Management Console consists of plug-ins, each of which has a different task. You have a User Manager plug-in to create users, groups and roles, a Library Manager to create libraries and register tables, and so forth.
The SAS Management Console plug-ins are:
Table 3.1 SAS Management Console plug-ins
| Plug-in Name | Plug-in Description |
| Authorization Manager | Define and maintain access rules to control how users and groups can access metadata definitions. |
| BI Lineage | Identify connections between BI objects in the SAS Folders tree. |
| Configuration Manager | View and modify configuration attributes for SAS applications including SAS Information Delivery Portal, SAS Web Report Studio, SAS Financial Management, and SAS Strategic Performance Management. |
| Data Library Manager | Create and maintain definitions for SAS libraries and database schemas. |
| Foundation Services Manager | View and modify deployment configurations for infrastructure and extension services that are used by applications such as SAS Information Delivery Portal, SAS BI Dashboard, and SAS Web Report Studio |
| Map Service Manager | Create and maintain map service definitions that link cubes to Esri ArcGIS map services so that Esri Geographic Information System (GIS) spatial map information can be accessed and returned by an OLAP server when the cubes are queried. |
| Metadata Manager | Perform administration tasks related to the SAS Metadata Server, including the following:stop, pause, resume, or reset the metadata servercheck the status of the metadata server and the metadata repositoriescreate and manage metadata repositoriesback up or restore your metadata repositoriesanalyze and repair metadata |
| Publishing Framework | Create and maintain definitions for channels, package subscribers, group subscribers, and event subscribers. |
| Schedule Manager | Create and maintain schedules for running jobs that are created in SAS Data Integration Studio and SAS Web Report Studio. |
| Server Manager | Perform administration tasks related to SAS servers, including the following:check the status of servers and validate them to ensure that they are configured correctlystop, pause, quiesce, resume, or refresh the SAS object spawner or the SAS/CONNECT spawner, and stop, pause, resume, or quiesce a process on a SAS OLAP Server, SAS Workspace Server, or SAS Stored Process Serverconnect to the metadata server, to components of SAS Application Servers, to the SAS object spawner, or to the SAS/CONNECT spawner to perform monitoring activities |
| User Manager | Create and maintain definitions for users, groups, and roles. |
SAS Management Console Connection Profiles
Let’s start with logging on to SAS Management Console. You might be thinking, “why would she cover something so easy? a piece of cake”. Well, in my experience, many SAS administrators do, in fact, struggle when it comes to the login profile. So, let’s take a closer look at it.
When SAS Management Console is started, your first interaction point is a profile that is used to log on: as shown in Figure 3.1.
Figure 3.1: Connection Profile
The connection profile is named SASAdmin. The SASAdmin connection profile is automatically created for you when SAS is installed and configured. You can create new connection profiles, or, share one connection profile amongst several admins. If all the admins in your team share the same administrative responsibilities, then it might make sense to use this one profile. If you do have different profiles, there are ways to deny and grant access to certain functionalities. If this is a singular situation (you are the only admin), in addition to using that profile, send a note to your manager that you need more admins.
If you want to create new profiles, choose the top radio button Create a new connection profile. (See Figure 3.1.) Here, I am simply editing the default SASAdmin profile to show you what it includes. On the same profile, click Edit. The next screenshot shows the actual connection information that you must enter.
Figure 3.2: Connection Information
The connection profile includes just that: connection information to the metadata server.
Connection information:
As you manage and administer metadata with SAS Management Console, and, as you know, metadata objects are stored in the metadata’s repository, connection information to the metadata server is needed.
Machine: The machine name of the metadata server machine.
Port: The default metadata server port is 8561. If you chose another one during the installation of SAS, use that one.
User ID: The default user ID SAS assigned to the default SASAdmin profile is the SAS internal administrator user sasadm@saspw. This is an unrestricted user who can do everything in metadata, despite any permissions that are set up. It’s the user who stands above all. As a best practice, do not share the sasadm@saspw user and password with users/admins who are not supposed to be unrestricted. Consider it a special account with lots of admin power. Limitless access – that is why it’s called unrestricted. Whether it makes sense to create different profiles is up to you and really depends on your needs.
Authentication Domain: The authentication domain shows as InternalAuth as sasadm@saspw is an internal user ID. We will cover authentication domains in Chapter 4, when we’ll talk about users and groups.
Save user ID and password: You can choose to save the password and user ID. If you don’t check this box, you will be prompted for a user ID and password every time you log on to SAS Management Console.
You can choose to use single sign-on. Integrated Windows Authentication does not work for SAS internal accounts.
What if you are running in a development, test, production, environment? How does that work? In cases where you have more than one metadata server instance, you will have profiles for each metadata server. Depending on whether the metadata servers run on the same machine or on different machines, the port changes and would have to be 8562 for a Lev2, 8563 for a Lev3, and so on.
Going off track a little here: Using different ports and configuration names (Levn) is necessary so that SAS understands that there are more than one metadata server.
Troubleshooting Connection Profiles: Common Problems and Troubleshooting Tips
What could go wrong with the profile? Why would the logon fail? There are cases where the attempt to log on to SAS Management Console might fail, throwing out one of these annoying error messages … probably first thing in the morning, before you have the chance to sip on your first cup of coffee. But, don’t worry, there are easy fixes! The list below gives the error message (“E”) followed by its troubleshooting tips (“T”).
E: The application could not log on to the server “machine name:8561”. The User ID “userid” or the password is incorrect.
T: As the error states, something’s up with your user ID or your password. If it is saved in the profile, edit the profile and make sure it is the correct one.
E: The user “userid” is not authorized to read metadata on server “machine”
T: A reason could be that the user who is trying to log on, is not properly registered in metadata. That would be a case for the User Manager plug-in. You can verify by going to the User Manager, making sure that the user actually has a metadata identity, and if yes, the account associated with this metadata user is correct.
E: The application could not log on to the server <Server name>. The user ID “sasadm@saspw” or the password is incorrect.
T: This error can occur when you tried to log on to SAS Management Console for the third time, using the wrong password for the SAS internal admin account sasadm@sapw. Follow the instructions as described below from the SAS Security Administration Guide, available at: http://go.documentation.sas.com/?docsetId=mcsecug&docsetTarget=p1hxt5txo0hoapn13wllie213sbm.htm&docsetVersion=9.4&locale=en
By policy, three consecutive failed attempts to log on with an internal account locks that account for one hour. To immediately unlock a locked internal account:
● In User Manager, select the user whose internal account is locked. Right-click and select Properties.
● Select the Accounts tab. In the confirmation message box, click Yes.
E: The application could not log on to the server “machine name:8561”. No server is available at that port on that machine.
T: This error is most likely the result of the metadata server not being started. Check the metadata server service and make sure the server is running. If the metadata server is running, make sure there is no typographical error in the server name, that the port is correct and that no firewall is blocking access to the server’s port.
On Windows:
Go to the Services and verify that the metadata server is running. If not, start it. The metadata server is named
SAS [Config-Lev1] SASMeta - Metadata Server
where “Config” is the name of the configuration directory that you created when SAS was installed. (See chapter 2 for information on configuration directories.)
In my environment, my configuration path is \sasva\Lev1, my service shows as:
SAS [sasva-Lev1] SASMeta - Metadata Server.
If you prefer to use batch files on Windows versus working with the Services menu, open a DOS command and change the path to SAS-config-dir/Lev1/SASMeta/MetadataServer
Then run: MetadataServer.bat status
You will see the following output:
Service_Name: SAS - [Config-Lev1] SASMeta - Metadata Server
TYPE : 10 WIN32_OWN_Process
STATE : 4 RUNNING
Note: the TYPE might look different, depending on what OS you are running.
The STATE should show RUNNING.
If it doesn’t show RUNNING, start it with MetadataServer.bat start
On UNIX:
You can use the following command to check whether the metadata server is running. Go to SAS-config-dir/Lev1/SASMeta/MetadataServer and enter ./sas.servers status
If your metadata server is running, you’ll see:
server-name server-instance (process-ID) is running
If it is not running, you can start it by entering ./sas.servers start
No matter what operating system you are running, if the metadata server cannot be started and there is no easy fix for it, it is best to contact SAS Technical Support.
Working in SAS Management Console
Once you have successfully logged on, you are ready to work with SAS Management Console. As you can see in Figure 3.3, there are different tabs: Plug-ins, Folders and Search.
Figure 3.3: SAS Management Console Interface:
Plug-ins
The Plug-ins enable you to create metadata content, such as users and groups, libraries etc.
I would like to say a few things about the User Manager, Library Manager and Server Manager. Some other plug-ins will be discussed later in this chapter as well.
User Manager
As the name suggests, you use the User Manager to administer and maintain your SAS users and groups and roles. We will discuss the User Manager in more detail in Chapter 4, Users and Groups, but for now, the SAS identity that you create in SAS can be operating system users or users that come from an external third-party provider, such as LDAP/AD.
User IDs are used for making access distinctions and track user activity. Eventually, you will want to know who is making requests. It is best practice to create a SAS identity corresponding to the external account for each person who uses the SAS environment.
You can create users interactively, or programmatically.
If you are using LDAP/AD, the SAS bulk load macros can be used to import the users and groups into SAS. The link to the SAS documentation can found in the Appendix.
| Tip: SAS admin newbies often ask why they should create users in metadata anyhow, when they already have users on the OS/LDAP. In order to use your SAS environment to its fullest, in order to have control of the “who is doing what in SAS”, in order to use SAS security to make sure your SAS environment is locked down appropriately, you must create users in metadata or else, SAS doesn’t have anything to report on, to lock down, etc. It is a best practice to build a user and group structure in metadata to – later on – be able to use all the features SAS provides. |
Server Manager
Remember when we discussed the SAS servers in Chapter 2, SAS Architecture? These SAS servers are defined in metadata. Using the Server Manager plug-in, you can manage the SAS servers’ definitions and define and edit information about server locations and connections.
Under Server Manager, expand SASMeta, expand SASMeta – Logical Server. If you look to the right, you will see that some of the tabs such as Clients – are grayed out, as shown in the following figure:
Now, going back to the left side, do a right-click on SASMeta – Metadata Server, Connect. As you can now see on the right side, the tabs become now active, as shown in the following figure:
By connecting to the metadata server, it enables you to monitor the activity of the metadata server. It shows:
Currently connected clients
Sessions that are active, inactive or terminated
Performance counters
Logging messages, at the level that you specify
| Tip: Expand the Logical server for the workspace server, stored process server, pooled workspace server, object spawner, connect spawner – all application servers that – in one way or another – start a connection. Then on the right side, highlight the Connection: server_name and do a right-click. A window will appear, offering you a Test Connection. This is a good way to test whether your servers are working correctly, should you ever get into a situation where you must check if a SAS server might be the culprit of a problem. |
Library Manager
Libraries are used to register data, so your users can work with it within metadata using SAS clients, such as SAS Enterprise Guide or SAS Studio, as one example. If you do not create libraries and don’t register tables, you cannot monitor and report on any user activity, data usage, resources consumed, user processes etc. You can create libraries for different data sources, such as data sets, DBMS (Database Management System) such as Oracle and more.
If you create users and groups in metadata, and you want to set up permissions later on, you need something to actually secure – that is, metadata objects including your libraries. If you don’t create libraries in metadata, you can manage access to data through the OS only. With metadata, you can decide which data in an OS folder you want to register. This will make sure you are using the full potential of your SAS environment. We will cover the Library Manager and library and data concepts more in depth in Chapter 5.
When we speak about libraries, SAS Folders come into play, which brings us to the next tab in SAS Management Console, the Folders tab.
The Folders
The SAS folders are used to store all the SAS metadata objects you and your users create, such as projects created with SAS Enterprise Guide or SAS Enterprise Miner, reports, and stored processes, just all the metadata objects you and your users create.
Folders are provided for individual users, for shared data, for system use, and for specific SAS products. The Folders tab also enables you to export and import metadata (aka Promotion). In the Appendix you will find more information on SAS Folders.
Figure 3.4 is just one example of objects that can be stored in the SAS Folders.
Figure 3.4: SAS Folder Example:
| Important: Renaming, deleting, or moving of the folders System, Products, Shared Data or Users Folders and their contents can cause your SAS clients to malfunction. |
When interacting with folders, be sure to follow the best practices that are provided in the SAS 9.4 System Administration Guide.
Best Practices for Managing SAS Folders
Use personal folders for personal content and use shared folders for content that multiple users need to view.By default, users cannot view other users’ personal folders. Therefore, personal folders should be used for content that needs to be viewed and used only by the owning user. If the content needs to be viewed or used by other users, then it should be placed under the Shared Data folder or in a new folder structure that you create under SAS Folders.To ensure secure and efficient sharing of content, the system administrator should create a folder structure for shared data that meets the needs of the organization. The appropriate permissions can then be assigned to each folder.
Use folders, instead of custom repositories, to organize content.In most cases, folders are the preferred method for organizing content. Custom repositories should be created only when there is an overriding reason to physically segregate repository data sets.
It is recommended that you not delete or rename the User Folders folder, even if you have permission to do so.If you have a reason to delete or rename the User Folders folder, then you must change the metadata repository configuration to reflect the change.
Do not delete or rename the home folder or personal folder (My Folder) of an active user, even if you have permission to do so.As a best practice, do not rename an active user’s home folder or personal folder. If you do so, a new (empty) personal folder will be created the next time the user refreshes or logs on to an application that requires the folder. In addition, the contents of the renamed folder will not be visible to the user.If you delete an active user’s home folder or personal folder, the user will lose any existing personal content, and a new (empty) personal folder will be created the next time the user refreshes or logs on to an application that requires the folder.
Do not delete or rename the Products or System folders or their subfolders, even if you have permission to do so.Deleting or renaming the Products or System folders or their subfolders could cause erroneous or unexpected behavior in client applications or solutions.
Use caution when renaming the Shared Data folder.Renaming the Shared Data folder can affect associations and references to objects that are stored in this folder or its subfolders.
We will talk more about the SAS folders in Chapter 5.
| Note: The Folders in SAS Management Console have nothing to do with operating system folders. The operating systems cannot see, nor understand, the folders in SAS Management Console. Same if you look at it the other way around. SAS Folders don’t know about the Operating System folders. These two are totally independent. You can create a SAS folder structure based on what you set up on the OS though. |
The Search tab
The third tab on the SAS Management Console is the Search tab:
Which is, well, self-explanatory. You can search for objects in your metadata. Check out Using Search for details and examples: Go to the menu, Help, Help on Search.
SAS Management Console Debugging
SAS Management Console writes a log file per default, which is called SASMCErrorLog.txt. The log file can be found at these locations:
Windows:
C:\Users\your-user-ID\AppData\Roaming\SAS\SASManagementConsole\9.x\ , or, depending on the Windows flavor you are running, at C:\Documents and Settings\user-ID\Application Data\SAS\SASManagementConsole\9.x\ or, C:\Users\sas\AppData\Roaming\SAS\SASManagementConsole\9.4
UNIX and Linux:~user’s-home-dir/SAS/SASManagementConsole/9.x/
If you did not accept the default during the SAS configuration, make sure you look for the right folder name.
If the default logging information does not suffice for troubleshooting, you can enable debugging. To do so, follow these steps:
1 On Windows, go to C:\Program Files\SAS\SASManagementConsole\9.x.; on Unix/Linux, go to SASHOME/SASManagementConsole/9.x
2 Edit the file sasmc.ini
3 Look for the entry MainClass=com.sas.console.visuals.MainConsole
4 Add the following at the end of that line: -debug –serverlogThe entry should now look like: MainClass=com.sas.console.visuals.MainConsole -debug –serverlog
5 Open SAS Management Console and then close it.
The now created log file includes more detailed logging information. Should the log be empty, or, does not include any hints for the issue, contact SAS Technical Support for further troubleshooting.
Redirecting Local Files
If you want your SAS Management Console files (log files, application default files, and connection profiles) on the server rather than on your local client, you can redirect the files by following these steps:
1. Close SAS Management Console on the local host.
2. Create the path and directory for the client files on the server.
3. Edit the file sasmc.ini and add the following Java argument:
JavaArgs_xx=-Dsas.appdatapath=”new_path”
xx is the next available Java argument number, and new_path is a fully qualified path to the new directory.
4. The changes take effect when SAS Management Console is started.
Here is an example of a redirection path. Let’s assume my machine name is Anja171. The path I would create on the server would be something like:
JavaArgs_xx=-Dsas.appdatapath=”\\server\SASMCclientFiles\Anja171”
The machine name at the end makes sense because if all admins, or users using SAS Management Console, write their files to the server, you want to make sure that everyone has their own dedicated folder, to make sure the files won’t overwrite each other.
Why would you want to redirect SAS Management Console files?
