Paul Homes blogging on SASĀ® platform administration topics
As a (certified) SAS platform administrator I often get asked how best to prepare for the SAS Certified Platform Administrator 9 exam.
I don’t have a magic formula other than study and experience. My standard response is to direct people to the best place I know where you can find out more: that’s the SAS support page specifically about exam preparation.
From my own experience I’d recommend the following steps:
When testing Integrated Windows Authentication (IWA) based client connections to SAS® platform servers, it is well worth checking the SAS logs to verify the connections are being made the way you expect. SAS has a variety of methods up it’s sleeve to get you authenticated, including cached credentials, retrieving stored credentials from metadata, SAS token authentication etc. Looking in the SAS server logs will help you identify the connection/authentication events and methods used. In the past I’ve thought I was using IWA+Kerberos but when I looked in the log it was obvious I wasn’t! I think it’s essential when testing/troubleshooting a new IWA configuration to review the SAS server logs for both failed and successful connections.
In a previous post “SAS and IWA: Two Hops” I mentioned how sometimes it’s necessary to force the use of Kerberos with IWA to be able to make IWA delegated connections to secondary servers. So here’s some examples of what we might see in SAS server logs Continue reading “SAS & IWA: Check the Logs”
It’s PlatformAdmin.com’s 2nd birthday this week!
The past 2 years have gone very quickly I must say. I set out with a goal of writing a least 1 post every month. Not very ambitious I know, but realistic for me nonetheless! I’ve never been much of a writer. I’ve always been impressed by people who appear to write so well, and even more so by those that have the stamina and skill to author and publish a book. Maths, Science & Computers have always been my thing ever since way back in school and I have generally avoided writing unless I had to. I do remember reading a blog post by Joel Spolsky a while back where he said that “Writing is a muscle. The more you write, the more you’ll be able to write.” It sounded pretty reasonable to me. As a training course instructor I’ve always found that one of the great benefits of teaching was that I necessarily had to learn much more of the details for whatever I was teaching. I’ve found that the same appears to be true about writing publicly accessible blog posts. The fear of being asked tough questions or being challenged on topics turns into the pleasure of learning more!
Well, I’m pleased to say that Continue reading “Second Birthday”
My last post was about configuring additional Service Principal Names (SPNs) in Active Directory to support the use of Integrated Windows Authentication (IWA) in a SAS® platform installation that uses host name aliases in preference to physical host names.
When working on a SAS & IWA setup like this, I’d start by reviewing the currently registered SPNs for all of the SAS servers involved (as well as any other servers that might be accessed from a SAS server using IWA). This gives an idea of what SPNs might have already been added, which ones still need to be added, and potentially which ones might need to be removed.
This is the command I use Continue reading “SAS & IWA: Reviewing SPNs”
I’m quite keen on using host name aliases, rather than their physical host names, when referring to machines in SAS® platform installations. It does however mean a little extra configuration is required when using Integrated Windows Authentication. That is what this post is about: configuring Active Directory with additional Service Principal Names (SPNs) based on the aliases.
Host name aliases have several benefits over using physical host names. They can be easier to remember (e.g. sasmeta v.s. p106547). They can be easily redirected from primary environments to disaster recovery environments (e.g. sasmeta from p106547 to d106547) with no client reconfiguration requirements. They also allow host machines to be readily renamed if/when required with little or no changes to SAS configuration files, programs and/or metadata.
Whilst they have obvious benefits, Continue reading “SAS & IWA: Host Name Aliases and SPNs”