Solved: Re: How to prevent the use of a SEG version

zazaazazaza · Posted 06-13-2019 09:53 AM

Hi,

we migrated from 9.2 to 9.4. We kept the same port for the metadata server. It means that users can still use the version 4.3 of Enterprise Guide to connect to SAS 9.4. Is there a way to prevent them to use this version and to force them to use the 7.1 version.

Thanks for your help.

Regards.

Philippe

SimonDawson · Posted 06-15-2019 08:49 PM

There are a few ways I can think off the top of my head to skin this cat.

I'd say you can detect users using old clients by reading the metadata server log. The appname includes the version number if I recall. You could combine the metadata log with metadata about people in a job to email them to prompt them to upgrade their software.

You might script adding them into a group that hides your application server contexts if you detect old version of the software. Then grant access back when you see the newer version. This would work but it would not be good from a user experience point of view. Users will just all of a sudden have no access to run code anymore with no explanation.

Another mechanism would be through your Active Directory infrastructure. It should be fairly simple to use group policy to find workstations with older software on it.

Another sneaky approach would be to upgrade all their projects (backing them up first obviously). Once you migrate a project to a newer version they can't be opened in the older clients. This might work as a quite effective strategy to get people off the older version.

Curious to hear others thoughts about how they might tackle this.

View solution in original post

SimonDawson · Posted 06-15-2019 08:49 PM

There are a few ways I can think off the top of my head to skin this cat.

I'd say you can detect users using old clients by reading the metadata server log. The appname includes the version number if I recall. You could combine the metadata log with metadata about people in a job to email them to prompt them to upgrade their software.

You might script adding them into a group that hides your application server contexts if you detect old version of the software. Then grant access back when you see the newer version. This would work but it would not be good from a user experience point of view. Users will just all of a sudden have no access to run code anymore with no explanation.

Another mechanism would be through your Active Directory infrastructure. It should be fairly simple to use group policy to find workstations with older software on it.

Another sneaky approach would be to upgrade all their projects (backing them up first obviously). Once you migrate a project to a newer version they can't be opened in the older clients. This might work as a quite effective strategy to get people off the older version.

Curious to hear others thoughts about how they might tackle this.

zazaazazaza · Posted 06-17-2019 03:28 AM

Hi Simon and thank you for your prosposals.

I really like the first one but I can't find the version of SEG in the metadata server log.

Here is an extract of the log : the version is not in the appname.

2019-06-17T09:21:42,946 INFO [03394860] :ET20579 - New client connection (196810) accepted from server port 8561 for user ET20579. Encryption level is Credentials using encryption algorithm SASPROPRIETARY. Peer IP address and port are [10.203.133.197]:61449.
2019-06-17T09:21:42,946 INFO [03394860] :ET20579 - Request made to cluster SASMeta - Logical Metadata Server (A5N9E47B.AU000001).
2019-06-17T09:21:42,946 INFO [03394860] :ET20579 - Redirect client in cluster SASMeta - Logical Metadata Server (A5N9E47B.AU000001) to server SASMeta - Metadata Server (A5N9E47B.AV000001) at x.x.x.x:8561.
2019-06-17T09:21:51,195 INFO [03394890] :ET20579 - New client connection (196987) accepted from server port 8561 for SAS token user ET20579. Encryption level is Credentials using encryption algorithm SASPROPRIETARY. Peer IP address and port are [x.x.x.x]:64617 for APPNAME=SAS Workspace Server.
2019-06-17T09:21:51,195 INFO [03394890] :ET20579 - Request made to cluster SASMeta - Logical Metadata Server (A5N9E47B.AU000001).
2019-06-17T09:21:51,195 INFO [03394890] :ET20579 - Redirect client in cluster SASMeta - Logical Metadata Server (A5N9E47B.AU000001) to server SASMeta - Metadata Server (A5N9E47B.AV000001) at x.x.x.x:8561.

SimonDawson · Posted 06-17-2019 06:27 AM

Sorry mate, I've sent you up the garden path there. I was sure the APPNAME included the version number. Looks like it doesn't include the version number.

This is from my server.
2019-06-17T14:08:20,594 INFO [06491954] :SimonDawson - New client connection (945458) accepted from server port 8561 for user SimonDawson. Encryption level is Everything using encryption algorithm AES. Peer IP address and port are [::ffff:10.0.0.10]:50939 for APPNAME=SAS Enterprise Guide.

Unless someone else can think of something clever I'd say you are going to need to use the desktop configuration management tools available to you through Active Directory or whatever tooling your desktop admins have to do this sort of recon.

zazaazazaza · Posted 06-17-2019 10:14 AM

It's OK Simon. I will use contact the deskops admin.

Thanks again.

SASKiwi · Posted 06-18-2019 03:21 AM

A brute force method would be to upgrade all SAS users to Windows 10. I don't think EG 4.3 runs on Windows 10.

zazaazazaza · Posted 06-18-2019 03:23 AM

That's brutal indeed