cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
five
Obsidian | Level 7 five
Obsidian | Level 7

Multi-tier Environemnt Firewall Port Exceptions

Posted 02-13-2019 03:27 PM (683 views)

I have searched and had various helpful posts and instruction manuals, but nothing concrete, so I just thought I would ask the community.

 

We have been running our multi-tier environment for a few years now, wide open (no firewall). We now must implement a firewall, per company security. Our sas installer has been hesitant to assist in this endeavor. We are running Oracle 6.8, if that helps or matters. Our environment structure will be listed below in the outline and our proposed method.

 

Tools that people are using: VA, SMC, EG, Text Miner, SAS DI Studio, SAS Studio, Environment Manager, Document Conversion Server.

 

Global rules:

  • All outbound will be open.
  • Between the 7 sas servers, all ports and protocols will be open.
  • Ping is open to a specific server (network monitoring server)
  • Loopback is enabled
  • Port 22 is open for SSH

SAS client tools port rules:

 

Web:
7980 # SAS Web Server HTTP Port
8343 # SAS Web Server HTTPS Port
7080 # Environment Manager HTTP
7443 # Environment Manager HTTPS

 

Meta:
8561 # Management Console
8591 # Enterprise Guide

 

Compute:
8701 # pooled workspace server port
8591 # Enterprise Guide
8601, 8611, 8621, 8631 # stored process server port
5308 # idk what this one is used for, but installer did mention it

 

VA:
8701 # pooled workspace server port

 

VA worker 1-3:
Nothing SAS specific has been opened

At first I was concerned about ldap and odbc database connections, but then realized they would be covered under outgoing. So is there anything else that I may have missed or need to open. Or does this path forward appear to be good?

0 Likes
Reply
1 REPLY 1
SASKiwi
PROC Star SASKiwi
PROC Star

Re: Multi-tier Environemnt Firewall Port Exceptions

Posted 02-13-2019 05:11 PM (674 views)  |   In reply to five

ODBC connections are two-way. If by outbound you mean the server which initiates the connection then you should be OK. Where I work all ports need an explicit exception, both inbound and outbound, and in-flight traffic needs to be encrypted as well.

 

Enterprise Guide requires an 8561 metadata connection just like Management Console.

0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎02-13-2019 03:27 PM
  • 684 views
  • 0 likes
  • 2 in conversation