BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Jerry_M
Fluorite | Level 6

All SAS server tiers (Metadata, Compute, Middle Tier) will be on one box, with no separate nodes.


SAS provided pre-install checklist has nearly 100 port exceptions "required". However, Network Security Team does not see justification for client access to all ports. They are questioning since everything will be on one box, all ports would be internally available to SAS Server. Therefore, only a handful of ports need client initiated access.


I tend to agree, but I've never deployed an all-on-one box. In my experience, whenever you deviate it gets tricky. Especially if SAS expects certain ports open to work. Based on this, I'm thinking the only ports that require client access would be:
     7980 SAS Web Server HTTP Port
     8343 SAS Web Server HTTPS Port
     8561 SAS Metadata Server
     7080 SAS Environment Manager Dashboard Port (HTTP)
     7443 SAS Environment Manager Dashboard Secure Port (HTTPS)


The rest are only needed internal to SAS Server and would be available to SAS since a single box. Therefore no need for firewall exceptions for clients. I want to make sure I'm not missing anything or anyone with scenario could shed light?


Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Jerry_M
Fluorite | Level 6

Thanks for your response @SASKiwi.

I thought I had found exactly what I needed with SAS documentation "Single-Machine Deployment of SAS® 9.4 Enterprise BI Server". But its only for Windows, not Unix. 😞


Meanwhile, my colleague received some good info back from SAS Tech Support, so I thought I would share here as well.

Since we are also using client applications (in addition to web apps) we also need the following ports opened:
     -SAS Workspace Server port (default 8591)
     -Object Spawner portbank ports (8581, 8801, 8811, 8821)
     -Pooled Workspace Server port (8701)
     -Stored Process Server ports (8601, 8611, 8621, 8631)


These combined with my original list should take care of things. Still not 100% clear if Multicast Address should come into play either.  Had to pull info from several resources as well as SAS Docs. Hopefully SAS will either add Unix info to their existing Single-Machine doc or create another one for Unix.

View solution in original post

3 REPLIES 3
SASKiwi
PROC Star

Any connections from SAS to external databases will also require a port rule. The port number will depend on the SAS/ACCESS products you have and the database products you use. Also don't forget to add a port rule if you are sending email from SAS - usually port 25.

 

The ports you use also depend on the SAS products you have. For example if you have SAS/CONNECT or the LSF scheduler these require additional ports.

Jerry_M
Fluorite | Level 6

Thanks for your response @SASKiwi.

I thought I had found exactly what I needed with SAS documentation "Single-Machine Deployment of SAS® 9.4 Enterprise BI Server". But its only for Windows, not Unix. 😞


Meanwhile, my colleague received some good info back from SAS Tech Support, so I thought I would share here as well.

Since we are also using client applications (in addition to web apps) we also need the following ports opened:
     -SAS Workspace Server port (default 8591)
     -Object Spawner portbank ports (8581, 8801, 8811, 8821)
     -Pooled Workspace Server port (8701)
     -Stored Process Server ports (8601, 8611, 8621, 8631)


These combined with my original list should take care of things. Still not 100% clear if Multicast Address should come into play either.  Had to pull info from several resources as well as SAS Docs. Hopefully SAS will either add Unix info to their existing Single-Machine doc or create another one for Unix.

JuanS_OCS
Amethyst | Level 16

Hello @Jerry_M,

 

the list provider by SAS pre-requisites and the one you find, is OK. In the check list, you will see some ranges, considered for Levs from 0 to 9, but this is also explained in that document. And the ones required by clients. If you have just one lev, just consider the numbers for that Lev.

 

And not much different between Windows and Linux, regarding port numbers.

 

The main and probably only difference is that ports below 1024 are restricted to root in Linux, hence default for 80 is 7980 and default for 443 is 8443, but all can be overwritten if you have a proper Linux system admin behind you, to listen on port 80 or 443.

 

Yes, you will need connection also to your SAS metadata, your SAS Servers (Workspace, Pooled, STP...), to Scheduling Server, to the Web Server, Environment Manager, your databases if any connection direct from client, and any other third party service you might have (such it could be LSF or Hadoop).

 

 

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1522 views
  • 6 likes
  • 3 in conversation