BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
JuanS_OCS
Amethyst | Level 16

Hi all,

 

some questions and considerations about the SAS Environment Manager, from which basically I look for quick answers coming from your experiences.

 

1- Woult it make sense to you to publish SAS EVM on http if the other SAS web applications work under https?

 

2- If SAS Environment Manager is not working, and never worked before: would it make sense to you to un configure (completely) the related components and re-configure/re-deploy again on all the machines of a SAS deployment?

 

3- Any known issue when SSO is configured on the web?

 

4- SAS environment manager has a 1-1 relationship with its own SAS level. Has anyone ever implemented SAS environment manager to monitor and manage more than 1 SAS configuration level at a time? Would this make sense to you, to be able to see and control all your SAS environment from a single view?

I am aware of the option to export alerts/monitors from SAS Environment Manager to a 3rd Party monitoring tool.

 

And an extra question, that it might bring not so quick answers:

- Considerations for deployment more than one SAS level/ SAS Environment Manager agents on the same machines, specially on Grid environments.

 

Thank you all in advance!

 

Best regards,

Juan

1 ACCEPTED SOLUTION

Accepted Solutions
ronan
Lapis Lazuli | Level 10

1. Woult it make sense to you to publish SAS EVM on http if the other SAS web applications work under https?

 

It depends upon your security requirements : generally speaking, securing an end-user to server communication channel like browser <=> Http server is always recommended these days. If your end-users are already  accessing the Http server from a tightly-controlled environment (e g  end-to-enf flow controlled, no internet access, no USB ports etc.) then I suppose, setting up HTTPS for a monitoring/administrative tool would not be so stringent.

 

The trouble with EVM is that it sometimes doesnt fit well with TLS/SSL : for instance, if you install SAS EVM behind a reverse proxy Http server holding the TLS/SSL certificate {browser accessing external UTRL on HTTPS} <=> { http proxy with SSL certificate} <=> {SAS EVM on Http out of the box }  - then you will face troubleshooting ; support for these kind of topology has come only recently and requires some patches :

 

http://support.sas.com/kb/56/688.html

 

Check also with these notes :

 

http://support.sas.com/kb/56/465.html

http://support.sas.com/kb/56/451.html

 

(all notes provided to me by Nicolas from SAS France TS Smiley Wink )

 

2- If SAS Environment Manager is not working, and never worked before: would it make sense to you to un configure (completely) the related components and re-configure/re-deploy again on all the machines of a SAS deployment?

 

I don't think so. SDM Deconfiguration tool (?) can be intrusive and partial, leaving some parameters unchanged in the PostGRE/WIP. I'd try fix it piecemeal and independently as much as I can.

 

3- Any known issue when SSO is configured on the web?

 

Never tried.

 

4- SAS environment manager has a 1-1 relationship with its own SAS level. Has anyone ever implemented SAS environment manager to monitor and manage more than 1 SAS configuration level at a time? Would this make sense to you, to be able to see and control all your SAS environment from a single view?

 

Smart question. Since SAS EVM is provided as one instance for a single installment, I suppose it will require some tweakings to make it work with several platforms - if ever technically feasible which remains to be confirmed. I think this might depend upon your physical/logical SS topology : for instance, if environments are physically ('host') separated then it's going to be painful or impossible, but if you install several environments on the same hardware (Dev + Tst on Machine set A, Prod on set B) logically separated then you might share one EVM instance somehow. On thr other hand, putting together some parts only to have a single EVM instance might look like a strong requirement.

View solution in original post

8 REPLIES 8
GyaniBaba
Obsidian | Level 7

I beleive sas env agents reads deployment files to populate sas env man with all resources in inventory. http is okay for all web apps when you are in your private network, why you want to keep just env manager on http and others at https?

 

monitoring from single portal all your sas configuration is i beleive posible, I will get back to you on this

JuanS_OCS
Amethyst | Level 16

 

Thanks @GyaniBaba

 

The question about http/https is just curiosity of mine. Specially since, if you select https during the installation for SAS EVM, http is still open. You need to follow some post-configurations in order to close it and make work properly the callback URLs.

 

Monitoring from a single portal is one of the question on what I am most interested.

JuanS_OCS
Amethyst | Level 16

Looking forward to discovering what you can find out, @GyaniBaba! 🙂 

ronan
Lapis Lazuli | Level 10

1. Woult it make sense to you to publish SAS EVM on http if the other SAS web applications work under https?

 

It depends upon your security requirements : generally speaking, securing an end-user to server communication channel like browser <=> Http server is always recommended these days. If your end-users are already  accessing the Http server from a tightly-controlled environment (e g  end-to-enf flow controlled, no internet access, no USB ports etc.) then I suppose, setting up HTTPS for a monitoring/administrative tool would not be so stringent.

 

The trouble with EVM is that it sometimes doesnt fit well with TLS/SSL : for instance, if you install SAS EVM behind a reverse proxy Http server holding the TLS/SSL certificate {browser accessing external UTRL on HTTPS} <=> { http proxy with SSL certificate} <=> {SAS EVM on Http out of the box }  - then you will face troubleshooting ; support for these kind of topology has come only recently and requires some patches :

 

http://support.sas.com/kb/56/688.html

 

Check also with these notes :

 

http://support.sas.com/kb/56/465.html

http://support.sas.com/kb/56/451.html

 

(all notes provided to me by Nicolas from SAS France TS Smiley Wink )

 

2- If SAS Environment Manager is not working, and never worked before: would it make sense to you to un configure (completely) the related components and re-configure/re-deploy again on all the machines of a SAS deployment?

 

I don't think so. SDM Deconfiguration tool (?) can be intrusive and partial, leaving some parameters unchanged in the PostGRE/WIP. I'd try fix it piecemeal and independently as much as I can.

 

3- Any known issue when SSO is configured on the web?

 

Never tried.

 

4- SAS environment manager has a 1-1 relationship with its own SAS level. Has anyone ever implemented SAS environment manager to monitor and manage more than 1 SAS configuration level at a time? Would this make sense to you, to be able to see and control all your SAS environment from a single view?

 

Smart question. Since SAS EVM is provided as one instance for a single installment, I suppose it will require some tweakings to make it work with several platforms - if ever technically feasible which remains to be confirmed. I think this might depend upon your physical/logical SS topology : for instance, if environments are physically ('host') separated then it's going to be painful or impossible, but if you install several environments on the same hardware (Dev + Tst on Machine set A, Prod on set B) logically separated then you might share one EVM instance somehow. On thr other hand, putting together some parts only to have a single EVM instance might look like a strong requirement.

JuanS_OCS
Amethyst | Level 16

Thanks a lot @ronan and great answers!

 

I am very glad to read that we share similar impressions and ideas about those deployments which some leave which similar questions.

 

1. HTTPS/SSL:

I faced the latest 2 notes and are part of my most used notes at this moment.

Since M2 there are additions to post-configuration steps that are not part on the Instructions.html, but on the SAS 9.4 Platform Intelligence guide for installations.

 

The first note never had to face it, thanks!

 

2. Deconfigure SAS EVM:

I could guess it, and it is what I was doing to this very moment. I am facing now one installation of SAS EVM which was configured when no SSL or SSO, then SSL, SSO and migration happened. I think I could fix the issues for SSL, but it is not working yet and I have the feeling that there is something really wrong over there. That is why that tricky question, before bothering SAS Technical Support with a hard question.

 

3. SSO:

D*mn it! 🙂

 

4. Different SAS level EVM agents on a single EVM instance:

Indeed, if I think about it, I can see several reasons to not to do it, due to the increasing close relationships: APM/ACM, not the BackupManager, the EVM database, its depencencies with the VA Audit reports and PostgreSQL...

Even if, let's say, I want just the monitoring functionality and no one of the other nice additions, I can hardly see tweaking an option due to the big impact, specially on maintenances or migrations. I might do it on a personal installation to play and test my understanding of the SAS architecture, but probably never on a customer, unless there is a better option that a batch of tweaks.

 

All in all, this is a bit of a grey area to me, but yours was the best answer so far. I will leave the conversation open without solution for a while. If no better answer, I will accept yours as solution because it was great.

ronan
Lapis Lazuli | Level 10
You're welcome !

For point 4., another approach would be to integrate SAS EVM instances into a single Monitoring tool (eg . IBM Tivoli, Nagios) using Events exports :

http://blogs.sas.com/content/sgf/2014/12/17/exporting-events-from-sas-environment-manager/

This allows to build single Dashboards encompassing differents SAS platforms.

A strong caveat : I've only scratched the surface of SAS EVM and cannot claim - at any rate - to have tamed the beast so far. Review and check with the (extensive) documentation released.
JuanS_OCS
Amethyst | Level 16

I know that option but never tried, yet!

Do you know if Exports require to have EVM up and running or only the Agents? Have you tried Exports?

ronan
Lapis Lazuli | Level 10

Neither did I. I suppose the exports requires the EVM to be up and running since Agents are only configured as "slaves" to the central "Master" EVM Server. As Nik from Boemska told me once, EVM is only the SAS via VMWare Proprietary version (a fork) of the Hyperic HQ open source product,

 

http://hyperic-hq.sourceforge.net/

 

 

so maybe - I would't know - there is a workaround to expose the agents/DWR metrics to a third-party application without relying on SAS EVM. I am doubtful.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • 2834 views
  • 4 likes
  • 3 in conversation