We are a secure research shop, looking to use SAS Enterprise on our local desktops, which reside on a semi-public intranet, and use it to connect to our servers which reside in a higher security zone. What firewall ports / protocols would be necessary for communicating through the firewall between the intranet and the server security zone?
Also, is there any installation documentation that would come in handy when configuring such as system?
Security issues tend to be very site-specific and dependent on both the network environment and security configuration. It is therefore very difficult to offer help without knowing any details of this.
My suggestion is you do all SAS installation and configuration inside the secure part of the network. Get a laptop with SAS/EG installed and working again in the high security area. Then take the laptop outside of the secure area to test. That way if it doesn't work it is not a SAS install problem, but to do with moving the laptop out of the secure area. Good luck!
SASKiwi is correct that there are plenty of security nuances to consider.
However, consider this: SAS offers a SAS OnDemand for Academics offering, where subscribers use their local install of SAS EG to connect to a SAS environment hosted by SAS, over the Internet. I often offer this as proof that such a thing can be done successfully.
Believe me, our own IT security team made sure that was an Okay Thing To Do.
SAS EG talks to SAS via TCP using ports that you designate in your configuration. At a minimum, the ports you have to allow on a firewall are:
- one for the SAS Metadata Server (by default, 8561 -- but you may change it)
- one for launching a SAS Workspace -the object spawner listener (by default, 8591 - but you may change it).
If you need access to Stored Process servers, additional ports may be necessary. Same for OLAP servers.
You can also use SAS/Secure to encrypt all communications between the SAS EG client and the SAS servers.