Running SAS Deployment Wizard on UNIX with a Nonroot User Account and IBM WebSphere Application Server

Similar documents
Using Virtualization Environments to Support Migration to SAS 9.2

Upgrading IBM WebSphere Application Server Version 6.1 to Version 7.0 for SAS 9.3

SAS Financial Management 5.3: Installation and Configuration Guide

SAS Contextual Analysis 14.3: Administrator s Guide

README. SAS Download Manager. Overview. Using the SAS Download Manager

Firefox 3.6 or later. Safari (419.3) or later

Installing Content Server with IBM WebSphere Application Server

SAS Decision Manager 2.2

Time Series Studio 13.1

SAS Activity-Based Management Server Software 6.1 for Windows

WebSphere Migration Workshop Learn about the installation tools: IBM Installation Manager and Profile Management Tool (PMT)

Addressing the Java Deserialization Vulnerability for SAS Software

Time Series Studio 12.3

C IBM. IBM WebSphere App Server Network Deployment V8.0- Core Admin

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on WebSphere Application Server

SAS Forecast Server 3.1. Administrator s Guide to Installation and Configuration

SAS Drug Development 3.3_03. December 14, 2007

As you learned in Chapter 1, the architectural variations you can construct using

SAS Contextual Analysis 13.2: Administrator s Guide

Container-based Authentication for MDM- ActiveVOS in WebSphere

SAS Web Infrastructure Kit 1.0. Overview

Scheduling in SAS 9.4, Second Edition

New System Management Components in WebSphere Application Server V7

Configuring SAML-based Single Sign-on for Informatica Web Applications

IBM A Assessment- IBM WebSphere Appl Server ND V8.0, Core Admin.

Installation Instructions for Release 5.1 of the SAS Performance Management Solutions

Installation Instructions for Release 5.2 of the SAS Performance Management Solutions

High availability deployment scenario for WebSphere Information Integrator Content Edition

AUTHORIZED DOCUMENTATION. Using ZENworks with Novell Service Desk Novell Service Desk February 03,

Installation Instructions for SAS Activity-Based Management 6.2

SAS Integration Technologies Server Administrator s Guide

HP-UX for the Itanium Processor Family Architecture. 215 MB Approx

WebSphere Application Server V7: Administration Consoles and Commands

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Installation Cookbook: DB2, WebSphere MQ, and WebSphere Cluster

SAS Studio 3.4: Administrator s Guide, Second Edition

High Availability & Fault Tolerance of the Deployment Manager using NFS on Linux

SAS. Installation Guide Fifth Edition Intelligence Platform

TECHNICAL PAPER USING VERSION 9.2 OF THE SAS BUSINESS INTELLIGENCE PLATFORM TO ASSIGN UNIQUE SAS APPLICATION SERVERS TO SAS WEB ANALYTICS

ControlPoint. Installation Guide for SharePoint August 23,

SAS Model Manager 13.1

SAS Enterprise Case Management 2.1. Administrator s Guide

Windows Server 2008 R2 64-bit (x64) SP1. The SAS Workspace Servers can run on any platform that is supported by SAS 9.4 (TS1M3 or TS1M4).

Installing a CoreStreet Responder

Administering SAS Enterprise Guide 4.2

SAS Inventory Optimization 5.1

The SAS Workspace Servers can run on any platform that is supported by SAS 9.3.

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Provisioning Systems and Other Ways to Share the Wealth of SAS Across a Network Jason Losh and Michael King, SAS Institute Inc.

SAS AIX. Please Read Before Beginning Installation

Credit Risk Management for Banking 4.2 Post-Installation Tasks SAS

Road map for a Typical installation of IBM Tivoli Monitoring, Version 5.1.0

Red Hat Decision Manager 7.0

Privileged Identity App Launcher and Session Recording

Creating Domain Templates Using the Domain Template Builder 11g Release 1 (10.3.6)

Technical Paper. Implementing a SAS 9.3 Enterprise BI Server Deployment in Microsoft Windows Operating Environments

Inside WebSphere Application Server

Scheduling in SAS 9.2

SAS Model Manager 15.1: Quick Start Tutorial

Perceptive Content Licensing

DataFlux Web Studio 2.5. Installation and Configuration Guide

Installing Portal Server in a cluster environment

Client Installation and User's Guide

Enabling SAML Authentication in an Informatica 10.2.x Domain

SAS Web Infrastructure Kit 1.0. Administrator s Guide

Lotus IBM WebShere Portal 6 Deployment and Administration.

MySQL Database Server Installation Guide for SAS Financial Management 5.3 SAS Human Capital Management 5.21 and SAS Strategy Management 5.

SAS Business Rules Manager 3.1: Administrator s Guide

File Properties and Permissions

SAS IT Resource Management 3.3

SAS 9.2 Foundation Services. Administrator s Guide

Deploying Lookout with IBM MaaS360

SAS Forecast Analyst Workbench 5.1

IBM i Version 7.2. Connecting to your system Connecting to Your system with IBM Navigator for i IBM

Configuration Migration for WebSphere Application Server

WHAT IS THE CONFIGURATION TROUBLESHOOTER?

Perceptive Process Mining

SAS Enterprise Guide 4.3

SAS Model Manager 2.3

Configuring ILMT/TAD4d security to use Active Directory.

SAS 9.2 Intelligence Platform. Web Application Administration Guide, Third Edition

Migrating vrealize Automation 6.2 to 7.2

IBM. Planning and Installation. IBM Workload Scheduler. Version 9 Release 4

Hands-Off SAS Administration Using Batch Tools to Make Your Life Easier

Deploying Code42 CrashPlan with Jamf Pro. Technical Paper Jamf Pro 9.0 or Later 21 January 2019

Microsoft Windows Server 2003 or Microsoft Windows Server 2008 Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2007

SAS Enterprise Case Management 2.2. Administrator s Guide

AppScaler SSO Active Directory Guide

from the source host, use the FTP put command to copy a file from the source host to the target host.

SAS Viya 3.3 Administration: Auditing

Client Installation and User's Guide

WA2031 WebSphere Application Server 8.0 Administration on Windows. Student Labs. Web Age Solutions Inc. Copyright 2012 Web Age Solutions Inc.

Perceptive Reflect. Installation and Setup Guide. Version: 2.3.x

Websphere Server 8.5 Best Practices Oracle FLEXCUBE Universal Banking Release [December] [2016]

SAS 9.4 Foundation Services: Administrator s Guide

... HTTP load balancing for Oracle s JD Edwards EnterpriseOne HTML servers using WebSphere Application Server Express Edition

TM1 9.5 Quick Installation and Upgrade Guide. Nature of Document: Tip or Technique Product(s): TM1 9.5 Area of Interest: Upgrade/Migration

SAS. Information Map Studio 3.1: Creating Your First Information Map

JDMS - A Java Based Alternative to Motif DMS Windows Susanna Wallenberger, Janice Replogle, SAS Institute Inc., Cary NC

SAS Report Viewer 8.2 Documentation

Transcription:

Configuration Guide Running SAS Deployment Wizard on UNIX with a Nonroot User Account and IBM WebSphere Application Server Below are the two types of user accounts that play an important role in installing, configuring, and administering SAS with IBM WebSphere Application Server. You need one or more UNIX user accounts for these tasks: Install WebSphere Application Server. Run SAS Deployment Wizard to install SAS. Run SAS Deployment Wizard to configure SAS and WebSphere Application Server. Perform subsequent administration of SAS and WebSphere Application Server. You can use an optional WebSphere Application Server administrative user account for these tasks: Log on to the IBM WebSphere Integrated Solutions Console (known as the administrative console) if you have enabled WebSphere Application Server administrative security. Perform command line WebSphere Application Server administration. UNIX user accounts are the most important consideration in this deployment scenario because they are given user and group ownership of any files and directories that are created when SAS and WebSphere Application Server are installed and configured. You need the WebSphere Application Server administrative user account only if you enable WebSphere Application Server administrative security. WebSphere Application Server administrative security does not affect user and group ownership of files and directories when you install and configure SAS or WebSphere Application Server. As a result, the UNIX user account and WebSphere Application Server administrative user account can be different user accounts because they represent different types of security. When you install WebSphere Application Server 6.1 on UNIX, IBM recommends that you use the root user account. Otherwise, WebSphere Application Server Secure Sockets Layer (SSL) components are not installed. IBM discusses this limitation in Limitations of nonroot installers. SAS customers who decide to use SSL after installing WebSphere Application Server with a nonroot UNIX user account need to reinstall WebSphere Application Server. As a result of using the root user account for the installation, the root user account owns all WebSphere Application Server files and directories. An additional step is required on UNIX after the root user account has installed WebSphere Application Server so that a nonroot user account can administer SAS and WebSphere Application Server. This step configures some WebSphere Application Server directories to permit write privilege for a UNIX group. Permitting group write privilege lets a SAS customer run SAS 1

Deployment Wizard as a nonroot user account and create the WebSphere Application Server profiles for the SAS Web applications. The nonroot user account that runs SAS Deployment Wizard owns the files that SAS Deployment Wizard creates. To preserve user and group ownership of the files, log on to UNIX with the same nonroot user account to perform administration of the WebSphere Application Server profiles that SAS Deployment Wizard created. You can then enable WebSphere Application Server administrative security. This lets only WebSphere Application Server administrators update the profiles that SAS Deployment Wizard created. It provides WebSphere Application Server administrative security, which is different from the file and directory security that is associated with UNIX user accounts. This step establishes a WebSphere Application Server administrative user account for logging on to the administrative console. This administrative user account can be different from the nonroot user account that owns SAS and the WebSphere Application Server profiles. Stage 1: Allowing Creation of Nonroot WebSphere Profiles These instructions are based on the IBM Information Center article Granting write permission of files and directories to a nonroot user for profile creation. They make it possible for you to use the same nonroot user account to administer SAS and WebSphere Application Server regardless of whether WebSphere Application Server administrative security is enabled. If you enable WebSphere Application Server administrative security by performing Stages 2 and 3, you need to log on to the administrative console and to UNIX to administer WebSphere Application Server. You must complete these instructions after installing WebSphere Application Server 6.1 with the root user account but before running SAS Deployment Wizard. 1. Use UNIX commands to create a group for UNIX user accounts that you can use to administer WebSphere Application Server. Assign user accounts to the group. Follow the instructions in the IBM Information Center article, which provides sample commands. The user account that you use to run SAS Deployment Wizard must be in this group of administrative user accounts because only that user account owns the WebSphere Application Server profile directories that SAS Deployment Wizard creates. 2. Use UNIX commands to grant read and write group permissions to some WebSphere Application Server files and directories. Refer to the IBM Information Center article for specific commands. 3. Below are additional commands that you need. APP_SERVER_ROOT represents the location where WebSphere Application Server is installed. a. Add additional group permissions: Note: If the directories in the following commands do not exist, then you can create them and perform the chgrp and chmod commands, or you can skip this step. The SAS Deployment Wizard creates any of these directories that do not exist. chgrp profilers APP_SERVER_ROOT/profiles/ chmod g+wr APP_SERVER_ROOT/profiles/ chgrp profilers APP_SERVER_ROOT/properties/ chmod g+wr APP_SERVER_ROOT/properties/ 2

chgrp profilers APP_SERVER_ROOT/properties/profileRegistry.xml chmod g+wr APP_SERVER_ROOT/properties/profileRegistry.xml chgrp profilers APP_SERVER_ROOT/properties/fsdb/ chmod g+wr APP_SERVER_ROOT/properties/fsdb/ chgrp profilers APP_SERVER_ROOT/properties/fsdb/_was_profile_default/ chmod g+wr APP_SERVER_ROOT/properties/fsdb/_was_profile_default/ chgrp profilers APP_SERVER_ROOT/logs/ chmod g+wr APP_SERVER_ROOT/logs/ chgrp profilers APP_SERVER_ROOT/logs/manageprofiles/ chmod g+wr APP_SERVER_ROOT/logs/manageprofiles/ b. If the following lock file exists, make sure that it is deleted: rm APP_SERVER_ROOT/properties/profileRegistry.xml_LOCK c. If the following log files exist, make sure that they are deleted: rm rf APP_SERVER_ROOT/logs/manageprofiles/SASDmgr01/* rmdir APP_SERVER_ROOT/logs/manageprofiles/SASDmgr01 rm rf APP_SERVER_ROOT/logs/manageprofiles/SASAppSrv01/* rmdir APP_SERVER_ROOT/logs/manageprofiles/SASAppSrv01 4. Every session where a member of the WebSphere Application Server administrative group is currently logged on must log off before you can continue. Not logging off and on again after setting the above group permissions can result in permission errors occurring during WebSphere Application Server configuration steps in SAS Deployment Wizard that are difficult to diagnose. This happens because the current session permissions are then out of sync with the group permissions that you set. 5. You can now either run SAS Deployment Wizard with a UNIX user account that is a member of the WebSphere Application Server administrative group and not enable WebSphere Application Server administrative security, or you can perform Stage 2 to enable WebSphere Application Server administrative security. In either case, only the user and group of the UNIX user account that is used to run SAS Deployment Wizard will own the WebSphere Application Server profile files and directories that SAS Deployment Wizard created. 3

Stage 2: Enabling WebSphere Application Server Administrative Security This optional procedure describes how to enable WebSphere Application Server administrative security in the administrative console and when you run SAS Deployment Wizard. Before you enable WebSphere Application Server administrative security in SAS Deployment Wizard, you must enable it in the administrative console. Log on as root and follow these steps: 1. A WebSphere Application Server profile is required so that you can configure WebSphere Application Server for administrative security before running SAS Deployment Wizard. If WebSphere Application Server was installed without profiles, you can create one by running the following manageprofiles command. This example shows the very important naming convention of using the dmgr name to construct both the node and cell names. APP_SERVER_ROOT represents the WebSphere Application Server install location. a. Temporarily change the group for the root user account to profilers and set the umask so that members of the profilers group can modify files: # newgrp profilers # umask 002 b. Run the manageprofiles.sh command to create the SAS Deployment Manager profile: APP_SERVER_ROOT/bin/manageprofiles.sh create profilename SASDmgr01 -profilepath APP_SERVER_ROOT/profiles/SASDmgr01 templatepath APP_SERVER_ROOT/profileTemplates/cell/dmgr -nodename SASDmgr01Node cellname SASDmgr01Cell defaultports -isdefault This command creates a WebSphere Application Server profile named SASDmgr01. 2. Use this command to start WebSphere Application Server: APP_SERVER_ROOT/bin/startManager.sh profilename SASDmgr01 3. Open a Web browser and log on to the administrative console: http://localhost:9060/ibm/console 4. Select Security > Secure administration, applications, and infrastructure. 5. Use the Security Configuration Wizard to configure WebSphere Application Server security. a. Follow the WebSphere Application Server administrative security documentation. b. Deselect the Enable application security check box and enable the Java 2 security check box. c. The WebSphere Application Server administrative user account that you choose is not required to have the same name as the UNIX user account that you configured in Stage 1. d. Make sure that the WebSphere Application Server administrative password is at least eight characters long. This length is required; SAS Deployment Wizard does not allow shorter passwords. This is true whether you provide an administrative user account and password that WebSphere Application Server maintains or configure WebSphere Application Server 4

administrative security to use an operating system user account as your administrative user account. 6. Apply and save the changes you made to the WebSphere Application Server security configuration, and then log off the administrative console. 7. While you are still logged on to UNIX as root, use these commands to stop and start the IBM WebSphere Application Server Network Deployment with Deployment Manager: APP_SERVER_ROOT/bin/stopManager.sh profilename SASDmgr01 APP_SERVER_ROOT/bin/startManager.sh profilename SASDmgr01 8. Log on to the administrative console. You should be prompted for the WebSphere Application Server administrative user account and password that you provided in the security configuration. This confirms that you configured WebSphere Application Server security as intended. 9. Log off the administrative console and stop WebSphere Application Server. Stage 3: Running the SAS Deployment Wizard Follow these steps to run SAS Deployment Wizard: 1. Log on with a nonroot UNIX user account that meets these criteria: The account must be a member of the administrative group that you created in Stage 1. The administrative group is the user account s primary group, or use the newgrp command to set the primary administrative group temporarily. This is the user account that you will use to run SAS Deployment Wizard and to set user and group ownership of the WebSphere Application Server profiles that SAS Deployment Wizard creates for SAS. 2. SAS Deployment Wizard provides a series of prompts for configuration information. These pages are related to your WebSphere Application Server configuration. a. On the Web Application Server: Administrative Security page, select the Administrative Security is Enabled check box. b. On the External Account: Web Application Server Administrator page, provide the WebSphere Application Server administrative user account and password that you configured in Stage 2. Summary After completing Stage 1 and successfully running SAS Deployment Wizard, you should be able to administer the SAS applications that are deployed on WebSphere by logging on to UNIX with the same nonroot user account that was used to run SAS Deployment Wizard. Because Stage 1 steps did not enable WebSphere administrative security, your administrative console sessions are not password protected. However, if you performed Stages 1 through 3, you have configured a WebSphere administrative user account and password and also a nonroot UNIX user account for administering SAS and WebSphere. 5

Recommended Reading These URLs are current as of December 2008. IBM Corporation, 2007: Granting writer permission of files and directories to a nonroot user for profile creation. IBM Information Center. Available at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/i nfo/ae/ae/tpro_nonrootpro.html. IBM Corporation, 2007: Limitations of nonroot installers. IBM Information Center. Available at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/i nfo/ae/ae/cins_nonroot.html. SAS and all other SAS Institute product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. Other brand and product names are registered trademarks or trademarks of their respective companies. indicates USA registration. Copyright 2009 SAS Institute Inc., Cary, NC, USA. All rights reserved. 6 May 26, 2009

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback