SAS Visual Investigator 10.1: Deployment Guide

Similar documents
SAS Visual Investigator on the Cloud: Deployment Guide

SAS Visual Investigator on the Cloud: Deployment Guide

SAS Visual Investigator 10.2 on the Cloud: Deployment Guide

SAS Visual Investigator 10.3 on the Cloud: Deployment Guide

SAS Viya 3.3 for Cloud Foundry: Deployment Guide

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

SAS Viya 3.2 Administration: SAS Infrastructure Data Server

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

Horizon DaaS Platform 6.1 Service Provider Installation - vcloud

Oracle Fusion Middleware

Deploying webmethods Integration Server as Bosh Release

Installing and Configuring vcenter Support Assistant

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Installing Cisco MSE in a VMware Virtual Machine

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

vcloud Director Administrator's Guide vcloud Director 8.10

vcenter CapacityIQ Installation Guide

Using vrealize Operations Tenant App as a Service Provider

vcloud Director Administrator's Guide

Installing and Configuring vcloud Connector

Installing Cisco CMX in a VMware Virtual Machine

Red Hat CloudForms 4.6

SAS Visual Analytics 7.3 for SAS Cloud: Onboarding Guide

Entrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014

VIRTUAL GPU LICENSE SERVER VERSION , , AND 5.1.0

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Citrix SCOM Management Pack 1.4 for ShareFile

StreamSets Control Hub Installation Guide

Proofpoint Threat Response

Storage Manager 2018 R1. Installation Guide

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

Red Hat Quay 2.9 Deploy Red Hat Quay - Basic

Redhat OpenStack 5.0 and PLUMgrid OpenStack Networking Suite 2.0 Installation Hands-on lab guide

NGFW Security Management Center

Migrating vrealize Automation 6.2 to 7.2

Pivotal Cloud Foundry on VMware vsphere using Dell EMC XC Series Hyper-Converged Appliances Deployment Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

SafeConsole On-Prem Install Guide

VMware AirWatch Content Gateway Guide for Linux For Linux

Ansible Tower Quick Setup Guide

VMware vfabric Data Director Installation Guide

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

Server Installation Guide

Edge Device Manager Quick Start Guide. Version R15

VMware Horizon View Deployment

Privileged Identity App Launcher and Session Recording

CA Agile Central Administrator Guide. CA Agile Central On-Premises

VMware vfabric Data Director Installation Guide

IaaS Configuration for Cloud Platforms

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

IaaS Configuration for Cloud Platforms. vrealize Automation 6.2

Version 2.3 User Guide

Quick Setup Guide. NetBrain Integrated Edition 7.0. Distributed Deployment

Dell Storage Integration Tools for VMware

vcenter Chargeback User s Guide

Teradici PCoIP Connection Manager 1.8 and Security Gateway 1.14

Upgrade Instructions. NetBrain Integrated Edition 7.1. Two-Server Deployment

VMware AirWatch Content Gateway Guide For Linux

VMware vrealize Operations Management Pack for vcloud Director 4.5 Guide

SAS Viya 3.3 Administration: Identity Management

VMware vcenter Server Appliance Management Programming Guide. Modified on 28 MAY 2018 vcenter Server 6.7 VMware ESXi 6.7

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Install and upgrade Qlik Sense. Qlik Sense 3.2 Copyright QlikTech International AB. All rights reserved.

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

Red Hat CloudForms 4.2

VMware AirWatch Content Gateway Guide for Windows

Beyond 1001 Dedicated Data Service Instances

Red Hat CloudForms 4.6-Beta

Linux Administration

NGFW Security Management Center

vcloud Director Administrator's Guide

vrealize Infrastructure Navigator Installation and Configuration Guide

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

akkadian Global Directory 3.0 System Administration Guide

VMware vfabric AppInsight Installation Guide

Dell EMC ME4 Series vsphere Client Plug-in

VMware AirWatch Content Gateway Guide for Windows

Installing the Cisco Virtual Network Management Center

Documentation. This PDF was generated for your convenience. For the latest documentation, always see

Xcalar Installation Guide

Zenoss Resource Manager Upgrade Guide

VMware vrealize Log Insight Getting Started Guide

Using ANM With Virtual Data Centers

StorageGRID Webscale 11.1 Expansion Guide

VMware View Upgrade Guide

VMware vrealize Operations for Horizon Installation

HySecure Quick Start Guide. HySecure 5.0

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

Service Portal User Guide

Videoscape Distribution Suite Software Installation Guide

User Workspace Management

VMware AirWatch Content Gateway Guide for Windows

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Transcription:

SAS Visual Investigator 10.1: Deployment Guide Introduction.................................................................................... 3 Deployment Architecture..................................................................... 3 How SAS Visual Investigator Is Deployed...................................................... 3 System Requirements for Visual Investigator................................................... 4 Cloud Platform Software Requirements........................................................ 4 Virtual Machine Operating System and Software Requirements................................. 4 Web Browser Requirements.................................................................. 5 Pre-installation Tasks.......................................................................... 6 Complete the Key-Value Pairs Worksheet...................................................... 6 Save the License File........................................................................ 6 Installing SAS Visual Investigator on SAS Viya................................................. 7 Prepare the Installation Tools................................................................. 7 Prepare the Installation Environment......................................................... 10 Install SAS Visual Investigator............................................................... 18 Post-Installation Configuration................................................................ 22 Validating the Deployment.................................................................... 23 Overview................................................................................... 23 Contact SAS Technical Support............................................................... 25 Appendix A: Cloud Foundry Deployment Information......................................... 26 Cloud Foundry Deployment Data Using vsphere as the IaaS.................................. 26 Cloud Foundry Deployment Data Using Openstack as the IaaS................................ 37 Appendix B: Troubleshooting................................................................. 48 BOSH...................................................................................... 48

2 Cloud Foundry Run Time.................................................................... 51

3 Introduction Deployment Architecture SAS Visual Investigator is designed to support a cloud-based delivery model that relies on a Platform as a Service (PaaS) provider. Deployments of SAS Visual Investigator can be performed in a private cloud. Only Cloud Foundry private cloud environments are currently supported for cloud deployments. Instead of requiring Base SAS, SAS Visual Investigator uses the Cloud Analytic Services (CAS) run-time environment. How SAS Visual Investigator Is Deployed The installation and deployment of SAS Visual Investigator on Cloud Foundry uses a self-extracting installer to deliver the software into a directory on a physical server or virtual machine (VM). The installer creates a top-level directory named sas, which contains two subdirectories: a bin directory and an image directory. The bin directory contains the start script, which is a Bash shell script. The image directory contains a file system that resembles a standard Linux root file system. The image directory is a systemd-nspawn namespace container that is invoked by the start script. This directory includes all of the components that are required to install and configure SAS Visual Investigator. The namespace container provides functionality that is used to deploy SAS Visual Investigator. It can be shut down and restarted whenever these functions are needed. In addition, the entire container, with any changes that are made, can be repackaged, archived, or moved to another server or VM as required. Three tasks are required to deploy SAS Visual Investigator: Prepare the installation tools. Prepare the installation environment. Install SAS Visual Investigator.

4 System Requirements for Visual Investigator Cloud Platform Software Requirements Cloud Foundry Requirements Cloud Foundry v230, v238, v239, and v240 on either OpenStack or vsphere o OpenStack Juno version or later o VMware vsphere ESXi 6.0 U2 BOSH CLI 1.3213.0 or later Cloud Foundry CLI version 6.16.1+924508c-2016 02 26 or later Stemcell CentOS 7,x 3309 Buildpack java_buildpack 3.8.1 Other Required Software The following third-party software is included with your SAS software. HashiCorp Consul enables service discovery and configuration. RabbitMQ provides an open-source, standards-based platform for SAS components and applications to send and receive messages. Elasticsearch provides a search capability. Supported Databases The following database is supported for use by SAS Visual Investigator and SAS Viya: PostgreSQL Here are the supported data stores: PostgreSQL 9.4 Oracle 12c Virtual Machine Operating System and Software Requirements The VM instance that is used to install SAS Visual Investigator has the following requirements: Red Hat Enterprise Linux 7.2 or CentOS 7.2. 20 GB free space. The installation user must have sudoers privileges on the target virtual machine. systemd-nspawn must be installed.

5 Web Browser Requirements The desktop machine that is used to access the SAS Visual Investigator user interface requires one of the following web browsers: Google Chrome 48 and later versions Microsoft Internet Explorer 11 Note: Microsoft Edge is not supported. Browsers on tablets and other mobile devices are not supported. SAS Environment Manager and CAS Server Monitor are not supported in this release of SAS Visual Investigator.

6 Pre-installation Tasks Complete the Key-Value Pairs Worksheet The contents of either Appendix A or the key-value pairs in the CF_Deployment_Questionnaire.xls spreadsheet must be completed in preparation for deployment. This information is manually entered into a JSON file during installation. A copy of the CF_Deployment_Questionnaire.xls spreadsheet can be found at: http:// support.sas.com/documentation/prod-p/visgator/index.html Save the License File When you ordered SAS Visual Investigator, you received a Software Order Email (SOE) with an attached license file. Save the attached license file to a network file system mount point that is used for SAS Visual Investigator. Copy the file to the same location with the name setin90.sas and keep the original file for reference. CAUTION! If the name is not correct, the license does not work. After SAS Visual Investigator is deployed, the license file is automatically used by the software. The attachment is required for installation, so remember where you save the file.

7 Installing SAS Visual Investigator on SAS Viya Prepare the Installation Tools Overview Installing SAS Visual Investigator begins by downloading the binary installer file to a physical or virtual machine (VM) in the IaaS environment. The VM is used as the bastion or jump box for the installation and deployment. The installation consists of the following tasks: Download the binary installer. Extract the files. Start the container. Sign on to the container. Download the Binary Installer Copy the binary installer file sas.bin to the home directory of the installer ID on the bastion box. For example, if your user ID is test, then the default home directory is /home/test. Copy the binary installer to the bastion box using the wget command. The wget command is used to access a local web server: wget http://0.0.0.0/sas.bin --2016-06-20 14:53:04-- http://0.0.0.0/sas.bin Connecting to 0.0.0.0:80... connected. HTTP request sent, awaiting response... 200 OK Length: 5508425807 (5.1G) [application/octet-stream] Saving to: 'sas.bin' 100%[=================================================>] 5,508,425,807 74.4MB/s in 1m 43s 2016-06-20 14:54:47 (50.8 MB/s) - 'sas.bin' saved [5508425807/5508425807] Extract the File After the file is on the bastion box, extract the binary file with the following command: bash sas.bin Validating archive... Extracting to /home/test/svi... Note: The binary installer deploys to the installing user s home directory. Start the Container Run the start.sh script in the user s home directory to start the container:

8./svi/bin/start Here are the displayed results: Starting SAS Visual Investigator Deployment Container... Spawning container <instance>.<hostname>.unx.sas.com on /home/test/sas/image. Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory Press ^] three times within 1s to kill container. systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN) Detected virtualization systemd-nspawn. Detected architecture x86-64. Welcome to CentOS Linux 7 (Core)! Because the container attempts to alter the state of the host operating system, the following error message might be displayed. This message is expected and can be safely ignored: Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory [FAILED] Failed to start LSB: Bring up/down networking. See 'systemctl status network.service' for details. Sign On to the Container Once the container is started, a login prompt is displayed: CentOS Linux 7 (Core) Kernel 3.10.0-229.el7.x86_64 on an x86_64 sfr47066 login: The prompt shows a host name with a randomly generated prefix and then the word login. Enter the following credentials to sign on to the container: sfr47066 login: sas password: XyZZy Last login: Wed Jun 15 12:41:34 on console SAS 15:04:47!1 [~] After you sign on to the container, notice that the prompt now includes the string, SAS, followed by a timestamp. For convenience, the shell is set to the Z shell (zsh), which provides the standard shell for SAS Visual Investigator deployments. Note: Do not change shells. Any other shell might produce unexpected results. The window of your X terminal emulator displays the title Container. The title is a reminder that your work environment is within the container and that you are no longer working within the host file system. Getting Help To get help while working in the container, use the following command: sas help General Help SYNOPSIS: help [<OPTIONS>] [<partial sas statement>]

9 OPTIONS: -a --addon -s --system -b --both -c --commands -e --everything -p --product Show help for addon packages (disables system package help) [default: true] Show help for system packages (disables addon package help) [default: false] Show help for both system and addon packages Show help for sas statement commands instead of package names. This option is enabled if a <partial sas statement> is provided. Show everything [shorthand for -bc] Show product help DESCRIPTION: Show help for sas packages and sas statement commands. If a partial sas statement command is provided, then all sas statments that begin with <partial sas statement> will be shown. EXAMPLES: sas help -s : list system package names only sas help -a : list addon package names only (the default) sas help -c : list all sas statement commands sas help file : show help for sas statements that begin with 'file' sas help file tokenize : show help for sas statements that begin with 'file tokenize' PACKAGES: Help for the following addon packages is available: bosh : Upload required stemcells cf : Perform BOSH and Cloud Foundry authentication conf : Manage deployment configuration information consul : Interact with Consul deploy : Deploy different types of deployment objects file : Perform file manipulation functions show : Show deployment configuration and status information util : Miscellaneous utilities For more detailed information about deploying SAS Visual Investigator, use the following command: sas help -p SAS Visual Investigator: How to Guide The typical sequence for doing deployments consists of the following commands: sas conf list sas conf install -n <name> -u <url> sas conf use <name> sas conf edit : list the available JSON configuration files : optionally, install a configuration file : set the current configuration to <name> : optionally, edit configuration Now that the configuration has been completed, use it to authenticate. sas cf auth : perform Cloud Foundry login actions Once authenticated, deploy stemcells, buildpacks, releases, and files. sas bosh upload stemcells sas deploy buildpacks : if not present, upload the stemcells : upload required buildpacks

10 sas deploy releases : if not present, upload the releases sas deploy files : use the JSON configuration to generate deployment files After this, it is important to manually inspect the various manifest files to ensure that they are correct. In addition, this is the time at which you can edit those manifest files to make custom changes. sas deploy services : to deploy the stateful services At this point, it is advisable to check the services. sas show details -S : to perform a health check on the services Next, deploy either all apps or individual apps: sas deploy apps sas deploy app <appname> : to deploy the stateless applications : to deploy a single app such as: identities And, you can check the apps now: sas show details -A : to perform a health check on the apps You can use following command to summarize the state of your deployment: sas show info sas show status sas show details : to show configuration, urls, and IP addresses : to show the existence or execution state of all components : to perform a health check on both services and apps components The Help system then repeats the same information displayed when using the command sas help sas. To show product information, run the command: sas show info sas show info Product Name : SAS Visual Investigator Version: : 10.1.216 Build Date: : 20160916.1051 Note: Additional information is displayed when using the command: sas conf use <configuration>. Prepare the Installation Environment Overview Before you can deploy SAS Visual Investigator, follow these pre-deployment steps: Collect information about the environment. Set, edit, and save the configuration file. Authenticate the sas user to Cloud Foundry and BOSH. Upload BOSH Stemcells. Upload Buildpacks. Upload releases.

11 Generate files from configuration date for deployment. The information that is in Appendix A: Cloud Foundry Deployment Configuration or in the Microsoft Excel spreadsheet CF_Deployment_Questionnaire.xlsx needs to be collected. The spreadsheet is included in the email that instructs you about where to download the software. A copy of the CF_Deployment_Questionnaire.xls spreadsheet, which has the same deployment data as this appendix, can be found at http://support.sas.com/ documentation/prod-p/visgator/index.html Once the information is collected, enter the following command to list the available SAS Visual Investigator configuration files. sas conf list This lists the configuration templates that are available. The following configurations are available: template_openstack template_vsphere To use a configuration, use the command: sas conf use <configurationname> Current configuration: unset Configuration File Set the Configuration File 1 Select the template file (vsphere or openstack) that corresponds to the underlying IaaS for your Cloud Foundry installation and issue the following command: sas conf use template_xxxxx This produces the following output: Now using configuration: template_xxxxx (where xxxxx is either vsphere or openstack) 2 Save the template configuration file with a new configuration filename that is meaningful in your environment. The configuration filename, test, is used in this example. sas conf save test This produces the following output: Saved configuration file: test 3 Set the new configuration file as the active configuration file for the framework to use. sas conf use test This produces the following output: Now using configuration: test Edit the Configuration File Once the template is ready to use, edit the configuration file and enter the information from the Cloud Foundry Deployment Configuration or the spreadsheet. Enter the command sas conf edit. This displays a vim session that enables you to edit the file.

12 Note: SAS has configured vim to syntax check JSON for this purpose and does not allow you to exit if the file has invalid JSON syntax. Here is an example of the configuration file before editing. After you entered the information into the table in Appendix A or the spreadsheet, copy your entries into the JSON file. 1 Copy your entries into the JSON file and ensure that your entries do not contain Rich Text markup. It must contain only ASCII 7 data. Every entry in Appendix A or the spreadsheet corresponds to an entry in the JSON file. 2 Save the file. Here is an example of the configuration file after editing:

13 Note: The location of the JSON file that is in use is a temporary location and can easily be overwritten by another configuration file. It is highly recommended that you save the configuration file that has been updated. Save the Configuration File To save the changes that you have made to a safe location, run the command: sas conf save test This produces the following output: Saved configuration file: test This does not change the active configuration file. It just saves a copy of it to a saved configuration directory. You can see your configuration name now by running the command: sas conf list This produces the following output: The following configurations are available:

14 test template_openstack template_vsphere To use a configuration, use the command: sas conf use <configurationname> Current configuration: test Authenticate to Cloud Foundry and BOSH After you have entered the information about your Cloud Foundry installation and the servers that you are creating, you must connect to Cloud Foundry. You connect with the Cloud Foundry administrative user that is specified in the preceding configuration file. This step is required even if the host bastion box was signed on to Cloud Foundry and BOSH. This step is also required anytime you change your configuration to a new configuration that has different authentication details. To authenticate, run the command: sas cf auth The command produces the following output: Authentication for user: sas Current target is https://0.0.0.0:25555 (ocfdir) API endpoint: https://api.sas.sas.sas.com (API version: 2.48.0) User: test Org: test Space: test If authentication was successful, then you know that the data that you entered for the Cloud Foundry and BOSH environments is correct. If authentication was not successful, refer to the data that you entered for the directory and run-time sections of the JSON file. Correct them for your installation and try again. CAUTION! If the Cloud Foundry user for authentication does not have administrative privileges, the deployment steps eventually fail. Do not attempt to proceed if you do not have a working connection to both BOSH and Cloud Foundry. Upload Buildpacks Deploying SAS Visual Investigator applications uses Cloud Foundry Buildpacks. To ensure that compatible Buildpacks are being used, run the following command: sas deploy buildpacks. This command uploads offline buildpacks into your Cloud Foundry environment. sas deploy buildpacks Updating buildpack java_buildpack... OK Updating buildpack java_buildpack... Done uploading OK Upload BOSH Stemcells Once connectivity is established to the BOSH environment, you need to upload the required stemcells for the creation of Virtual Machines (VMs). This is done in the IaaS using the BOSH Cloud Provider Interface (CPI).

1 Check to see whether the required stemcells are already installed. To do that, issue the following command: bosh stemcells If the output contains the following, the correct stemcell is already installed, you can skip the remainder of this section. Name="bosh-openstack-kvm-centos-7-go_agent" Version="3309" 2 If the bosh-openstack-kvm-centos-7-go_agent stemcell is not installed, issue the following command: sas bosh upload stemcells There are two stemcells delivered. One for OpenStack and one for vsphere. 3 To ensure that the correct stemcells are loaded, even if there are existing stemcells, run the following command: sas bosh upload stemcells If the correct stemcells are already installed, you get a warning message stating that the correct version already exists. You can safely ignore this message and continue with the upload. 15 Upload BOSH Releases Now you need to upload the included BOSH releases to the BOSH blobstore so that they are available to BOSH when it is time to deploy the services. To upload the BOSH releases, issue the following command: sas deploy releases The following release packages are delivered, one for each of the stateful services. Cloud Analytic Server (CAS) Elasticsearch 2.3.3 PostgreSQL 9.4 Consul RabbitMQ PGPool Create Files for Deployment Once the stemcells, buildpacks, and releases are in place, you need to create files that are used in deploying SAS Visual Investigator services and apps. This step should be done every time there is a change in the active JSON configuration. If these files have already been generated, then remove them from the container first by running the following commands: cd rm -rf * The information that was included in the configuration file is used as values to be substituted into the template files that are part of the framework. To create the filesystem and files, run the command: sas deploy files Building svi in: /home/sas Extracting Archives... Copying to audit

16 Copying to authorization Copying to cas-management Copying to files Copying to identities Copying to logon Copying to svi-ai Copying to svi-alert Copying to svi-core Copying to svi-datahub Copying to svi-entity-resolution Copying to svi-feature Copying to svi-network-analytics Copying to svi-sand Copying to svi-transport Copying to svi-visual-investigator Copying to svi-vsd-service Copying to svi-vsd-webui Copying /usr/local/sas/addons.d/svi/deploy/_deploy/files to /home/sas... Performing token replacement and renaming common files... Tokenize /home/sas/apps/audit/manifest.yml.orig as /home/sas/apps/audit/manifest.yml Tokenize /home/sas/apps/authorization/manifest.yml.orig as /home/sas/apps/authorization/manifest.yml Tokenize /home/sas/apps/cas-management/manifest.yml.orig as /home/sas/apps/cas-management/manifest.yml Tokenize /home/sas/apps/files/manifest.yml.orig as /home/sas/apps/files/manifest.yml Tokenize /home/sas/apps/identities/manifest.yml.orig as /home/sas/apps/identities/manifest.yml Tokenize /home/sas/apps/logon/manifest.yml.orig as /home/sas/apps/logon/manifest.yml Tokenize /home/sas/apps/logon/pre_deploy_logon.sh.orig as /home/sas/apps/logon/pre_deploy_logon.sh Tokenize /home/sas/apps/svi-ai/manifest.yml.orig as /home/sas/apps/svi-ai/manifest.yml Tokenize /home/sas/apps/svi-alert/manifest.yml.orig as /home/sas/apps/svi-alert/manifest.yml Tokenize /home/sas/apps/svi-core/manifest.yml.orig as /home/sas/apps/svi-core/manifest.yml Tokenize /home/sas/apps/svi-datahub/manifest.yml.orig as /home/sas/apps/svi-datahub/manifest.yml Tokenize /home/sas/apps/svi-datahub/pre_deploy_datahub.sh.orig as /home/sas/apps/ svi-datahub/pre_deploy_datahub.sh Tokenize /home/sas/apps/svi-entity-resolution/manifest.yml.orig as /home/sas/apps/ svi-entity-resolution/manifest.yml Tokenize /home/sas/apps/svi-feature/manifest.yml.orig as /home/sas/apps/svi-feature/manifest.yml Tokenize /home/sas/apps/svi-network-analytics/manifest.yml.orig as /home/sas/apps/ svi-network-analytics/manifest.yml Tokenize /home/sas/apps/svi-sand/manifest.yml.orig as /home/sas/apps/svi-sand/manifest.yml Tokenize /home/sas/apps/svi-transport/manifest.yml.orig as /home/sas/apps/svi-transport/manifest.yml Tokenize /home/sas/apps/svi-visual-investigator/manifest.yml.orig as /home/sas/apps/ svi-visual-investigator/manifest.yml Tokenize /home/sas/apps/svi-visual-investigator/pre_deploy_svi-visual-investigator.sh.orig as /home/sas/apps/svi-visual-investigator/pre_deploy_svi-visual-investigator.sh Tokenize /home/sas/apps/bootstrap-users-management.sh.orig as /home/sas/apps/bootstrap-users-management.sh Tokenize /home/sas/apps/deploy.sh.orig as /home/sas/apps/deploy.sh Tokenize /home/sas/apps/remove.sh.orig as /home/sas/apps/remove.sh Tokenize /home/sas/deploy.sh.orig as /home/sas/deploy.sh Tokenize /home/sas/remove.sh.orig as /home/sas/remove.sh Tokenize /home/sas/services/rabbitmq/post_deploy_rabbitmq.sh.orig as /home/sas/services/rabbitmq/ post_deploy_rabbitmq.sh Tokenize /home/sas/utils/libs/cloud_foundry_lib.sh.orig as /home/sas/utils/libs/cloud_foundry_lib.sh Tokenize /home/sas/utils/libs/register_lib.sh.orig as /home/sas/utils/libs/register_lib.sh Tokenize /home/sas/utils/register_cas.sh.orig as /home/sas/utils/register_cas.sh Tokenize /home/sas/utils/unregister_cas.sh.orig as /home/sas/utils/unregister_cas.sh

17 Performing token replacement and renaming openstack files... Tokenize /home/sas/services/cas/_orig/manifest-controller_openstack.yml as /home/sas/services/ cas/manifest-controller.yml Tokenize /home/sas/services/cas/_orig/manifest-worker_openstack.yml as /home/sas/services/ cas/manifest-worker.yml Tokenize /home/sas/services/consul/_orig/manifest_openstack.yml as /home/sas/services/consul/manifest.yml Tokenize /home/sas/services/elasticsearch/_orig/manifest-client_openstack.yml as /home/sas/services/ elasticsearch/manifest-client.yml Tokenize /home/sas/services/elasticsearch/_orig/manifest-master_openstack.yml as /home/sas/services/ elasticsearch/manifest-master.yml Tokenize /home/sas/services/elasticsearch/_orig/manifest-data_openstack.yml as /home/sas/services/ elasticsearch/manifest-data.yml As the command runs, it copies the JAR files that are deployed into Cloud Foundry. Then it performs the token substitution on the various files that are required for deploying the solution. When complete, token substitution is checked to see whether there are any unresolved tokens. If successful, the message All tokens successfully resolved is displayed. If tokenization is incomplete and an error message is shown, the configuration file is incomplete and needs to be edited again. Note: Be sure to remove the files that were generated before running the command sas deploy files again. About Examining the Files Inspection of the BOSH and Cloud Foundry manifest files is required in order to verify that the information in the files is correct. This requires knowledge of the Cloud Foundry environment and also assumes a knowledge of the vim utility. Note: It is not recommended that you do NOT change the information in the manifest files manually, as the data comes from the JSON configuration file. Any changes should be made in the JSON configuration file. The contents of the home directory should then be deleted and the command to deploy files should be rerun to create a new set of manifest files. BOSH-Related Files The manifest files that deploy stateful services into the BOSH managed environment are located in the / home/sas/services directory in the container. To inspect the manifest files: 1 Change to the /home/sas/services directory 2 Run the command: vi */man*.yml. This displays the vim editor in the window, with the first file in the vim buffer. Use the vim :n command to edit the next file match. Use the :rew command to rewind to the beginning in order to review all files again. Exception: It is acceptable to change the configurable entries in the jobs section of the manifest.yml file, which is in the Postgres directory under the services directory. They are intended to be managed outside the framework. When inspecting the manifest files, you need to check the following items: director_uuid make sure this matches what was entered in the JSON configuration file. All entries in the networks section of the file are correct. Validate that the IP address is the correct one entered for each server. Look under jobs then static_ips.

18 Once you have completed the inspection of the BOSH manifest files, inspect the script files in the services directory. To inspect the script files: 1 Change to the /home/sas/services directory 2 Issue the command: vi */*.sh. This displays the vim editor in the window. The most important script in this group is the post_deploy_rabbitmq.sh script. In this file, check for empty values ("") and determine whether an empty value is reasonable. Some expected empty values include the archive.storage.local.destination property and in the Folder loop at the bottom of the file. A property with an empty value might indicate that a JSON property in the configuration file was not filled in. If you discover any entries like this, return to the JSON configuration file and make sure that all required entries are filled in. Then delete the contents of the home directory and re-create the files. Note: The following service_tag parameters are blank for all environments: the elasticsearch/deploy.sh service_tags, the postgres/deploy.sh service_tags, and the rabbitmq/deploy.sh service_tags. This is standard and can safely be ignored. Note: If using OpenStack, the static_ips addresses in the cas-worker.yml and manifest-data.yml are blank. This is standard for OpenStack and can be safely ignored. Cloud Foundry Related Files Manifest files that deploy stateless applications and microservices into the Cloud Foundry run-time environment are located in the /home/sas/apps directory in the container. To inspect the manifest files: 1 Change to the /home/sas/apps directory 2 Issue the command: vi */man*.yml. This displays the vim editor in the window. In these files, check for empty values ( ) and determine whether an empty value is reasonable. This might indicate that a JSON property in the configuration file was not filled in. If you discover any entries like this, return to the JSON configuration file and make sure that all required entries are filled in. Then delete the directories under the /home/sas directory and re-create the files. Logs Log data for applications and microservices is provided through the Cloud Foundry Doppler system. Using a Cloud Foundry firehose and nozzle to collect log data and redirect it to a logging server is the standard means of providing access to application logs. We have added rsyslog to the services deployed in Cloud Foundry BOSH. This information can be routed to any rsyslog server over TCP. This method is compatible with any of the various log store and display applications. Install SAS Visual Investigator Overview Deployment of SAS Visual Investigator consists of the following: deploying services to BOSH deploying stateless applications and microservices Deploy Services to BOSH Deploy the stateful services to BOSH by running the command: sas deploy services

When deployments are complete, test the applications to ensure that the deployment is working as expected. See Validating the Deployment for instructions on testing each of the services. CAUTION! Do not attempt to proceed to the next steps if you see any errors during the deployment of the stateful services. If you see errors, see Appendix B: Troubleshooting. 19 Deploy Stateless Applications and Microservices To deploy the stateless applications and microservices, run the command: sas deploy apps. This is similar to the command that deploys the stateful services. The sas deploy apps command runs the deploy.sh script in the /home/sas/apps directory. This script executes each of the deploy.sh scripts in the subdirectories under the apps directory. These scripts deploy application JAR files into the Cloud Foundry runtime environment. When the deployments are complete, run the following command to display the status of the full deployment: sas show status # BOSH Deployments: test-cas-controller-deployment sas-cas/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-cas-worker-deployment sas-cas/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-consul-deployment sas-consul/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-elasticsearch-deployment-client sas-elasticsearch/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-elasticsearch-deployment-data sas-elasticsearch/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-elasticsearch-deployment-master sas-elasticsearch/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-postgres-deployment sas-postgres/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none test-rabbitmq-deployment sas-rabbitmq/v001.m001 bosh-vsphere-esxi-centos-7-go_agent/3215 none # CF Apps: Getting apps in org prod / space test as admin... OK name requested state instances memory disk urls test-identities started 1/1 1G 1G test.sas.sas.sas.com test-svi-sand started 1/1 2G 1G test.sas.sas.sas.com test-svi-feature started 1/1 1G 1G test.sas.sas.sas.com test-logon started 1/1 1G 1G test.sas.sas.sas.com test-files started 1/1 1G 1G test.sas.sas.sas.com test-svi-entity started 1/1 1G 1G test.sas.sas.sas.com test-audit started 1/1 1G 1G test.sas.sas.sas.com test-svi-ai started 1/1 1G 2G test.sas.sas.sas.com test-svi-transport started 1/1 1G 1G test.sas.sas.sas.com test-svi-datahub started 1/1 2G 1G test.sas.sas.sas.com test-svi-alert started 1/1 1G 1G test.sas.sas.sas.com test-authorization started 1/1 1G 1G test.sas.sas.sas.com test-svi-visual-investigator started 1/1 1G 1G test.sas.sas.sas.com test-svi-core started 1/1 1G 1G test.sas.sas.sas.com # CF Routes:

20 Getting routes as admin... space host domain path apps test test sas.sas.sas.com /identities test-identities test test sas.sas.sas.com /SASLogon test-logon test test sas.sas.sas.com /audit test-audit test test sas.sas.sas.com /authorization test-authorization test test sas.sas.sas.com /casmgmt test-casmgmt test test sas.sas.sas.com /files test-files test test sas.sas.sas.com /datahub test-svi-datahub test test sas.sas.sas.com /entity test-svi-entity test test sas.sas.sas.com /ai test-svi-ai test test sas.sas.sas.com /svi-alert test-svi-alert test test sas.sas.sas.com /svi-core test-svi-core test test sas.sas.sas.com /feature test-svi-feature test test sas.sas.sas.com /svi-sand test-svi-sand test test sas.sas.sas.com /svi-transport test-svi-transport test test sas.sas.sas.com /SASVisualInvestigator test-svi-visual-investigator The sas show status command combines three different commands: bosh deployments, cf apps, and cf routes to display information describing the current environment. Use the sas show info command to display information about the applications that are deployed. It also displays the URLs that enable you to connect to the application interfaces, and it displays information about the environment. All of the information displayed comes from the JSON configuration file and is formatted for readability. sas show info SAS Visual Investigator: Info Product Name : SAS Visual Investigator Version: : 10.1.nnn Build Date: : Day Mon YY HH:MM:ss EDT 2016 Configuration JSON Configuration Org Space Host URLs SAS Visual Investigator Consul RabbitMQ : test : test : test : test : http://test.runtime.env.comp.com/sasvisualinvestigator : http://10.10.10.01:8500 : http://10.10.10.02:15672 IP Addresses CAS Controller : 10.10.10.03 CAS Worker : 10.10.10.09 10.10.10.10 Consul : 10.10.10.04 Elastic Search : Master Nodes : 10.10.10.05 Client Nodes : 10.10.10.06 Data Nodes : 10.10.10.11 10.10.10.12 PostgreSQL : 10.10.10.07 RabbitMQ : 10.10.10.08

Another way to quickly display the status of a stateful service or application is to use the command: sas show details: Service Status 21 pass cas-controller (Success) pass cas-worker@192.168.5.141 (Success) pass cas-worker@192.168.5.142 (Success) pass consul_container (Agent alive and reachable) pass elasticsearch (TCP connect 10.10.10.05:9200: Success. ElasticSearch cluster green.) pass postgres (Success) pass rabbitmq (Success) App Status pass audit (UP) pass authorization (UP) pass casmanagement (UP) pass datahub (UP) pass entityresolution (UP) pass feature (UP) pass files (UP) pass identities (UP) pass networkanalytics (UP) pass SASLogon (UP) pass SASVisualInvestigator (UP) pass svi-ai (UP) warn svi-alert (DOWN) pass svi-core (UP) pass svi-sand (UP) pass svi-transport (UP)

22 Post-Installation Configuration Before SAS Visual Investigator can be used, users need to be imported. See Configuring Users and Routing Alerts in the SAS Visual Investigator 10.1: Administrator s Guide. To facilitate this, the svi-user-management.xls spreadsheet has been included in the /home/sas/apps directory. This file should be copied from the bastion box to a location where it can be opened in Microsoft Excel. Update the spreadsheet as described in the Administrator s Guide then import it to the data store.

23 Validating the Deployment Overview This section provides instructions for validating the stateful services that are delivered with SAS Visual Investigator. Elasticsearch To determine the health of the deployed Elasticsearch cluster, use the following command: $ curl -XGET 'http:// Elasticsearch-IP-address:9200/_cluster/health?pretty=true' { "cluster_name" : "testcluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 2, "number_of_data_nodes" : 3, "active_primary_shards" : 5, "active_shards" : 10, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards": 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch": 0, "task_max_waiting_in_queue_millis": 0, "active_shards_percent_as_number": 100 } A green status indicates that the cluster is fully functional. For additional information about Elasticsearch cluster health, refer to https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html. Consul To validate the installation of Consul: 1 Open a browser and go to the URL for Consul. 2 To determine the correct URL for Consul, use the following command: sas show info SAS Visual Investigator: Info Product Name : SAS Visual Investigator Version: : 10.0.2 Build Date: : Wed Jun 22 17:48:41 EDT 2016 Configuration JSON Configuration Org Space : test : test : test

24 Host : test URLs SAS Visual Investigator Consul RabbitMQ : http://test.sas.sas.sas.com/sasvisualinvestigator : http://10.10.10.85:8500 : http://10.10.10.96:15672 IP Addresses CAS Controller : 10.10.10.80 CAS Worker : 10.10.10.81 10.10.10.82 10.10.10.83 10.10.10.84 Consul : 10.10.10.85 Elastic Search : Master Nodes : 10.10.10.86 10.10.10.87 10.10.10.88 Client Nodes : 10.10.10.89 10.10.10.90 Data Nodes : 10.10.10.91 10.10.10.92 10.10.10.93 10.10.10.94 PostgreSQL : 10.10.10.95 RabbitMQ : 10.10.10.96 From the preceding information, select the URL for Consul. In this example, the URL is http://10.10.10.85:8500. RabbitMQ To validate the RabbitMQ installation: 1 Open a browser and go to the URL for RabbitMQ. 2 To determine the correct URL for RabbitMQ use the sas show info command. In the previous example, the correct URL would be: RabbitMQ : http://10.10.10.96:15672. If you see the RabbitMQ logon screen, then RabbitMQ is functioning as expected. PostgreSQL The simplest way to validate the installation of the PostgreSQL server is to connect to a remote database. To determine the IP address of the PostgreSQL server, use the sas show info command. In this example, the IP address is 10.10.10.95. Then use the following command to validate the PostgreSQL server: psql -h 10.10.10.95 -U dbmsowner postgres Password for user dbmsowner: psql (9.2.15, server 9.4.4) WARNING: psql version 9.2, server version 9.4. Some psql features might not work. Type "help" for help. postgres=# To exit the prompt, specify \q and then press the Enter key.

25 Contact SAS Technical Support If you need assistance with deploying your software, it is important that only SAS support personnel call the Technical Support Division. For US and Canadian customers, support is provided from the corporate headquarters in Cary, North Carolina. You can call (919) 677-8008, Monday through Friday. Customers outside of the US can obtain local-language technical support through the local office in their countries. Customers in these locations should contact their local office for specific support hours. See support.sas.com/techsup/contact/index.html for contact information for local offices. Before you call, explore the SAS Support website at support.sas.com/techsup/. This site offers access to the SAS Knowledge Base, as well as discussion forums, Technical Support contact options, and other support materials that might answer your questions.

26 Appendix A: Cloud Foundry Deployment Information Cloud Foundry Deployment Data Using vsphere as the IaaS Note: For a copy of the CF_Deployment_Questionnaire.xls spreadsheet, which has the same deployment data as this appendix, go to http://support.sas.com/documentation/prod-p/visgator/index.html. Key Value Description # SYNTAX CONVENTIONS #=================================================== [ ] <name> *<size>* A quoted string of the indicated type. An array of comma-separated values of the indicated type. All occurrences of <name> can be replaced with the same replacement value All occurrences of *<size>* can be replaced with a similar or larger value. The exact size depends on how the resource is used. For a size value in the following configuration table, ensure that your instance_type definition is not less than the values that is used for CPU, disk, or RAM as follows: Size Property *<small>* *<medium>* *<large>* *<xlarge>* *<2xlarge>* Specify the Default Size or a Large Size, as Appropriate 2 vcpus, 20 GB disk, 2 GB RAM 4 vcpus, 40 GB disk, 4 GB RAM 4 vcpus, 40 GB disk, 8 GB RAM 8 vcpus, 40 GB disk, 8 GB RAM 8 vcpus, 40 GB disk, 8 GB RAM # A 'property' is a simple key-value pair. # A 'section' is either an array or a dictionary that can have many values. # # All properties and sections below must be populated with data unless marked with one of the following indicators: ## Optional - This property or section can remain with no value or can be entirely removed. ## ReadOnly - Do not change any property or section that has this mark. ## ReadOnlyKey - Do not change the property key, but you can change the value. BOSH Director The BOSH Director section of the JSON configuration file provides information for accessing the BOSH director. <directorname> The director Name that is displayed by the bosh status command and that is listed as Name.

27 Key Value Description user name password certificate_path privateip uuid vm_network_name bosh_domain_name dnsserver [ ] gateway cidr_network reserved_network static_network The BOSH user name that is used for BOSH director authentication. The password for the user that connects to the BOSH director. The certificate for the user that connects to the BOSH director. The IP address of the BOSH director as displayed by the bosh status command under the URL. The UUID of the BOSH director as displayed by the bosh status command and listed as UUID. The vsphere network name under which BOSH instances become created. The Domain name of BOSH director as displayed by the bosh status command listed as DNS. The array of quoted IP addresses that identify the DNS locations for the BOSH director. Example: ["1.2.3.4", "2.3.4.5"] The IP address of the Gateway server of the BOSH director. The CIDR range of the network. Example: "10.20.30.0/24" The reserved IP address range that is not used for creating the BOSH instances. The format of each array entry is a quoted string that consists of a hyphenseparated IP address range. Example: ["10.20.30.2-10.20.30.127", "10.90.80.2-10.90.80.63"] The static IP address range that is used for creating the BOSH instances. The format of each array entry is a quoted string that consists of a hyphen-separated IP address range. Example: ["10.20.30.128-10.20.30.254", "10.90.80.64-10.90.80.127"] Cloud Foundry Run-Time Environment runtimes <runtimename> url The run-time section of the JSON configuration file provides information for accessing the Cloud Foundry run-time environment. It can have any name. It is a string for internal use only. The URL of the Cloud Foundry run-time environment as displayed by the cf api command.

28 Key Value Description user name password The Cloud Foundry run-time environment user name for authentication. The user must have administrative privileges. The password for the user connection to the Cloud Foundry run-time environment. options --skip-ssl-validation The command-line options for the Cloud Foundry runtime environment connection. Solution Deployment deployments sas password The Solution Deployment section of the JSON file contains solution deployment details. This section provides information about the user ID that is used for the solution deployment. The password for the user of the solution deployment. Do not provide a password in this file. It is entered onsite. iaas vsphere The Infrastructure as a Service (IaaS) name for vsphere. runtime <runtimename> The name of the Cloud Foundry run-time environment that is defined in the Cloud Foundry Run-Time Environment section. director <directorname> The name of the Cloud Foundry BOSH director that is defined in the directors section. cf_nontls_domain front_tls_domain front_nontls_domain org space host The internal non-tls domain that is used by Cloud Foundry for routing. The host property is used as a prefix to this domain when constructing URLs. If TLS front-end reverse proxying or load balancing is enabled, then the front-end TLS domain name is required. The host property is used as a prefix to this domain when constructing URLs. If non-tls front-end reverse proxying or load balancing is enabled, then it is necessary to specify the front-end non-tls domain name. The host property is used as a prefix to this domain when constructing URLs. The name of the Cloud Foundry organization that is the target of the deployment. The name of the Cloud Foundry space that is the target of the deployment. The host name that is created under the Cloud Foundry run-time environment. This is the top-level name of the route that is created in the form <host>.some.domain.com. LDAP Server

29 Key Value Description ldap base host password port url userdn ldap://\\${ldap.base.host}:\\$ {ldap.base.port}" The LDAP Server section of the JSON file provides information about the defined LDAP AD connection. This section provides base OU information for the LDAP AD connection. The LDAP server host name. The password for the user ID of the solution installation that connects to the LDAP/AD server. The password is entered on-site. The port that is defined to connect to the LDAP server. If a global port is used to connect to the LDAP server, then port 3268 is required. If a non-global port is used to connect to the LDAP server, then port 389 is required. The LDAP URL default is "ldap//\\${ldap.base.host}\\$ {ldap.base.port}". Do not change this value. The LDAP user DN value that is used for the general search account. The DN value can be in the form: "CN=, OU=, OU=, DC=, DC=, DC=". Note that each site has different requirements. LDAP Group Information group basedn searchfilter The LDAP Group Information section of the JSON file specifies group information for the LDAP/AD connection. The LDAP base DN is in the form OU=Groups,DC=xxx,DC=yyy,DC=com. The optional LDAP search filter that is used for searches on the LDAP server. Example: (member={0}) LDAP Connection user basedn searchfilter The LDAP Connection section of the JSON file specifies user information for the LDAP/AD connection. The LDAP base DN is in the form DC=xxx,DC=yyy. The optional LDAP search filter that is used for searches on the LDAP server. Example: (member={0}) Internal SAS profile The Internal SAS section of the JSON file is internal to SAS. file ldap/ldap-search-and-bind.xml Use the provided information that is required internal to SAS microservice. Connection Properties

30 Key Value Description property <property name> "config/application/ldap/user/ customfilter": "" The Connection Properties section of the JSON file specifies any special properties that are required for connection to the LDAP/AD server. Define the custom Consul properties for LDAP. The only supported property is the customfilter property that is listed. This property can be entirely omitted if no custom Consul properties are needed for LDAP. If this property is used, then the key must match config/application/ldap/ user/customfilter: " ". Example: "(&(!(objectclass=computer))(!(useraccountcontrol: 1.2.840.113556.1.4.803:=2)))" Consul Scripts oauth adminsecret clientsecret The Consul Scripts section of the JSON file is used by scripts that load data into Consul. The password is used to obtain an access token from SASLogon for client registration. Do not provide a password in this file. It is entered on-site. The password is used by other apps if it is set. Do not provide a password in this file. It is entered on-site. signingkey tokenkey This property is used to secure JSON web tokens with RSA digital signatures or hashed message authentication codes (HMACs). The RSA digital signatures or HMACs can be either a Base64-encoded RSA private key that is used to digitally sign tokens or a simple passphrase for HMACs as described in RFC 2104. It is recommended that you change the default value tokenkey to a different value. Logging Properties log_server host The Logging Properties section of the JSON file defines logging properties that are used by services that send log data output to a remote rsyslog server via TCP. To enable logging support for apps, a nozzle must be created for logging output to a remote rsyslog server. A nozzle is a component that listens for specified events and metrics and streams this data to external services. Refer to the Cloud Foundry Loggregator documentation for details about nozzles. The Cloud Foundry Nozzle and the rsyslog server must exist prior to the deployment. This functionality is not included with this deployment code. The fully qualified domain name (FDQN) or the IP address of the rsyslog server in the format <host>.<toplevel-domain>. Example: rsysloghost.mycompany.com 10.20.30.40 port 5000 The TCP port number of the rsyslog server. Example: 5000. Change the value, as appropriate.