SAS® Integration Technologies: Administrator's Guide (LDAP Version)

More documents

Recommendations

Info

Administering the Publishing Framework (Publish and Subscribe Planning and Implementation Guide) In order to set up a publish and subscribe solution using SAS Integration Technologies, you can follow these steps to help you plan and implement your solution. The following is a list of tasks that are required to set up a publish and subscribe system using Integration Technologies: 1. Design information channels Designing a successful publish and subscribe implementation starts with an understanding of why your organization is implementing the system. You will need to know, at a very basic level, what kind of information needs to be distributed to users and how widely that information needs to be distributed. For example, you could start the planning process by understanding that your organization needs to disseminate sales information throughout the marketing organization and inventory data to the production organization. Starting with this base level of knowledge, you begin the process of breaking down the general categories of information into specific information channels by using a hierarchical model. How you divide and subset the categories depends on your organization's needs, but you should work toward creating information channels as tightly focused as possible, without making them too tightly focused to be useful. Channels that are broadly defined leave users not knowing whether information delivered over the channel will be useful to them; channels that are too narrowly defined force users to subscribe to a long list of channels in order to ensure that they receive the information that they need. To help focus the information that users receive, set up policies for name/value keywords. Name/value pairs are attributes that are specified when a package is published and that help to identify the package contents. Each subscriber definition can include a name/value filter that only allows packages that meet the subscriber's needs to be delivered. For example, if you publish a package with a name/value attribute of market=(Mexico), that package is only seen by those subscribers whose name/value filter indicates that they are interested in information about the Mexican market. Although the names and associated values can be anything that your organization finds useful, you must establish a list of acceptable keywords and values for those keywords. This list is essential for publishers to be able to provide consistent metadata that identifies published content and for subscribers to be able to filter published content in order to focus on the information they need. When you define your information channels, you must also consider the users that will be accessing those channels as well as any restrictions that need to be placed on the channels. Although these aspects of planning Administering the Publishing Framework (Publish and Subscribe Planning and Implementation Guide) 208
2. are discussed separately and in more detail in the following two topics, in practice they are examined at the same time as you are defining your channels. You cannot define an information channel without first knowing who needs to see the information and how that information should be restricted. Identify initial subscriptions When you plan an initial set of information channels, you must identify the users, groups, and applications that are initially subscribed to those channels. The information to set up these subscriptions is taken from the information you collected when you planned the channels. An understanding of your organization's need for a publish and subscribe system must include not only what information needs to be published, but also who needs to see that information. However, you do not have to determine every piece of information that every individual needs to see. Rather, the process of planning initial subscriptions focuses on wider distributions of information, such as identifying the essential information that departments and groups of users need. How closely you follow this guideline depends on your organization's needs − there might be a few critical users who need to receive specific information, and there might be a need to subscribe a group of users to a tightly focused channel. In general, however, the initial subscriptions that you plan cater to distributing essential information to the largest number of users. Subscribers can set up subscriptions to tightly focused channels themselves as the need arises. After you have determined the list of initial subscribers for each channel, you must determine how the information is to be distributed to each user (whether by text e−mail, HTML e−mail, or through a queue) and identify their address information. The address information is essential for setting up both subscriber entries and the LDAP directory. 3. Analyze information security requirements When you plan information channels you must also consider security for your publish and subscribe implementation in order to ensure that the information that is published on each planned channel is uniformly sensitive. For example, if you plan for a single channel to distribute accounting information throughout your organization, you will encounter a security problem when the accounting department needs to publish sensitive information (such as employee salaries). With only a single, unrestricted channel, you cannot publish the information to a specific set of users. In your consultations with users, you must identify information channels whose access needs to be controlled. Your plan must address both methods that Integration Technologies uses to implement security − authentication and access control. Authentication security involves the process of users connecting to the LDAP server. Because the LDAP server contains all of the definitions for Integration Technologies objects (including subscribers, channels, and servers), a user must be able to connect to the LDAP directory in order to make any changes to the LDAP definitions. This level of security is controlled when users supply a distinguished name and corresponding password when they connect to the directory. Access control security controls the information channels that users have access to. Without any security, users are able to subscribe to any information channel in your organization and access sensitive information. To prevent this, you must to create access control lists (ACLs) in the LDAP directory in order to specify what definitions and attributes users have access to. To plan for implementing access control security, you must consider what kinds of users access the directory and what kinds of information they should have access to. As an example, the following are some possible user classes and questions you must consider for each one: General subscriber SAS® Integration Technologies: Administrator's Guide (LDAP Version) Administering the Publishing Framework (Publish and Subscribe Planning and Implementation Guide) 209
Page 1 and 2:
SAS® 9.1.3 Integration Technologie
Page 3 and 4:
SAS® Integration Technologies: Adm
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Setting up an LDAP Directory Server
Page 13 and 14:
10. You are asked whether you want
Page 15 and 16:
Page 17 and 18:
sasDomainName eq, pres sasLogicalNa
Page 19 and 20:
Adding Person Entries to the Direct
Page 21 and 22:
Using the Integration Technologies
Page 23 and 24:
saschannels sassubscribers Hardware
Page 25 and 26:
If the value is set to none, the LD
Page 27 and 28:
Page 29 and 30:
The command to start the SAS sessio
Page 31 and 32:
Logical names All logical names ass
Page 33 and 34:
Delete Help Server Wizard Set Acces
Page 35 and 36:
Verifying IT Administrator Connecti
Page 37 and 38:
Modifying Objects with IT Administr
Page 39 and 40:
Searching for Objects Using IT Admi
Page 41 and 42:
Reloading (Refreshing) IT Administr
Page 43 and 44:
Choosing a Server Configuration Int
Page 45 and 46:
Page 47 and 48:
Overview of Pooling A workspace poo
Page 49 and 50:
Setting up Workspace Pooling You ca
Page 51 and 52:
Server and Client Requirements SAS
Page 53 and 54:
server and need metadata definition
Page 55 and 56:
Creating the Metadata for a COM/DCO
Page 57 and 58:
When you complete all of the steps
Page 59 and 60:
♦ Enter a unique name (sasServerc
Page 61 and 62:
Configuration File Example: Minimal
Page 63 and 64:
Enabling DCOM on the Server and the
Page 65 and 66:
Configuring SAS for DCOM The COM Se
Page 67 and 68:
Setting Default COM Security on Win
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Setting Default COM Security on Win
Page 77 and 78:
Page 79 and 80:
Setting Permissions per Application
Page 81 and 82:
♦ SAS® Integration Technologies:
Page 83 and 84:
left the Authentication Level on th
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
where is the name of your machine
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Using the SAS Integration Technolog
Page 97 and 98:
Page 99 and 100:
configuration file for a connection
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
3. Select the type of server to tes
Page 109 and 110:
• Make sure the permissions are c
Page 111 and 112:
Object Server Parameters The follow
Page 113 and 114:
Attributes for sasServer The sasSer
Page 115 and 116:
Page 117 and 118:
Attributes for sasLogicalNameInfo T
Page 119 and 120:
How an IOM Bridge Server Works In o
Page 121 and 122:
UNIX Note: When you install the spa
Page 123 and 124:
This completes the basic configurat
Page 125 and 126:
Spawner Requirements Hardware Requi
Page 127 and 128:
• Example UUID Generator IOM Brid
Page 129 and 130:
Using the IT Administrator Wizard t
Page 131 and 132:
◊ If you would like to add anothe
Page 133 and 134:
Using IT Administrator to Define a
Page 135 and 136:
Using IT Administrator to Define a
Page 137 and 138:
IOM Bridge Servers SAS® Integratio
Page 139 and 140:
the sasSpawner Attributes List will
Page 141 and 142:
Configuring a UUID Generator Curren
Page 143 and 144:
The following procedure explicitly
Page 145 and 146:
foundDashDash=1; fi args="$args$tmp
Page 147 and 148:
Invoking (Starting) the Spawner Aft
Page 149 and 150:
Starting the Spawner on Windows To
Page 151 and 152:
♦ ♦ −ldap_binddn "CN=John Doe
Page 153 and 154:
Method 1: Using SAS Setup 1. Log in
Page 155 and 156:
Spawner Invocation Options The foll
Page 157 and 158:
Note: If none of the spawner defini
Page 159 and 160:
Using the SAS Integration Technolog
Page 161 and 162:
Page 163 and 164:
configuration file for a connection
Page 165 and 166: SAS® Integration Technologies: Adm
Page 189 and 190: Configuration File Examples: Server
Page 191 and 192: Configuration File Example: Using L
Page 193 and 194: Configuration File Examples: UUID G
Page 197 and 198: Attributes for sasLogin A SAS login
Page 199 and 200: Attributes for sasServer The sasSer
Page 203 and 204: Object Server Parameters The follow
Page 205 and 206: Server Startup Command You can spec
Page 207 and 208: Attributes for sasSpawner The sasSp
Page 213 and 214: Creating a Stored Process Path A st
Page 215: 7. List the possible values for the
Page 219 and 220: 6. After you define the subscribers
Page 221 and 222: 7. You cannot deliver information o
Page 223 and 224: Creating Subscribers The publicatio
Page 225 and 226: Creating Subscriptions When you ass
Page 227 and 228: Entry Filters Publishers send infor
Page 229 and 230: Creating Overrides An override is c
Page 231 and 232: Creating a Library Data Source A li
Page 233 and 234: Creating a Table Data Source A tabl
Page 235 and 236: Adding Person Entries to the Direct
Page 239 and 240: This example allows access to two g
Page 241 and 242: Setting Access Permissions for an O
Page 243 and 244: Specifying Bind Rules The bind rule
Page 245 and 246: e before, after, or equal to the ti
Page 249 and 250: Cn=sasArchivePaths,sascomponent=Arc
Page 255: Your Turn If you have comments or s
show all

SAS® Integration Technologies: Administrator's Guide (LDAP Version)

Create successful ePaper yourself

Delete template?

Save as template?