tomweber-sas
commented
3 years ago What access method are you using?
Closed yobdoy closed 3 years ago
tomweber-sas
commented
3 years ago What access method are you using?
yobdoy
commented
3 years ago iomlinux
tomweber-sas
commented
3 years ago Ok, so IOM. Is the workspace server you're connecting to configured for encryption? Is so, then that would be what would be doing the encryption between the client and that server. There's no encryption in the python process, just between the iOM client and the IOM server (Workspace server). But, that's what's going across the wire.
yobdoy
commented
3 years ago Thanks Tom,
So then, encryption must be configured in the server.
Is there any documentation specifying how to check if the server I'm connecting to is encrypted? Or how to check via saspy or Enterprise Guide if the server we're connecting to is configured to accept only encrypted connections? (or even running a command on the server, I could ask the SAS admins here to check that).
Thanks, just trying to understand what evidence we can send the d.b. guys so they can open the firewall.
Best regards,
tomweber-sas
commented
3 years ago Well, there are a number of options having to do with all of this, and I'm no expert on it. https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n13sxrs027e4gjn1od2ufsgzl4w7.htm is a doc having to do with it. So there are some options you can look at (just running proc options), but I think the best thing to do is to check with your SAS admins (whoever configured and supports the servers you're going to be connecting to), and ask them about how they are configured and if it will then satisfy the requirements of the DB group. Also, assuming the server is running encrypted, you should have the 3 encryption jars (*rutil*.jar) copied into your saspy repo (java/iomclient dir) as talked about here (https://sassoftware.github.io/saspy/configuration.html#attn-as-of-saspy-version-3-3-3-the-classpath-is-no-longer-required-in-your-configuration-file) so that you can be sure to connect.
yobdoy
commented
3 years ago Thank you Tom, I'll check back with the SAS team so they can check if it's encrypted. Let's close it for now.
Hi @tomweber-sas
Quick question, related to my previous inquiries. I was able to get saspy installed and running from databricks, to the point where it tries to connect to our server but then it fails because the firewall is not open.
Before opening up the firewall, the databricks team needs reassurance that when we establish a connection to our SAS server from SASPy the connection will be encrypted.
Is there some additional config that needs to be done to explicitly turn this on? (Databricks team is asking for things like certificates, turning on SSL/TSL, etc -sorry if these don't make sense, I'm only repeating what they said-)
Best regards,