Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

SHARE

System Administrator or User

To use the APPC access method with a Windows host for SAS/CONNECT and SAS/SHARE, perform these tasks:

Verify that you have met all your site and software requirements.
Verify that the resources for the APPC access method have been defined.
Verify that you know how to set options in SAS software.
Set the SAS/CONNECT and SAS/SHARE options that you want.

System and Software Requirements for SAS/CONNECT and SAS/SHARE

Ensure that the following conditions have been met:

APPC has been installed at both the local and remote hosts at your site.
SAS has been installed on both the local and remote hosts.

The APPC access method gives you access to an SNA network. SAS/CONNECT and SAS/SHARE software use the Microsoft Windows Open Services Architecture (WOSA) standard (WinAPPC). Therefore, you should be able to use software from any vendor that supports this standard. The following package has been verified by SAS Institute:

the Microsoft SNA Server, Version 2.11 SP1 (Service Pack 1) or subsequent release.
any program that supports the WOSA APPC standard.

Sample configuration files for Windows NT, Windows 95, Windows 98, and Windows 32s are included on the install media in !SASROOT\CONNECT\SASMISC and !SASROOT\SHARE\SASMISC.

Configuring a Microsoft Server Environment

Network Administrator

Note: The following applies to configuring the Microsoft SNA Server only. If you are using another communications product, refer to that product's configuration instructions. [cautionend]

An IBM Systems Network Architecture (SNA) network enables a Windows host to provide client and server functionality for both SAS/CONNECT and SAS/SHARE using the APPC communications access method. Before you can use SAS/CONNECT and SAS/SHARE along with the APPC access method, you must install and configure the Microsoft SNA Server.

Optionally, for Windows NT only, you may want to configure Windows NT Host Security Integration features that simplify the login procedure and manage multiple passwords that you may need for accessing Windows NT and host security domains.

See Installing and Configuring a Microsoft Server Environment for information about configuring Windows NT Host Security Integration features and installing an SNA server and SNA clients.

Understanding SNA Server Terminology

Familiarity with these terms will help you when you talk to your network administrator about selection options.

LU (logical unit): a device or program by which a user (LU6.2 applications program) gains access to an SNA network.
local LU: a named LU that is associated with a local host that connects to a SAS/CONNECT remote host or with a client that accesses a SAS/SHARE server.
remote LU: a named LU that is associated with the SAS/CONNECT remote host or with a SAS/SHARE server to which a local host or a client attaches.
LU alias: an alternative name assigned to an LU (local or remote).

For more information about this terminology, see the Microsoft SNA Server Administration Guide.

Setting SAS Options

You may need to set specific options in SAS to establish the connections that you want with SAS/CONNECT and SAS/SHARE when using the APPC communications access method.

Consult with your network administrator to determine what options must be set and what values to assign to them.

You may specify an option in any of several forms, as follows:

OPTIONS statement in a SAS session or in an AUTOEXEC file:
OPTIONS SET=variable-name value;
Example:
```
options set=appc_secure _none_;
```
SAS configuration file or on SAS invocation:
-SET variable-name value
Example:
```
-set appc_secure _none_
```
DOS operating system environment variable:
SET variable-name=value
Example:
```
set appc_secure=_none_
```

Values for these options can contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).

If you set multiple forms of the same option, here is the order of precedence that is followed:

OPTIONS statement

AUTOEXEC file

SAS invocation

SAS configuration file

DOS environment variable.

Setting Security for SAS/CONNECT and SAS/SHARE

For SAS/CONNECT, you must supply identifying information to sign on without a script to a remote host running a spawner program. A SAS/SHARE server, running secured, requires identification from each connecting client. The next several sections outline the alternatives for specifying security information for SAS/CONNECT and SAS/SHARE.

Providing Client Identification in a Version 8 Session

Note: In the Windows environment, SAS/SHARE server security is supported on the Windows NT platform only. [cautionend]

In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:

SIGNON

RSUBMIT

LIBNAME

PROC SQL
Connect to Remote

PROC OPERATE

(in the PROC statement)

set server

stop server

quiesce server

start server

display server

Specifying client identification in the APPC_SECURE= option is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client APPC_SECURE= option when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override an APPC_SECURE= option setting in the same client SAS session.

CAUTION:: In order to make a SAS/SHARE server secured, the APPC_SECURE= option must be set at a SAS/SHARE server that can run on any host.

Here is the syntax and definitions for these options:

USER | USERNAME | USERID | UID=username | _PROMPT_

Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.

username

is a valid userid for the remote host and is thus host-dependent in form. If the value contains blanks or special characters, it must be enclosed in quotes. On Windows NT only, the username can also include the domain name, which locates the specified username in a domain.

password

is the password, if any, required for authentication of the supplied username. This value will not be echoed in the SAS log. If the value contains blanks or special characters, it must be enclosed in quotes.

_PROMPT_

specifies that the SAS System prompts the client for username and password.

Note: The values provided when prompted must NOT be quoted. [cautionend]

Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.

This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.

For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.

Here is a Version 8 example for SAS/SHARE:

libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;

For SAS/CONNECT, these values are valid until SIGNOFF.

Here is a Version 8 example for SAS/CONNECT:

signon rmthost user=joeblack password=born2run;

As a security precaution, PASSWORD= field entries echoed in the log are replaced with Xs. If _PROMPT_ was specified for entering the password, the entry would not be displayed on the screen as it is typed.

Providing Client Identification in a pre-Version 8 Session

For SAS/CONNECT and SAS/SHARE, you must set the APPC_SECURE variable in order to pass a remote host userid and a password to a remote SAS/CONNECT host or to a SAS/SHARE server for verification. After the userid and the password have been verified, the connection to the remote SAS/CONNECT host or the SAS/SHARE server can proceed.

APPC_SECURE _NONE_ | _PROMPT_ | userid.password | _SAME_

_NONE_

must be set at the SAS/CONNECT local host or the SAS/SHARE client. This is the default.

Setting _NONE_ does not establish secure sessions for connecting SAS/CONNECT local hosts or SAS/SHARE clients.

_PROMPT_

must be set at the SAS/CONNECT local host or the SAS/SHARE client.

_PROMPT_ specifies that SAS prompt the user for userid and password information. When prompted for a password, the input field is not displayed. Choosing to prompt for userid and password provides more security than assigning the userid and password to the variable.

userid.password

must be set at the SAS/CONNECT local host or the SAS/SHARE client.

This option specifies both the userid and password. Assigning the userid and the password directly to the APPC_SECURE variable at the SAS/CONNECT local host or the SAS/SHARE client may inadvertently publicize this information and compromise the security of the SAS/CONNECT remote host or the SAS/SHARE server. Assigning the value to the variable in a file allows anyone to read it.

If the userid or the password contains numeric or special characters, enclose the entire userid.password in quotation marks.

_SAME_

CAUTION:: Windows NT only This value is supported on Windows NT only.

This option must be set at the SAS/CONNECT local host or the SAS/SHARE client.

_SAME_ offers the convenience of not having to specify a userid and password to APPC_SECURE. Setting _SAME_ automatically obtains the appropriate host userid and password from the NT Host Security Integration system. In order to take advantage of this feature, you must have installed and configured the NT Host Security Integration feature in your Windows NT environment. For details about installing and configuring this feature, see Configuring Windows NT Host Security Integration Features.

Examples:

options set=appc_secure _none_;
options set=appc_secure _prompt_;
options set=appc_secure bass.timego;
options set=appc_secure "apex\bass.timego"; 
options set=appc_secure bass.time2go;
options set=appc_secure _same_;

See Setting SAS Options for examples of the forms that you can use to specify APPC_SECURE.

SAS/CONNECT and SAS/SHARE Options

APPC_LUNAME

specifies the name of the local LU alias to use. You must declare APPC_LUNAME unless a default local APPC LU has been defined. A default APPC LU is defined when setting up the Microsoft SNA Server. You use the value assigned to the APPC_LUNAME when making a remote host connection with SAS/CONNECT or when accessing a SAS/SHARE server.

Ask your network administrator for the name of the local LU that you can use to assign to APPC_LUNAME or for the default local LU value.

APPC_LU62MODE

specifies the mode name that is associated with an LU-LU pair and determines the session properties for that pair.

The default mode name is SASAPPC. Whether you assign a mode name to the option or you accept the default SASAPPC, you must define the mode and use the same mode name value in both the local session and the remote environments (either on the remote host in a SAS/CONNECT session or on a SAS/SHARE server, as necessary).

APPC_PARTNER_COUNT

specifies the maximum number of simultaneous remote hosts that this local session has at any one time. This estimate permits better allocation of memory for resources for internal control block usage.

SAS/CONNECT Only Options

APPC_SURROGATE_LUNAME

specifies an LU to use for a SAS/CONNECT remote session on an OS/390 host. If APPC_SURROGATE_LUNAME is not defined, the OS/390 remote session dynamically selects an LU from the pool of LUs that is defined on the OS/390 host for this purpose.

Note: This option applies only when connecting to an OS/390 remote host. [cautionend]

Ask your network administrator for the name of the remote LU for the OS/390 host that you can use to assign to APPC_SURROGATE_LUNAME .

APPC_DEPLU

enables dependent LU processing support by releasing unused sessions.

In order for APPC_DEPLU to work properly, when specifying the connection name during Microsoft SNA Server configuration, you must configure the remote LU as a dependent host connection. See Configuring the Server for the context for this requirement.

	OPTIONS statement
	AUTOEXEC file
	SAS invocation
	SAS configuration file
	DOS environment variable.