The SAS Deployment Agent is used to facilitate communications between SAS components and across machines in a multi-machine deployment. These communications are secured by default and were configured at initial deployment time.

During an upgrade-in-place, an add-on installation, or other SAS deployment maintenance, it might be necessary to manually generate and synchronize SAS Deployment Agent security credentials to complete deployment tasks.

Following deployment-maintenance activities, desynchronized SAS Deployment Agent security credentials might result in errors when using administrative tools such as the SAS^® Deployment Backup and Recovery Tool or SAS^® Environment Manager Service Architecture Framework.

Understanding SAS^® Deployment Agent Communications

For SAS Deployment Agent communications to function successfully, the following must exist and be synchronized:

• An agentKeyStore.jks file and an agentTrustStore.jks file on each machine where a Deployment Agent runs, located in  the SASHome/SASDeploymentAgent/9.4/config directory
• An agent.properties file with paths and SAS002-encoded passwords to the keystore/truststore files, which are located in the same directory (On multi-machine deployments, this file must exist on each machine.)
• SAS^® Metadata Repository values that match the SAS002-encoded versions located in the agent.properties file

When a situation occurs in which a SAS^® Deployment Wizard task reconfigures SAS Deployment Agent, the local files (agent.properties, keystore, and truststore) might be overwritten. When this overwrite occurs, SAS Metadata Repository might not be updated, and instead retains the old/original values. In the case of multi-machine deployments, machines other than where SAS Deployment Wizard is currently being run might also retain the old/original values. Due to this desynchronization, SAS Deployment Agent communications might fail.

To circumvent situations in which SAS Deployment Agent security credentials might be desynchronized, generate and synchronize new security credentials. Do not attempt to reuse old security credentials.

 

---

When you generate new SAS^® Deployment Agent Security Credentials, the new credentials are automatically uploaded to the Metadata Server repository and saved on the local machine. If you have a single-machine deployment, performing the steps in the Generating SAS^® Deployment Agent Security Credentials section below is all that is required.

If you have a multi-machine deployment, complete the steps below from both the Generating SAS^® Deployment Agent Security Credentials and Synchronizing SAS^® Deployment Agent Security Credentials in Multi-Machine Deployments sections.

Generating SAS^® Deployment Agent Security Credentials

1. Start the SAS^® Metadata Server, if it is not already running. Other SAS services might be running or stopped.
2. On the SAS Metadata Server host, launch SAS Deployment Manager.
3. Select the Configure Deployment Agent Communication Options SAS Deployment Manager task.
4. Select the current SAS configuration directory when prompted.
5. Enter SAS Metadata Server logon credentials when prompted. Use the account sasadm@saspw.
6. Select Generate the credentials to secure the connection.
7. Select the Enable regeneration of security credentials check box.
8. Continue through prompts until the Deployment Manager task has finished, keeping any defaults. At this point, the agent.KeyStore and agent.TrustStore files on the Metadata Server host are modified and their timestamps updated. These new values are automatically uploaded to the SAS^® Metadata Server Repository.
9. Start the SAS Deployment Agent on the Metadata Server host, if it is not already running.

• On UNIX, you might be able to quickly start a SAS Deployment Agent by running the command SASHome/SASDeploymentAgent/9.4/agent.sh start as the SAS Installation User.
• On Windows, you might be able to quickly start a SAS Deployment Agent via the services.msc console as the SAS Installation User. The Service name is "SAS Deployment Agent."
   

Synchronizing SAS^® Deployment Agent Security Credentials in Multi-Machine Deployments

Download New Credentials from SAS Metadata Server Repository

Complete the following steps on all hosts with a SAS Deployment Agent except the Metadata Server host where you generated the new credentials.

1. Start the SAS Metadata Server, if it is not already running. Other SAS services might be running or stopped.
2. Launch SAS Deployment Manager.
3. Select the Download Deployment Agent Credentials from Metadata Server SAS Deployment Manager task. 
4. Select the current SAS configuration directory when prompted.
5. Enter SAS Metadata Server logon credentials when prompted. Use the account sasadm@saspw.
6. Continue through prompts until the Deployment Manager task has finished, keeping any defaults.
7. Start the local SAS Deployment Agent, if it is not already running.
   
   At this point, the local agent.properties file will be updated and synchronized with the version stored within the SAS Metadata Repository. The local agent.KeyStore and agent.TrustStore files will also be updated from the version stored within the SAS Metadata Repository. All these files' timestamps should update. This should indicate that all files have been synchronized and are consistent with the versions found in the SAS Metadata Repository.
   
    
8. If there are multiple machines in the SAS deployment, perform steps 1-7 from this subsection (Download New Credentials from SAS Metadata Server Repository) for each machine with a SAS Deployment Agent.

 

---

For more information about the process of generating and synchronizing SAS Deployment Agent Security Credentials, refer to page 50 of the SAS^® Deployment Wizard and SAS^® Deployment Manager 9.4: User's Guide.