Download A SAS Data Warehouse on Open VMS (AXP)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Clusterpoint wikipedia , lookup

Data model wikipedia , lookup

Asynchronous I/O wikipedia , lookup

Expense and cost recovery system (ECRS) wikipedia , lookup

Data analysis wikipedia , lookup

Database model wikipedia , lookup

Information privacy law wikipedia , lookup

Data vault modeling wikipedia , lookup

3D optical data storage wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Business intelligence wikipedia , lookup

Transcript 
Group Audit Department: Project ICARUS
Information
Collecting
And
Risk
Uncovering
System
A SAS
SAS Datawarehouse
Datawarehouse
A
on OpenVMS
OpenVMS (AXP)
(AXP)
on
UBS Giampaolo Trenta Juni 98 / 1
•The Group internal Audit department (GADE) of the Union Bank of
Switzerland (UBS)
•GADE is a control instrument reporting directly to the president of the board of
the directors.
•ICARUS was the project to implement a data warehouse
•The data warehouse is intended to support the work of the business auditor
•A new approach for auditing: macro analysis rather than micro analysis
•Data on the warehouse are available for a longer period of time than on the
production system
•Trend analyses and cross comparisons between periods are possible
•We want to use the data analysis capabilities of SAS
•We already discovered interesting properties of rate deviations in FX
1
Data Delivery
Swiss Data
Trading Data (international)
London
Zurich
New York
Geneva
Lugano
Tokyo
Hong
Kong
TCP/IP
Tokyo
DECnet
(national)
SAS
Data
Warehouse
on
OpenVMS
UBS
Singapore
Swiss
Banking
System
ABACUS
UBS Giampaolo Trenta Juni 98 / 2
•We collect UBS trading data (Foreign Exchange) from around the globe
•We collect data from our Swiss banking system (ABACUS)
•Due to the sensitivity of the data we need strong security while also requiring
flexibility
•Legacy aspects with a GADE application called IDA+ required DECnet
support
•TCP/IP support is also required
•The system do not have to require intensive support
•The system must run as automatically as possible (management by exceptions)
•The system must deliver the best possible price/performance ratio
•All this aspects spoke for OpenVMS on Alpha
•AlphaServer4100/300 with 512MB RAM and 2x2GB and 8x4GB Disks
•Control level based on RAID capabilities (level 2 sysdisk, level 5 data disks)
2
File Processing
mailbox
detached OpenVMS process
3
process
flow
get
notification
tify
no
3 read file ID
4 move file
5 enqueue
loader
it dat
a
6 process
data
loader
5
enqueue
7 move file
2
7
4
trans
m
SAS program
1
move file
move file
data
flow
RCV
ARCH
DATA
external influence
internal influence
UBS Giampaolo Trenta Juni 98 / 3
•Data is delivered in form of ASCII files
•File transfer applications support the POSTPROCESSING
•Supported network protocols are TCP/IP and DECnet
•No matter the used protocol file processing schema is always the same
•The range of influence of the process delivering the data is keep as small as
possible
•Only trusted processes and users are allowed to access the database
•The use of a mailbox eliminates the need for polling
•The post processing process performs an asynchronous write on the mailbox
•A detached process perform a synchronous read on the mailbox
•The same process submit the process running SAS and the data loader program
•This introduces a convenient point to control execution namely a queue
•The queue is also used to serialize data loading jobs and avoid concurrent
access
•The moving files (rename) can be considered an atomic operation
3
Data Loader
Objective
Data load is correct and complete
or the target dataset has not been changed
Problem
No transaction processing and support
and therefore no rollback in SAS
Strategie
Data load into a WORK dataset
if no errors occured then
append the WORK dataset to the target dataset
ASCII
work
dataset
target
dataset
work
dataset
UBS Giampaolo Trenta Juni 98 / 4
•Executed in batch mode
•The integrity of the database has the highest priority
•The loader has to deal with possible error conditions during parsing of the
delivered files
•An administrative SAS database with statistics on loaded data is also updated
•Database updates are conservative
4
Business Model
Product: FOREX
Regions
ZHR
Switzerland
X
GEN
LUG
X
NY
TOK
SIN
LON
X
X
Europe
X
Americas
Asia Pacific
Divisions
HK
X
X
X
X
X
X
Private Banking
Consumer & Corporate
Investment Banking
X
X
X
X
X
Asset Management
UBS Giampaolo Trenta Juni 98 / 5
•The business model has to be taken into consideration when organizing data
•The implementation model has to reflect the business model
•We have auditors assigned to regions or divisions
•Regional view and/or product view
•Both view must co-exists and be supported
5
Technical Implementation
prg
CH
FX
EU
FX
USA
FX
AS
FX
IB
FX
hardlink
set file/enter=..... xx
ACL
warehouse
data
identifier=MGR,
access=R+W+E+D
ZHR
adm
PB
identifier=IB_USR,
access=R
identifier=CH_USR,
access=R
FX
identifier=*,
access=none
AM
FX
CC
FX
OpenVMS
SAS
UBS Giampaolo Trenta Juni 98 / 6
•Every auditor is assigned to a fixed home directory
•All object accessible to him are directly accessible inside his subtree
•In order to avoid duplication of datasets we define hard links
•OpenVMS identifiers, based on access control lists, allow role based access
control
•SAS/SHARE and SAS/CONNET strictly observe user-based OpenVMS access
control
•Role-based access control rules on data don’t need to be continuously
maintained
•Identifiers granting and revoking is the only necessary administrative task
6
SAS/CONNECT
SA
S
SAS
TCP/IP VT Connection
VT
VMS Session
SA
S
VT
SAS
VT Connection
VMS Session
SA
S
VT
SAS
VT Connection
VMS Session
Client
Server
VT = Virtuell Terminal
UBS Giampaolo Trenta Juni 98 / 7
•There are many possibilities to access the data stored on the server
•Behind SAS/CONNECT on TCP/IP there is in fact a terminal based connection
•SAS on client acts like a virtual terminal, driven by the events generated by the
GUI
•This requires an OpenVMS interactive license for every concurrent client
•However, data on the server can be processed strictly on the server (remote
execution functions)
•The authentication is performed directly by the OpenVMS login and passwords
are sent in clear text
•The SAS rel 7.0 will also have a spawner for OpenVMS (already available for
UNIX and NT)
•Thus the client will connect via the ‘spawner’ rather than the OpenVMS login
•Note that every client requires a dedicated server process
7
SAS/SHARE
SAS
TCP/IP socket communication
ICARUS_SVR
SAS
TCP/IP
socket comm.
SAS
Client
TCP/IP socket communication
Detached
VMS Process
executing
ICARUS_SVR.SAS
Server
UBS Giampaolo Trenta Juni 98 / 8
•A SAS/SHARE process can serve many clients concurrently
•Authentication is performed directly by the share process based on OpenVMS
username/password
•There is no OpenVMS login (interactive/noninteractive) for users using
SAS/SHARE
•However, the OpenVMS context of the users is fully respected for access
control
•Network access could be an issue since SAS/SHARE makes libraries available
over the network
•In reality good performance has been observed especially using sql
8
SAS/SHARE Server Startup
submit/user=icarus
:
:
$run/detach/process=icarus_srv
/uic
=icarus/..
/priv
=(nosame,netmbx,..)
/error
=icarus_srv_err.log
/output =icarus_srv.log
/input
=icarus_srv.com
sys$system:loginout.exe
:
:
:
$SAS /LS=80
/LOG=ICARUS_SRV_SAS.LOG
icarus_svr.com
/FULLSTIMER ICARUS_SRV.SAS
:
icarus_svr_startup.com
icarus_svr.sas
required privbilegies for ICARUS:
NETMBX, TMPMBX,
SYSNAM, AUDIT
:
%let TCPSEC=_SECURE_;
%let AUTHENCR=REQUIRED;
options comamid=TCP;
proc server uavalid=yes
oavalid=yes
id=icarus;
run;
:
UBS Giampaolo Trenta Juni 98 / 9
•The SAS/SHARE process must be up and running to allow user connections
•Not like SAS/CONNECT where dedicated user processes are created on the fly
•The SAS/SHARE process is implemented as a detached OpenVMS process
running the SAS image and a SAS program
•Requiring encrypted authentication
9
SAS/SHARE vs SAS/CONNECT
SAS/SHARE
SAS/CONNECT
+
authentication based on
OpenVMS Auth. Database
+
+
encryption username/password
+
+
+
no OpenVMS user processes
(no OpenVms licenses)
+
+
full OpenVMS access control
data on server processed strictly
locally (remote processing)
users can be locked on OpenVMS level
full OpenVMS audit on users
users can change their password
hidden terminal based connection
scripting to build terminal session
restricted security and audit
on OpenVMS (e.g. disuser)
OpenVMS password change?
no remote processing functions
network traffic could be an issue
no ‘spawner’ in the current SAS 6.12
for OpenVMS
OpenVms login with plaintext
username/password
every client session required
OpenVMS license
user could get DCL-prompt
user can execute DCL-command
UBS Giampaolo Trenta Juni 98 / 10
•Both product strictly observe OpenVMS and fully implement access control
10
Related documents
Using the SAS System to Mine Your Data
Using the SAS System to Mine Your Data
SAS and a Multi-User Estimating Database
SAS and a Multi-User Estimating Database
Developing Web Applications with htmSQL
Developing Web Applications with htmSQL
Customer Case Study: Competitive Intelligence through Business Analytic and Data Mining Environments
Customer Case Study: Competitive Intelligence through Business Analytic and Data Mining Environments
Customer Case Study: Turning Information into Intelligence: Clinical Data Navigation and Integration
Customer Case Study: Turning Information into Intelligence: Clinical Data Navigation and Integration
Multi-Process Connect; What, When, Where, How, and Why
Multi-Process Connect; What, When, Where, How, and Why
SAS/ACCESS: An Interface to ORACLE
SAS/ACCESS: An Interface to ORACLE
Sponsor Presentation: HP Category Management - Data Mining and intelligence In Action
Sponsor Presentation: HP Category Management - Data Mining and intelligence In Action
Recall from yesterday the two conjectures that you derived about the
Recall from yesterday the two conjectures that you derived about the
Customer Case Study: Data Mining at Chrysler Group
Customer Case Study: Data Mining at Chrysler Group
OpenVMS Software Overview
OpenVMS Software Overview