Key Considerations and Best Practices for a Smooth Transition to SAS 9.4 M8

Part 2 of our SAS 9.4 is going to be your best M8 series.

By Paul Shannon

Preparing for a Seamless SAS 9.4 M8 Upgrade: Crucial Steps and Considerations

Following the release of SAS 9.4 M8, the team at Katalyze Data have been busy evaluating the extent of changes and identifying key factors to consider, before performing an in-place upgrade on an existing SAS 9.4 installation.

As discussed in Part 1 of our SAS 9.4 M8 blog series, the update addresses numerous security vulnerabilities, offering a compelling reason to upgrade. However, these changes also impact software configurations and require thorough preparation. In this post, we’ll outline the essential prerequisites and best practices for a successful SAS 9.4 M8 upgrade, based on our hands-on experience helping existing clients.

Key Steps for Upgrading to SAS 9.4 M8

In summary, to ensure a smooth transition, we recommend following these critical steps:

1. Understand the encryption algorithms in your environment: Assess whether you need to change the encryption algorithms currently in use.
2. Consider SAS Environment Manager on Windows systems: Be aware of potential issues with upgrading to M8 on some Windows operating systems and follow the recommended workaround below.
3. Remove retired products: Prepare your environment by removing outdated products.

Encryption Changes in SAS 9.4 M8

With the retirement of SAS/SECURE in M8, SAS’s approach to encrypting IOM connections (e.g., from SAS Enterprise Guide) has changed. Depending on your environment’s configuration, you may need to enable FIPS-compliant encryption in your operating system. Failing to do so may result in losing all connection capabilities to a Metadata server, including through the SAS Management Console. AES or SSL/TLS encryption algorithms most likely impacted.

Addressing SAS Environment Manager Issues on Windows Systems

We have encountered issues with upgrading to SAS 9.4 M8 on certain Windows operating systems. While still under investigation, a suggested workaround is to unconfigure and uninstall SAS Environment Manager, then reinstall and reconfigure using the original deployment plan file. This approach ensures that the Environment Manager does not cause problems during the upgrade installation and configuration process.

Preparing your environment

Removing retired products is a simple process, but the importance of this cannot be understated when upgrading. By default, upgrading to SAS 9.4 M8 will not remove files from earlier releases.

For example, even though known security vulnerabilities with Log4J have been patched by most companies, the underlying product installation still exists. This can lead to company cyber security departments persistently detecting a potential software vulnerability and requiring it’s removal.

We recommend using the SAS Deployment Manager to eliminate previous versions of SAS, and verify the removal by running SAS Installation Qualification tests before and after. After doing so, and in the example above, running the SAS Loguccino utility should return zero vulnerable files found relating to the Log4J issue.

References:

Federal Information Processing Standard (FIPS) 140 Validation | Microsoft Learn

69305 – SAS® Environment Manager experiences a failure either during or after an upgrade-in-place (UIP) to SAS® 9.4M7 (TS1M7)

SAS Help Center: ENCRYPTFIPS System Option

SAS Help Center: NETENCRYPTALGORITHM= System Option

Instructions for the SAS Response to Log4j Vulnerabilities