We are still helping our customers get more out of the data they have and make data driven decisions. Our new site is packed with information and insights of how data can be the catalyst to your business growth.
Part 2 of our SAS 9.4 is going to be your best M8 series.
By Paul Shannon
Following the release of SAS 9.4 M8, the team at Katalyze Data have been busy evaluating the extent of changes and identifying key factors to consider, before performing an in-place upgrade on an existing SAS 9.4 installation.
As discussed in Part 1 of our SAS 9.4 M8 blog series, the update addresses numerous security vulnerabilities, offering a compelling reason to upgrade. However, these changes also impact software configurations and require thorough preparation. In this post, we’ll outline the essential prerequisites and best practices for a successful SAS 9.4 M8 upgrade, based on our hands-on experience helping existing clients.
In summary, to ensure a smooth transition, we recommend following these critical steps:
With the retirement of SAS/SECURE in M8, SAS’s approach to encrypting IOM connections (e.g., from SAS Enterprise Guide) has changed. Depending on your environment’s configuration, you may need to enable FIPS-compliant encryption in your operating system. Failing to do so may result in losing all connection capabilities to a Metadata server, including through the SAS Management Console. AES or SSL/TLS encryption algorithms most likely impacted.
We have encountered issues with upgrading to SAS 9.4 M8 on certain Windows operating systems. While still under investigation, a suggested workaround is to unconfigure and uninstall SAS Environment Manager, then reinstall and reconfigure using the original deployment plan file. This approach ensures that the Environment Manager does not cause problems during the upgrade installation and configuration process.
Removing retired products is a simple process, but the importance of this cannot be understated when upgrading. By default, upgrading to SAS 9.4 M8 will not remove files from earlier releases.
For example, even though known security vulnerabilities with Log4J have been patched by most companies, the underlying product installation still exists. This can lead to company cyber security departments persistently detecting a potential software vulnerability and requiring it’s removal.
We recommend using the SAS Deployment Manager to eliminate previous versions of SAS, and verify the removal by running SAS Installation Qualification tests before and after. After doing so, and in the example above, running the SAS Loguccino utility should return zero vulnerable files found relating to the Log4J issue.
Federal Information Processing Standard (FIPS) 140 Validation | Microsoft Learn
69305 – SAS® Environment Manager experiences a failure either during or after an upgrade-in-place (UIP) to SAS® 9.4M7 (TS1M7)
SAS Help Center: ENCRYPTFIPS System Option
SAS Help Center: NETENCRYPTALGORITHM= System Option
Instructions for the SAS Response to Log4j Vulnerabilities