Solved: Re: Is installing custom PROCs on a server just crazy-talk, or is it r...

lanceanz · Posted 07-25-2017 07:30 PM

Running SAS 9.4 TS1M3 on Windows.

A couple of our statisticians are keen to use the PennState SAS Procedures for Latent Class Analysis & Latent Transition Analysis. The authors warn that "PROC LCA is intended for individual installations and is not tested for server installations of SAS". Very clear, but if it's not too risky, we would give them a try on our server. If there's more than a slight risk they will negatively impact normal use of the server, then we won't.

Can anyone please comment on what the risks are of running custom PROCs on a server? What's the likely impact, and what's the worst that could happen (they've been tested on a standalone install of SAS).

We do have a test server but the licensing is very limited. We cannot use it for production purposes, or with real data.

Thanks,

Lance

ChrisBrooks · Posted 07-25-2017 08:37 PM

It looks to me like these are Procedures built with SAS Toolkit - I've run such Procs before on a server but it's very difficult to say what "the worst that could happen" is as they're likely black boxes so in theory just about anything could be in there (viruses, code to delete all your data etc). Having said that I think we'd all agree that Penn State is a reputable body who wouldn't knowingly let anything like that in their code.

Of course I'd never run anything in a production environment without thoroughly testing it first (including on a test server) and I don't think the licence for your test server would inhibit you from testing this - just scramble some of the numbers in your test file so it is no longer "real data" and I would have thought you'd be fine.

View solution in original post

ChrisBrooks · Posted 07-25-2017 08:37 PM

It looks to me like these are Procedures built with SAS Toolkit - I've run such Procs before on a server but it's very difficult to say what "the worst that could happen" is as they're likely black boxes so in theory just about anything could be in there (viruses, code to delete all your data etc). Having said that I think we'd all agree that Penn State is a reputable body who wouldn't knowingly let anything like that in their code.

Of course I'd never run anything in a production environment without thoroughly testing it first (including on a test server) and I don't think the licence for your test server would inhibit you from testing this - just scramble some of the numbers in your test file so it is no longer "real data" and I would have thought you'd be fine.

lanceanz · Posted 07-27-2017 03:05 PM

Thanks for that, Chris. I'll do some reading on SAS Toolkit. We can certainly put together some dummy data. My biggest concern is around impact on other users, which is impossible to test usefully without actually putting them on production. I'll see if anyone else has more thoughts to offer, so won't mark this thread as resolved till next week. Have a great weekend.

Lance

lanceanz · Posted 08-09-2017 06:23 PM

I've accepted Chris's response as a solution, thanks. It was useful feedback. Too much risk, so we won't be installing the custom PROCs until the authors say they're okay for server.

Is installing custom PROCs on a server just crazy-talk, or is it reasonably safe?

Re: Is installing custom PROCs on a server just crazy-talk, or is it reasonably safe?

Re: Is installing custom PROCs on a server just crazy-talk, or is it reasonably safe?

Re: Is installing custom PROCs on a server just crazy-talk, or is it reasonably safe?

Re: Is installing custom PROCs on a server just crazy-talk, or is it reasonably safe?