Watch this Ask the Expert session to understand the role of a SAS Viya administrator and build confidence and improve the configuration, stability, and performance of your SAS Viya deployment. 

Watch the webinar

You will learn:

• The role of a SAS Viya administrator.
• Which parts of SAS Viya administration are relevant to your role.
• How to use a checklist of SAS Viya administration tasks

The questions from the Q&A segment held at the end of the webinar are listed below and the slides from the webinar are attached.

Q&A

Can I contribute new tasks?

At the top of the checklist, there's a link to the project README.md (https://github.com/sassoftware/viya4-admin-checklist/blob/main/README.md). Inside that, we have lots of orientation information about the project. You don't need to read all of this before you start, but it can be quite helpful. Within that, we've got a Contributing section, that has a link to a document that describes how to contribute new tasks. There is a fairly simple contributor agreement to that, nothing too onerous. It describes how to go about creating your own task or modifying an existing task and then submitting a pull request. If you can provide a version of the file in any form to us, including as a GitHub pull request, we'll happily look at it. We can review and edit it if needed, and would be delighted for contributions.

How should I suggest ideas for things to include in the checklist?

In GitHub, there is an Issues feature. You can raise an issue, and that is a fantastic way to get in touch with the current maintainers of the project. We'll see the issue come in, we get an e-mail notification, and then we can discuss what you'd like, whether that's a suggestion or if you see a problem with something that you'd like us to revise or write new content or change existing content. If you use a GitHub issue, that's probably the quickest way to get in touch with us. You can also get in touch with the individual project team members, but that's a bit more of an unreliable way to do it because over time we may move teams, we may be working on other projects and not be quite as responsive. So, a GitHub issue is absolutely the best way to get in touch.

Regarding Authorization Model: is it possible not only to import Identities from the identity provider but also the organizational groups, roles, etc. in SAS Viya? Currently, we have different SAS 9.4 environments running which are almost fully driven by AD groups: users, user groups, roles, the folder/library creation and access rules (R/W) are driven by AD, new users, users leaving/moving in the organization, ownership of data,… ACT's together with ACL's on Linux level (enhancements to macro's provided by SAS Institute). Is such a setup easy migratable/feasible from SAS 9.4 towards SAS Viya?

Well, that is a fantastic question, bravo. Short answer, some bits yes and some bits no. Let's split those out a little bit and we may follow up with this one in the post session material as well.

First of all, about the users and groups. The way that users and groups are managed in SAS 9 is different to the way that it happens in SAS Viya. In SAS 9, you have to do something as the SAS administrator to extract the current list of users and groups from your identity provider, typically Entra ID, Active Directory, or something like that. You have to run some code that will maintain the list of users and groups in your SAS 9 environment in the metadata. SAS Viya doesn't work like that. SAS Viya uses either SCIM, or the Identities service to pull identities from an LDAP provider like Entra ID or some other LDAP provider, OpenLDAP maybe, and it will [do so] automatically. Well, when the identity server pulls users and groups from LDAP, it's a pull model. When you use SCIM to provide identities to SAS Viya then that's a push model. The updates are initiated from the external identity provider. But either way around, what you get is an automatically maintained list of users and groups in SAS Viya. So, you don't need to run something yourself anymore to create them in SAS Viya. And yes, the groups that those users are in will come through if you configure the identity service to pick those groups up correctly. So, part of the job of the initial configuration of your environment is that initial configuration of the identity service so that you get the groups you need and ideally not too many of the groups you're not interested in.

Regarding the part of your question about the ACTs (Access Control Templates) in SAS 9, which are commonly used for securing all kinds of resources in SAS 9, and ACLs which is Access Control Lists on the Linux file system, there is a two-part answer.

The authorization models in SAS Viya are a General Authorization system, used for most things like folders, reports, and application functionality. CAS (Cloud Analytic Services) has its own separate authorization system. But both of those are really quite different to the metadata authorization in SAS 9. So, there is no easy way to automate the translation of the permissions that you have on objects in SAS 9 with ACTs. There's no easy way to automate the conversion of that through to SAS Viya. I've seen lots of people attempt it with varying degrees of success, but it's not a simple, pain-free process. I would expect to have to redesign an authorization system from scratch in SAS Viya based on the same principles as the one you had in SAS 9. But the way [permissions are] implemented in SAS Viya is so different that you can't easily automate the transfer of a SAS 9 authorization system into a SAS Viya one.

The last part you'd touched on was, I think Access Control Lists on the Linux file system. They work the same in SAS Viya (if you're using a POSIX style file system) as they did in SAS 9. All you need to do is make sure that your CAS sessions, or your Programming Runtime sessions are running as the right user. So, when the attempt is made to access something on the file system in that directory structure with those permissions applied to it, it's being accessed as the correct user and not as some service account. But beyond that, it should work more or less the same way that it did with SAS 9.

Is it possible to access and apply these ten points?

I'm not totally sure if I know what you mean by that. I mean the list of the 10 tasks that we've picked was indicated by that ‘Essential’ column in the main Checklist, and in the Regular Tasks Checklist. So that's where you can access them. I guess we don't have anything that we provide that's an automated method for designing your backup and restore process, or for designing your authorization model for you. Some of these are higher level design tasks or administrative activities that we can't script.

Can you please share procedure to migrate SAS Viya 3.5 to Viya 4?

https://go.documentation.sas.com/doc/en/sasadmincdc/v_054/calmigration3x/n06wplu5iqmgz6n1mnpklw71eyv...

How frequently do we need to install hotfix in SAS Viya?

That is up to you. There is an Update Checker report that runs daily which will inform you of the availability of updates. You can then choose to apply the updates at your convenience. Viya Stable releases come out monthly, so we find most customers apply updates at least weekly.

How to convince customers to migrate to SAS Viya from Sas 9.4? Because lot of customers/clients moving to other clouds from SAS 9.4 compared to SAS Viya.

This overview of SAS Viya may help https://go.documentation.sas.com/doc/en/calintro/v_001/p0l5bvopo6rhuqn1nw7frbipj7lo.htm

Does SAS support local internal registry for mirror registry?

Yes, it does. There is documentation available for that in the SAS Viya Operations Guide (https://go.documentation.sas.com/doc/en/itopscdc/default/dplyml0phy0dkr/p1cq2mti42s7lkn1wl4pfwyq45up...)

Do we need any Kubernetes admin knowledge for SAS Viya admin?

Yes, that is quite essential. You may not need to be a K8s admin, but it will be helpful to be aware of their duties to communicate effectively with them.

Is there SAS -nodms session launch in SAS Foundation in SAS Viya 4?

Yes, you can use the sas-viya command to get something similar for SAS Viya. The command would be like this: sas-viya batch jobs run-saslm -c <context>

What if the cloud admin asks to take all images in single repository in AWS? Is it possible to store all images in a single repository?

You can setup a mirror repository and store the Viya images in that repository.

Recommended Resources

SAS Viya Administration Checklist

SAS Viya 3.5 Administration Checklist

Top 10 Platform Administration Tasks

Checklist of SAS® Platform Administration Tasks

SAS Administration Learning Subscription, SAS Viya Platform topic: 5 courses leading to Administerin...

Please see additional resources in the attached slide deck.

Want more tips? Be sure to subscribe to the Ask the Expert board to receive follow up Q&A, slides and recordings from other SAS Ask the Expert webinars.