AWS Public Sector Blog

Analyze controlled unclassified data with SAS Viya EKS on AWS GovCloud (US)

SAS Viya is SAS‘s highly available, cloud-native analytics platform. The latest version of SAS Viya on Amazon Elastic Kubernetes Service (Amazon EKS), launched in May 2021, is a cloud native offering that allows customers to receive all of Kubernetes’ advantages without the trouble of maintaining their own Kubernetes infrastructure. Customers deploying SAS Viya on Amazon EKS also inherit Amazon Web Services (AWS) compliance controls—including Federal Risk and Authorization Management Program (FedRAMP) High in AWS GovCloud (US) Regions. Inheriting AWS security controls can help accelerate customers’ journey to achieving FedRAMP authority to operate (ATO) in AWS Regions in the US.

In this post, we show the key components of the SAS Viya architecture along with its core features to help customers on their journey to the cloud.

System design overview

SAS Technologies such as SAS 9.4 and SAS Grid manager run successfully on AWS with Amazon Elastic Compute Cloud (Amazon EC2) instances—such as M5n, R5n, and I3en family of instances—with Amazon’s storage options such as Amazon Elastic File System (Amazon EFS) and Amazon Elastic Block Store (Amazon EBS)—IO2—block express. These customers benefit from this lift-and-shift migration. But an always-on Amazon EC2 instance-based system still has to provision for peak workloads. SAS Viya on Amazon EKS helps customers move to a cloud-native solution with shifting workload demands—further reducing cost without diminishing performance.

Figure 1. The SAS Viya architecture.

Figure 1: SAS Viya Architecture

The main components of SAS Viya on Amazon EKS are:

1. At least five node pools to optimize the workload balance for the Amazon EKS resource group. These resource groups include stateless, stateful, SAS Cloud Analytics Services (CAS), compute, and connect, and are identified by the work that they perform in their associated pods.

2. Amazon EBS and Amazon EFS using container storage interface (CSI) for persistent storage.

3. Amazon Relational Database Service (Amazon RDS) PostgreSQL to hold the SAS Viya infrastructure data server.

4. A public subnet with a bastion host for SAS Viya Admin and SAS Viya user ingress for cluster administration.

SAS Viya configuration options

The SAS Viya Cloud Analytic Services (CAS) provides the run-time environment for data management and data analytics. The CAS server can be deployed to a single node or across multiple nodes. Deploying the CAS server on a single node facilitates symmetric multi-processing (SMP). A single-node CAS server performs serial loads of data into memory from a supported data source. The in-memory analytic features of a distributed CAS server are available to the single-node CAS server. This is useful mainly for relatively small data volumes and few concurrent users.

CAS servers can also be distributed across multiple nodes enables massively parallel processing (MPP). Advantages of MPP are faster load time, the ability to persist and process massive datasets extraordinarily fast, and to allow multiple users to work on the same data persisted in memory. You can refer to the whitepaper, Five Approaches for High-Performance Data Loading to the SAS Cloud Analytics Services Server, for more information.

SAS Viya features

SAS Viya microservice- and container-based architecture operates with system resource requirements while allowing for increased portability. Applications consume smaller memory footprint, resulting in faster startup time and reduced infrastructure costs. Also, all software releases can be continuously updated continuous integration (CI) / continuous delivery (CD) support for all SAS Viya offerings. SAS Viya supports short-term continuous updates as well as long-term release cadences.

Customers in AWS GovCloud (US) Regions can benefit from modernizing to SAS Viya from their on-premises SAS 9 platform as there is support for migration to SAS Viya with a unified SAS 9/Viya platform. Data can stay within FedRAMP authorization boundary and not incur data egress costs. To get started, SAS Viya can be deployed using infrastructure as code through Terraform for optimum configuration and storage along with extensive integration with AWS services.

Resource recommendations

For SAS Viya on EKS, select Amazon EC2 instances with throughput bandwidth, such as the I3e(n), M5(n) or R5(n) family of instances. We recommend the following nodes based on standard t-shirt sizes and workload requirements:

1. Single large deployment – five or more nodes

2. Two or more large deployments – seven or more nodes

3. With autoscaling, the following are recommended:

a. Two or more nodes in each of the node group

b. One node in the default node group

Deployment

SAS maintains a GitHub project that contains Terraform scripts to provision resources on AWS, such as resource groups, storage options, the EKS cluster including the node groups, and more. Check out SAS Viya 4 Infrastructure as Code (IaC) for AWS.

SAS Viya compliance and AWS GovCloud (US)

SAS Viya customers can inherit the most comprehensive compliance controls with AWS. AWS supports a full set of security standards and compliance certifications, including PCI-DSS, HIPAA, and GDPR, helping customers satisfy compliance requirements for regulatory agencies around the globe. See the AWS Risk and Compliance white paper.

Government customers and their partners working with sensitive data and regulated workloads can deploy SAS Viya to AWS GovCloud (US). AWS GovCloud (US) Regions comply with FedRAMP High, Federal Information Security Modernization Act (FISMA), Department of Defense Cloud Security Requirements Guide (DoD SRG), International Traffic in Arms Regulations (ITAR), Criminal Justice Information Services (CJIS), and other compliance programs. AWS GovCloud Regions are operated by employees who are US citizens on US soil. AWS GovCloud (US) is only accessible to US entities and root account holders who pass a screening process.

Get started with SAS Viya

Organizations can now make trusted decisions faster while maximizing their existing investments in data storage, data management, ML, and artificial intelligence (AI), and inherit comprehensive compliance controls by using SAS Viya. Leave a comment or contact us for questions related to your SAS Viya modernization journey to AWS.

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

TAGS: , , , , , , , ,
Dilip Rajan

Dilip Rajan

Dilip Rajan is a senior partner solutions architect at Amazon Web Services (AWS). His role is to help partners and customers design and build solutions at scale on AWS. Before AWS, he helped Amazon Fulfillment Operations migrate their Oracle Data Warehouse to Redshift while designing the next generation big data analytics platform using AWS technologies.

John Chao

John Chao

John Chao is a senior solutions architect in Amazon Web Services (AWS) Public Sector and is based in Charlotte, NC. His primary focus is on helping independent software vendors (ISV) partners learn and apply best practices to their cloud journey - especially managing and governing cloud environments at scale. Prior to joining AWS, he led global enterprise IT operations and infrastructure teams.