Network Settings

CAUTION:

For an Imprivata appliance deployed on Microsoft Azure, do not change the networking configuration for the appliance. If you change network configuration values for the appliance, it may affect your ability to contact and control the virtual machine upon which the virtual appliance runs. For more information, see Deploy G4 Appliances on Azure.

Network settings (located on the Network page of the Imprivata Appliance Console) are configured during installation. You should not have to change these settings after the Imprivata appliances are deployed.

Network settings are:

  • IP Address,

  • IP network mask

  • Host and domain name

  • Default gateway

If you need to change the network settings, use only known available addresses.

Use this page to add a static route to the appliance. In most environments, static routes are not required because the default router knows routes to all resources. Configuring a static route incorrectly can cause connectivity issues for the appliance or end users.

NOTE: This is rarely necessary. Entering the wrong settings can cause the appliance to lose network connectivity and put all users offline. If the appliance loses connectivity, delete the static route causing the issue. If the PC cannot connect to the Imprivata Appliance Console, you will have to access the Imprivata Appliance Console from a PC on the same subnet as the appliance.

To add a static route:

  1. Click Add Static Route. The Add Static Route Entry dialog opens.

  2. Enter the required settings and click OK.

  3. Repeat as needed for additional static routes.

Use the Test Network Connectivity tool for troubleshooting network resources that the appliance needs access to: test connectivity to your NTP server, Active Directory servers, other Imprivata appliances, the Imprivata Cloud Token Service, Imprivata cloud, or even an endpoint computer.

Enter the IP address to test and click the Ping link. The Imprivata appliance sends five ping requests to the target address and produces a report of the results.

DNS settings are set during installation. You can change these settings on the Network tab after the Imprivata appliances are deployed.

You can add local host entries on this page. The Imprivata appliance keeps a list of local host names, which are used instead of the host names in the network DNS. Add a local host entry when a host is not included in your network DNS.

You can also choose to use IP addresses instead of host names for links to the Imprivata Appliance Console and Imprivata Admin Console for the different appliances in the enterprise. This is disabled by default.

NOTE: Do not forget to enter the appliance and IP information into your DNS.

The Imprivata appliance email setting is for appliance-related email alerts that the Imprivata appliance sends to Administrators. The Imprivata appliance sends email alerts for various system status changes such as when selected services start or go down.

To select the services for which to be notified, see The Health Agents Tab. You can enter multiple email addresses and addresses of mailing groups.

These email alerts are not the same as the notifications sent by Imprivata applications; they do not have to be from the same address as the one you specify for the SMTP Server on the Imprivata Admin Console Settings page.

You can list multiple email addresses. Use the trashcan icon to delete them. You should always retain at least one valid email address for system event notifications.

The Send Test Email feature sends a test email to all email addresses in the list.

The NTP tab lists one or more NTP (Network Time Protocol) servers to be used by the Imprivata appliance to maintain accurate time and date information for the enterprise.

By default, the Imprivata appliance is deployed with three NTP servers from the NTP Pool Project. Consider the following:

  • The deployment defaults to the following servers from the North American pool:

    • 0.north-america.pool.ntp.org

    • 1.north-america.pool.ntp.org

    • 2.north-america.pool.ntp.org

  • These are default values only.

    The appliance configuration wizard lets you change these settings as part of the initial setup of the network services. Additionally, after the appliance has been added to the enterprise, you can use the Imprivata Appliance Console (Network > NTP) to update them.

If you choose change the defaults, it is recommended that you configure at least two external internet-based NTP servers for redundancy.

Proper operation of Imprivata services relies on accurate time being maintained for all appliances in an enterprise:

  • Using a full NTP server, such as external internet-based NTP source (www.pool.ntp.org for example) will properly make corrections for any offsets that arise.

  • Using an internal NTP server or a Windows Server as an NTP source is not recommended.

    Windows will not correct any offset that may occur. Windows will keep adding to the offset and eventually an error will occur. For more information, see the Microsoft article "Support boundary for high-accuracy time".

NOTE: The National Institute of Standards and Technology (NIST) maintains a list of third-party publishers of time and frequency software. For more information, see this article.

The NTP status log is available in the Imprivata Appliance Console.

This log is updated every five minutes. If you are using it to verify NTP status after making a change, keep in mind that the NTP server status is not live data.

To view the status of NTP servers:

  1. In the Imprivata Appliance Console, open the Network tab, and then open the NTP tab.

  2. In the NTP Server section, click View NTP Status.

Use the File Servers tab of the Network page to configure up to five file servers to be used for:

  • Saving a backup file from an appliance using an FTP server, a network share server, or SCP server

  • Restoring the Imprivata database from a backup file

  • Uploading an Imprivata Package Manager (IPM) for installation

Adding an FTP Server

  1. On the File Servers tab, click Add Server.

  2. Select the FTP Server check box.

  3. Enter the ftp server, username, and password and click Add.

  4. On the System page > Operations tab > Backup section, click Configure to configure the appliance to automatically store backups on the designated file server.

Adding a Network File Share

  1. On the File Servers tab, click Add Server.

  2. Select the Network Share Server checkbox.

  3. Enter the location of the shared network folder (using the format //server/sharename, where server is the IP address or FQDN), username and password, and network domain name and click Add.

  4. On the System page, Operations tab, Backup section, click Configure to configure the appliance to automatically store backups on the designated file server.

Adding an SCP Server

Before adding the SCP server, configure the appliance's SSH public key authentication by copying and pasting the public key into the trusted hosts configuration of the SCP server. Refer to your SSH documentation for further details.

  1. On the File Servers tab, click Add Server.

  2. Select the Secure (SCP) Server checkbox.

  3. Enter the IP address or hostname of the SCP server.

  4. Enter the username.

  5. Click Add.

  6. On the System page > Operations tab > Backup section, click Configure to configure the appliance to automatically store backups on the designated file server.