Imprivata Appliance System Settings

The System page of the Imprivata Appliance Console includes the following tabs for settings:

  • Operations — For backing up and restoring the Imprivata database, for resetting the appliance Administrator password, for stopping and restarting the Imprivata server and database on appliances, for shutting down or restarting appliances, and other options

  • General Settings — For changing the appliance date and time settings, and setting the appliance console auto-logout idle time

  • Database Affinity — For G4 appliances, for viewing the database appliance currently used by an appliance and optionally locking an appliance onto a specific database appliance

  • Health Agents — For viewing the status of system services and their notification settings

  • Logs — For setting system logging parameters, viewing and clearing many different system logs, and setting the server that will store them

System Operations

The Operations tab is divided into the following sections:

  • Imprivata Server — Indicates whether the Imprivata server on this appliance is:

    • Running, the normal state

    • Down, meaning an appliance is reachable, but the service is not reachable

    Stop/restart options displays a pop-up dialog box with options to stop the Imprivata server on this appliance, or to restart the Imprivata server and optionally the database on this appliance. For G4 appliances, additional options are to restart the Imprivata server and optionally the database on all appliances in the enterprise. If you specify to restart the server and optionally the database on all appliances, the appliances are affected one at a time, so that Imprivata services remain available to users from the other appliances.

    NOTE: Contact Imprivata Customer Support for assistance with using the above stop/restart options.

    For G4 appliances, another option may appear in that dialog box on rare occasions, described below in Start Replication and Failover Monitoring Option.

  • Appliance Operations — Shuts down or restarts appliances

    Reboot/shutdown options displays a dialog box with options to shut down or reboot the appliance. For G4 appliances, an additional option is to reboot all appliances in the enterprise. If you reboot all appliances, they are rebooted one at a time, so that Imprivata services remain available to users from the other appliances.

  • Restage Appliance — Erases all configuration information from the appliance.

  • Current Disk Usage — Checks the available disk space on the appliance.

  • Administrator Passwords — Resets the Super Administrator and the local Administrator passwords for the appliance administrator. See also: Changing Appliance Administrator Passwords Programmatically.

  • Backup — Shows when the last backup occurred and lets you manually initiate a backup or schedule daily backups. This is also where you configure a default file server to receive backups by selecting from the file servers you added on the Network page, File Servers tab.
  • See Back Up the Imprivata Database for more information about backing up the Imprivata database.
  • Restore — Restoring from a backup is described in Restoring the Imprivata Database from a Backup.

  • Synchronize Enterprise Database — For G4 appliances, copies all data from the current database appliance to the other database appliance. These actions are not necessary under normal circumstances.

    NOTE: Contact Imprivata Customer Support before using the Synchronize Enterprise Database feature.

  • Enterprise Export — Exports your enterprise settings to a single file to use later if the need arises for an enterprise restoration. See Exporting the Imprivata Enterprise.

  • Activate Apache Status Page — Shows the status and/or extended status page of the supporting Apache server.

    Configure displays a dialog with options to show those status pages and to restrict access to the Apache status page to only the IP addresses you specify.

  • Replication Status — For G4 appliances, specifies the database replication processing status, the database replication and failover monitoring state as either on or off, and any database replication lag time.

    For G4 appliances, replication and failover monitoring should always be on except during major operations, as described in the next section below. If replication status shows FAILED for an extended period of time, the administrator will receive email detailing the problem. If the appliance does not fix this problem by itself, contact Imprivata Technical Support.

As described above in System Operations, Imprivata Server > Stop/restart options displays a pop-up dialog box with various options. For G4 appliances, on rare occasions, an option not described above may appear in that dialog box: Start replication and failover monitoring. This option appears only when replication monitoring or failover monitoring have stopped abnormally on the appliance.

In normal operation, these monitoring processes are always running. If database replication fails, replication monitoring detects it and restarts replication. If the database fails that an appliance is using, failover monitoring detects it and redirects that appliance to connect to a different database. If failover monitoring detects that the service is down, it restarts it.

This monitoring gets disabled normally whenever you perform a major operation, including: upgrading the Imprivata Platform IPM, upgrading the appliance IPM, adding an appliance to an enterprise, importing an enterprise, synchronizing an enterprise database, restoring the database from a backup, and restoring an enterprise. If any major operation fails, these monitoring processes remain disabled until a major operation completes successfully.

However, on rare occasions, these monitoring processes may stop abnormally on an appliance, when no major operation is underway or has failed. This rare situation can allow a database, database replication, or Enterprise Access Management (formerly OneSign) failure to remain undetected and uncorrected.

You can determine whether these monitoring processes are down on an appliance by accessing the appliance console System tab > Operations tab and viewing the value of the Replication Monitoring State field. If the value is Off then processes are down. If no major operation is underway or has failed, restart the monitoring as follows.

CAUTION: If a major operation is underway, do not restart replication and failover monitoring. Doing so can cause significant, unpredictable negative effects on the major operation in progress.

On that Operations tab, select Stop/restart options. In the pop-up dialog box, select Start replication and failover monitoring in the drop-down menu, and click Go. The monitoring is then enabled and you can close the dialog box. Refresh the Operations tab by clicking on it, and the value of the Replication Monitoring State field should change from Off to On. Note that this procedure enables the monitoring only on the current appliance. If these monitoring processes are also down on another appliance, you must log into that appliance's console and enable them by performing the same procedure.

The Settings Tab

Reset the date, time, and time zone information. NTP may be controlling the date and time, if so noted on this page.

Auto Logout Idle Time — Specifies the period of time that the Imprivata Appliance Console sits idle before automatically logging out the last administrative user and requiring a fresh login. This period can be set to up to 600 minutes.

BEST PRACTICE: Imprivata recommends that you do not disable the Auto Logout Idle Time feature.

Enable OSC trace logging on all appliances — For G4 appliances, adds diagnostic metadata to all appliances' Operating System Configurator Daemon (OSC) service logs to facilitate forensic investigations into system problems.

NOTE: Enable OSC trace logging only under the guidance of Imprivata Customer Support. The additional trace data doubles the byte size of appliance OSC service logs.

The Database Affinity Tab

This tab is for G4 appliances and does not appear for earlier appliances. It lists the IP address of each G4 appliance in the enterprise, the IP address of the G4 database appliance that each appliance is currently using, and an option to lock each appliance onto a specific database appliance. If that option is not selected, the default System Selected value is applied, meaning the system chooses the database appliance to use. Over time, the system may change the database appliance that is used, depending on the configuration of appliances with respect to Sites and the response times from database appliances.

Imprivata strongly recommends that you leave that option set to System Selected, especially for database appliances. In rare instances, it may be acceptable to lock a service appliance onto a specific database appliance. If you do that, and that database appliance goes down or becomes unavailable, the service appliance redirects to a database appliance that is up and reachable. In the unlikely event that both database appliances go down or become unavailable, then all service appliances also cannot service endpoint agent requests.

All appliances are listed as service appliances, because all appliances service user requests for authentication. However, if the IP address of a listed service appliance is the same as the IP address of a database appliance, that appliance is actually a database appliance.

The Health Agents Tab

Displays the current state of each monitored service and how recently it was updated.

Two columns of check boxes allow you to control how much information appears in the Server Information section of the Home tab and whether the appliance should send email notification if a service goes down.

The Logs Tab

Access and export Imprivata and appliance system logs. These can be useful if you need to work though an issue with Imprivata Customer Support. The logs show the most recent 10,000 entries. For details, see Imprivata Appliance Logs.