It is the responsibility of the Appliance Administrator to update or upgrade One Identity Safeguard for Privileged Passwords by installing an update file to modify the software or configuration of the running appliance. See the Download Software page for available SPP releases and version patches.
If an update fails, the audit log reflects: PatchUploadFailed.
Clustered environment
Apply the patch so all appliances in the cluster are on the same version. For more information, see Patching cluster members.
To install an update file
IMPORTANT: Once you start a patch update, do not leave or refresh the page. Doing so will cause the browser to lose track of the patch update and you will have to restart the process.
-
Back up your system before you install an update file. For more information, see Backup and Restore..
- Go to Patch Updates:
web client: Navigate to 
Appliance > Patch Updates.
- The current Appliance Version displays along with the operating system level, whether the appliance is online or offline, and whether the appliance is the Primary.
-
Click Upload a File and browse to select an update file. Simply uploading a file does not install the file. You must complete the next step.
If the patch verification fails an error alert displays, click on any of the Error or Warning counts to view the errors or warnings currently logged.
- Once the file has successfully uploaded, click one of the following:
The Updates pane shows the upgrade progress and when the appliance has been successfully upgraded.
The Appliance Administrator or Operations Administrator can power down or restart an appliance from the web client or directly from the appliance itself.
|
|
Caution: Rebooting the appliance causes a service outage for any current users. |
You can shut down or restart your appliance from the web client. The steps follow.
To shut down an appliance
- Navigate to Appliance > Power.
- Under Power, type a Reason for shutting down the Safeguard for Privileged Passwords Appliance then click Shut Down.
- To confirm your action, enter the words Shut Down in the box and click OK.
- The One Identity Safeguard for Privileged Passwords Appliance LCD screen displays LCD service terminating.
To start up an appliance
- Navigate to Appliance > Appliance Information
- Scroll to the bottom of the dialog. Under Power, type a Reason for restarting the Safeguard for Privileged Passwords Appliance then click Restart. The appliance goes into maintenance mode. The user is informed when the restart is complete.
- To confirm your action, enter the word Restart in the box and click OK.
- The One Identity Safeguard for Privileged Passwords Appliance LCD screens display the run level status of the appliance as it is starting up. For more information, see LCD status messages..
Appliance
You can shut down or restart your appliance from the appliance itself.
Appliance: Shut down from the appliance
You can use the Red X button on the front panel of the appliance to shut it down. Press and hold the Red X button for four seconds until it displays POWER OFF.
|
|
Caution: Once the Safeguard appliance is booted, DO NOT press and hold the Red X button for more than 13 seconds. This will hard power off the appliance and may result in damage. |
Appliance: Restart from the appliance
After the appliance powers off, you will need physical access to start it. Press the Green check mark button on the front panel of the appliance for NO MORE than one second to power on the appliance.
|
|
CAUTION: Once the Safeguard appliance is booted, DO NOT press and hold the Green check mark button. Holding this button for four or more seconds will cold reset the power of the appliance and may result in damage. |
To analyze and diagnose issues, One Identity Support may ask the Appliance Administrator or Operations Administrator to send a support bundle containing system and configuration information.
As an alternative, you can use the Recovery Kiosk to generate and send a support bundle to a Windows share. For more information, see Recovery Kiosk (Serial Kiosk)..
Virtual appliance support bundles are generate from the web management console. For more information, see Support Kiosk..
IMPORTANT: User must remain on the page until the bundle is complete. If user refreshes or navigates away from the page the back-end bundle process continues to run to completion, but the pending web request is canceled and the bundle will not be retrievable.
To create a support bundle
-
Navigate to:
- web client: Navigate to Appliance > Support Bundle.
- Select Include Event Logs if you want to include operating system events. Unless requested by support, it is recommended to leave this unchecked because it takes much longer to generate the support bundle.
- Select Limit included log files then identify the number of Days for which data should be collected.
- Click Generate Support Bundle.
- Browse to select a location to save the support bundle .zip file and click Save.
- Send the support bundle to One Identity Support. For more information, see About us.
It is the responsibility of the Appliance Administrator to manage the appliance time.
Time displays the current appliance time and allows you to enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. In addition, when enabled, the NTP client status can be displayed. As a best practice, set an NTP server to eliminate possible time-related issues.
While not recommended, you can also set the appliance time on a primary (not cluster) manually.
|
|
CAUTION: Changing appliance time can result in unintended consequences with processes running on the appliance. For example, there could be a disruption of password check and change profiles and audit log timestamps could be misleading. Do not set the system time before or after the validity period of the Safeguard internal certificates because the appliance will not function. |
Clustered environments
NTP setting changes are made on the primary appliance in a cluster. When a replica appliance is enrolled into the cluster, it points to the primary appliance's VPN IP address as the Primary NTP Server and the NTP client service is enabled on the replica appliance. When performing a failover operation to promote a replica to be the new primary, the Primary NTP Server is preserved and applied from the 'old' primary appliance.
Warnings
The following warnings display if your local time is not within five minutes of the appliance time. One Identity recommends that you set an NTP server to eliminate possible time-related issues.
-
Upon log on: Warning: The time associated with Safeguard and your local time are off by 5 or more minutes. Contact the Safeguard administrator to correct this issue before further use.
-
On the Settings > Appliance > Time page: The appliance time and your local time have a difference of 5 or more minutes. It is recommended to set an NTP server.
To enable Network Time Protocol (NTP) and set the primary and secondary NTP servers
-
Go to Time:
-
Select the Enable Network Time Protocol (NTP) check box then provide the following information:
-
Click Save to save your selections.
When NTP is enabled, click Show Details to view the following information about the NTP client status.
If NTP is set and you need to change the time, go to the API and use Set-SafeguardTime. For information about using the API, see Using the API.
To manually set the appliance time on a primary (not cluster)
To manually set the time on the appliance (primary not cluster), follow the steps below.
|
|
CAUTION: Manually setting the time should be done with caution. Time changes can cause critical data loss. |
-
Go to Time:
-
Clear the Enable Network Time Protocol (NTP) check box.
-
Click OK.
-
Click Edit.
-
For the most accurate time, complete the following steps quickly.
-
On the Set System Time dialog, click Use Client Time to use the local time or select the 
date and 
time.
-
Click OK. The Set System Time warning dialog displays indicating that: Extreme time changes in Safeguard may cause critical data loss.
-
Type Set Time in the dialog box to confirm then click OK.
