Data migration from an SPS instance to another SPS instance
If you need to switch from an One Identity Safeguard for Privileged Sessions (SPS) instance to another SPS instance, for example, your SPS appliance is old and you want to switch it to a new one, you can use the console menu to copy all data between SPS instances.
You can perform data migration between SPS instances having different versions. Data migration has the same version requirements as upgrade. For more information about upgrading, see Upgrading One Identity Safeguard for Privileged Sessions (SPS).
To copy all data and switch to the new SPS instance
-
From the console menu, select Data migration between SPS instances.
-
To initiate a preliminary copying of all the data from the source SPS to the target SPS without stopping the data traffic on the source SPS, select Copy-only of all data to a new SPS instance (Optional).
This step is optional but recommended to decrease production downtime caused by data and role migration. You can perform this step several times if required, for example, if the volume of your daily traffic is high.
Skip this step only if a possible downtime due to having no preliminary copy is not an issue.
-
When you are ready to make the final switch to the new SPS instance, select Copy and switch to the new SPS instance (Required).
This process stops the data traffic on the source SPS, then copies all data from the source SPS to the target SPS. The target SPS also acquires the IP address of the source SPS.
Sealed mode
When sealed mode is enabled, the following settings are automatically applied:
-
One Identity Safeguard for Privileged Sessions (SPS) cannot be accessed remotely via SSH for maintenance.
-
The root password of SPS cannot be changed in sealed mode.
-
It is not possible to upload or delete plugins in sealed mode.
-
Sealed mode can be disabled only from the local console. For details, see Disabling sealed mode.
To enable sealed mode use one of the following methods:
-
Select the Sealed mode option during the Welcome Wizard.
-
Select Basic Settings > System > Sealed mode > Activate sealed mode on the SPS web interface.
-
Log in to SPS as root using SSH or the local console, and select Sealed mode > Enable from the console menu.
Disabling sealed mode
The event of disabling sealed mode is logged. The following describes how to disable sealed mode.
To disable sealed mode
-
Go to the One Identity Safeguard for Privileged Sessions (SPS) appliance and access the local console.
-
Log in as root.
-
From the console menu, select Sealed mode > Disable
-
Select Back to Main menu > Logout.
Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS)
One Identity Safeguard for Privileged Sessions (SPS) 7.3 includes a dedicated out-of-band management interface conforming to the Intelligent Platform Management Interface (IPMI) v2.0 standards. The IPMI allows system administrators to monitor the system health of SPS and to manage the computer events remotely, independently of the operating system of SPS. SPS is accessible using the IPMI only if the IPMI is physically connected to the network.
NOTE: IPMI supports only 100 Mbps Full-Duplex speed.
Note that the IPMI supports only 100 Mbps Full-Duplex speed.
Basic information about the IPMI is available also on the SPS web interface on the Basic Settings > High Availability page. The following information is displayed:
Figure 144: Basic Settings > High Availability — Information about the IPMI SPS
-
Hardware serial number: The unique serial number of the appliance.
-
IPMI IP address: The IP address of the IPMI.
-
IPMI subnet mask: The subnet mask of the IPMI.
-
IPMI default gateway: The address of the default gateway configured for the IPMI.
-
IPMI IP address source: Shows how the IPMI receives its IP address: dynamically from a DHCP server, or it uses a fixed static address.