To analyze and diagnose issues, One Identity Support may ask the Appliance Administrator or Operations Administrator to send a support bundle containing system and configuration information.
As an alternative, you can use the Recovery Kiosk to generate and send a support bundle to a Windows share. For more information, see Recovery Kiosk (Serial Kiosk).
Virtual appliance support bundles are generate from the web management console. For more information, see Support Kiosk..
IMPORTANT: User must remain on the page until the bundle is complete. If user refreshes or navigates away from the page the back-end bundle process continues to run to completion, but the pending web request is canceled and the bundle will not be retrievable.
To create a support bundle
- web client: Navigate to Appliance > Support Bundle.
- Select Include Event Logs if you want to include operating system events. Unless requested by support, it is recommended to leave this unchecked because it takes much longer to generate the support bundle.
- Select Limit included log files then identify the number of Days for which data should be collected.
- Click Generate Support Bundle.
- Browse to select a location to save the support bundle .zip file and click Save.
- Send the support bundle to One Identity Support. For more information, see About us.
It is the responsibility of the Appliance Administrator to manage the appliance time.
Time displays the current appliance time and allows you to enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. In addition, when enabled, the NTP client status can be displayed. As a best practice, set an NTP server to eliminate possible time-related issues.
While not recommended, you can also set the appliance time on a primary (not cluster) manually.
CAUTION: Changing appliance time can result in unintended consequences with processes running on the appliance. For example, there could be a disruption of password check and change profiles and audit log time stamps could be misleading. Do not set the system time before or after the validity period of the Safeguard internal certificates because the appliance will not function.
NTP setting changes are made on the primary appliance in a cluster. When a replica appliance is enrolled into the cluster, it points to the primary appliance's VPN IP address as the Primary NTP Server and the NTP client service is enabled on the replica appliance. When performing a failover operation to promote a replica to be the new primary, the Primary NTP Server is preserved and applied from the 'old' primary appliance.
The following warnings display if your local time is not within five minutes of the appliance time. One Identity recommends that you set an NTP server to eliminate possible time-related issues.
- Upon log on: Warning: The time associated with Safeguard and your local time are off by 5 or more minutes. Contact the Safeguard administrator to correct this issue before further use.
- On the Settings > Appliance > Time page: The appliance time and your local time have a difference of 5 or more minutes. It is recommended to set an NTP server.
To enable Network Time Protocol (NTP) and set the primary and secondary NTP servers
- Go to Time:
- web client: Navigate to Appliance > Time.
Select the Enable Network Time Protocol (NTP) check box then provide the following information:
Click Save to save your selections.
When NTP is enabled, click Show Details to view the following information about the NTP client status.
- Last Sync Time
- Leap Indicator
- Poll Interval
- Reference ID
- Root Delay
- Root Dispersion
- Last Sync Error
- Time Since Last Good Sync
If NTP is set and you need to change the time, go to the API and use Set-SafeguardTime. For information about using the API, see Using the API.
To manually set the appliance time on a primary (not cluster)
To manually set the time on the appliance (primary not cluster), follow the steps below.
CAUTION: Manually setting the time should be done with caution. Time changes can cause critical data loss.
- Go to Time:
- web client: Navigate to Appliance > Time.
- Clear the Enable Network Time Protocol (NTP) check box.
- Click OK.
- Click Edit.
- For the most accurate time, complete the following steps quickly.
- On the Set System Time dialog, click Use Client Time to use the local time or select the date and time.
- Click OK. The Set System Time warning dialog displays indicating that: Extreme time changes in Safeguard may cause critical data loss.
- Type Set Time in the dialog box to confirm then click OK.
Safeguard for Privileged Passwords sets a default time zone based on the location of the person performing the set up. The time zone is expressed as UTC + or – hours:minutes and is used for timed access (for example, access from 9 a.m. to 5 p.m.). It is recommended that the Bootstrap Administrator set the desired time zone on set-up. An Authorizer Administrator can also change the time zone.
To configure the time zone
- Navigate to User Management > Settings > Time Zone.
- The User Administrator can search for and select the desired time zone.
- The User Administrator can change Allow users to modify their own time zone.
- Enable the setting to let users change their time zone (the default).
- Disable the setting to prohibit a user from changing their time zone, possibly to ensure the user conforms with policy.
Use the Backup and Retention settings to manage your Safeguard for Privileged Passwords backups and archive servers.
It is the responsibility of the Appliance Administrator to configure the Safeguard for Privileged Passwords backup and retention settings.
Go to Backup and Retention:
- web client: Navigate to Backup and Retention.
Table 21: Backup and Retention settings
||Where you add and manage archive servers for storing backup files and session recordings.|
Audit Log Maintenance
Where you define the audit logs to be archived and purged as well as a schedule for performing the audit log archival task.
|Backup and Restore
||Where you initiate or schedule a backup, upload or download a backup file, or specify the archive server where a backup file is to be stored.|
||Where you enable (or disable) backup retention and set the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance.|
Authorize VM Compatible Backups
Where you authorize the download of Safeguard for Privileged Passwords hardware appliance backups which can then be uploaded and restored to a Safeguard for Privileged Passwords virtual machine.