Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Maintaining and diagnosing cluster members

When a node is selected in the Cluster view (left pane) of the Cluster settings page, the appliance details and cluster health view (right pane) displays details about the selected appliance. From this pane you can run the following maintenance and diagnostic tasks against the selected appliance.

Table 251: Cluster health toolbar buttons
Option Description

Unjoin

Click (or tap) Unjoin to remove a replica from the cluster. For more information, see Unjoining replicas from a cluster.

NOTE:This option is only available for replica appliances.

Failover

Click (or tap) Failover to promote a replica to the primary appliance. For more information, see Failing over to a replica by promoting it to be the new primary.

NOTE: This option is only available for replica appliances.

Activate

Click (or tap) Activate to activate a read-only appliance so it can add, modify and delete data. For more information, see Activating a read-only appliance.

CAUTION: Activating this appliance will take it out of the read-only state and enable password check and change for managed accounts. Ensure that no other Safeguard for Privileged Passwords Appliance is actively monitoring these accounts, otherwise access to managed accounts could be lost.

NOTE: This option is only available for read-only appliances that are online. For example, appliances that have been unjoined from a Safeguard for Privileged Passwords cluster or restored from a backup.

Diagnose

Click (or tap) Diagnose to open the Diagnostics pane where you can perform the following:

Check Health

Click (or tap) Check Health to capture and display the current state of the selected appliance.

Restart

Click (or tap) Restart to restart the selected appliance.

Confirm your intentions by entering a Reason and clicking (or tapping) Restart.

To fix more serious issues with a cluster, you can perform additional operations depending on the state of the cluster members. Some such operations include:

Failing over to a replica by promoting it to be the new primary

Safeguard for Privileged Passwords allows you to failover to a replica appliance by promoting it to be the new primary.

NOTE: You can promote a replica to be the new primary anytime the cluster has consensus (that is, the majority of the cluster nodes are online and able to communicate). If you have a quorum failure (that is, the majority of the cluster members do not achieve consensus), you must perform a cluster reset instead. For more information, see Resetting a cluster that has lost consensus.

To promote a replica to be the new primary in a cluster

  1. Log into a healthy cluster member as an Appliance Administrator.
  2. In Administrative Tools, select Settings | Cluster | Cluster Management.
  3. In the cluster view (left pane), select the replica node that is to become the new primary.
  4. In the details view (right pane), click (or tap) Failover.
  5. In the Failover confirmation dialog, enter the word Failover and click (or tap) OK to proceed.

    During the failover operation, all of the appliances in the cluster are placed in Maintenance mode.

    Once the failover operation completes, the selected replica appliance appears as the primary with a state of online. All other appliances (including the "old" primary) in the cluster appear as replicas with a state of online.

Activating a read-only appliance

Appliances that have been unjoined from a Safeguard for Privileged Passwords cluster or restored from a backup remain in a Read-Only mode after they have been unjoined/restored. This procedure explains how to activate a read-only appliance so you can add, delete and modify data, apply access request workflow, and so on.

CAUTION: Activating this appliance will take it out of the read-only state and enable password check and change for managed accounts. Ensure that no other Safeguard for Privileged Passwords Appliance is actively monitoring these accounts, otherwise access to managed accounts could be lost.

NOTE: The read-only appliance must be online in order to use the Activate task. If it is offline or the cluster does not have consensus (that is, the majority of the remaining members are offline/unable to communicate), you must use the Cluster Reset option to rebuild your cluster. For more information, see Resetting a cluster that has lost consensus.

To activate a read-only appliance

  1. Log into the read-only appliance as an Appliance Administrator.
  2. In Administrative Tools, navigate to Settings | Cluster | Cluster Management.

    The cluster view (left pane) displays one primary appliance with a yellow warning icon indicating the appliance is in a Read-Only mode.

  3. In the cluster view (left pane), select the read-only node to be activated.
  4. In the details view (right pane), click (or tap) Activate.
  5. In the Activate confirmation dialog, enter the word Activate and click (or tap) OK to proceed.

    The appliance's node in the cluster view (left pane) no longer displays the yellow warning icon and the state is now Online.

Diagnosing a cluster member

The diagnostic tools are available to an Appliance Administrator or Operations Administrator for the currently connected appliance and any other appliances (replicas) in the cluster.

To run diagnostics on a clustered appliance

  1. In Settings, select Cluster | Cluster Management.
  2. From the cluster view (left pane), select the appliance to be diagnosed.
  3. In the details pane (right pane), click (or tap) Diagnose.

    The Appliance Information view displays.

  4. Select Diagnostics and choose the type of test to be performed.

    Table 252: Appliance Tests
    Test Description
    Ping To verify your network connectivity and response time.
    NS Lookup To obtain your domain name or IP address.
    Trace Route To obtain your router information; trace route determines the paths packets take from one IP address to another.
    Telnet To access remote computers over TCP/IP networks like the Internet.
    Show Routes To retrieve routing table information.
  5. Enter the requested information in the test dialog that displays.
Related Documents