New post

#System Administration

14

System administration refers to the management of one or more hardware and software systems.

Documentation on InterSystems system administration.

In this post, I am going to detail how to set up a mirror using SSL, including generating the certificates and keys via the Public Key Infrastructure built in to Caché. The goal of this is to take you from new installations to a working mirror with SSL, including a primary, backup, and DR async member, along with a mirrored database. I will not go into security recommendations or restricting access to the files. This is meant to just simply get a mirror up and running.

5 7
0 2.4K

When you first start working with InterSystems IRIS, it’s a common practice to install a system with only a minimum level of security. You have to enter passwords fewer times and this makes it easier to work with development services and web applications when you're first getting acquainted. And, sometimes, minimal security is more convenient for deploying a developed project or solution.
And yet there comes a moment when you need to move your project out of development, into an Internet environment that’s very likely hostile, and it needs to be tested with the maximum security settings (that is, completely locked down) before being deployed to production. And that’s what we’ll discuss in this article.
For more complete coverage of DBMS security issues in InterSystems Caché, Ensemble, and IRIS, you may want to read my other article, Recommendations on installing the InterSystems Caché DBMS for a production environment.
The security system in InterSystems IRIS is based on the concept of applying different security settings for different categories: users, roles, services, resources, privileges, and applications.

Users can be assigned roles. Users and roles can have privileges on resources — databases, services, and applications — with varying read, write, and use rights. Users and roles can also have SQL privileges on the SQL tables located in databases.

Open Exchange app
5 2
2 901

Mirror Outage Procedures

Caché mirroring is a reliable, inexpensive and easy to implement high availability and disaster recovery solution for Caché and Ensemble-based applications. This article provides an overview of recommended procedures for dealing with a variety of planned and unplanned mirror outage scenarios.

5 0
1 1K

Here in %SYS, we have already examined users, resources, and roles. Now that we know how to set all of that up, we should give it a purpose. Next we will talk about applications! As you may expect, we will see various identical class methods defined here that we have seen in the previous classes. However, some of them will have some tiny yet significant differences.

5 1
2 296

Hello, developers!

I would like to share the history of the project - the ZAPM shell.

As soon as ZPM was implemented, I immediately began to think about how best to use it.

And immediately faced with the desire to move more quickly between namespaces, especially when there are more than 20 of them.
I had to leave the ZPM, move to the desired namespace and re-enter the shell.
I suggested an improvement - a new "namespace" command for easier navigation.
I didn’t wait - I did it myself. And so it went. If you need it, get ready to do it yourself.

Open Exchange app
5 0
0 184

When you install an IRIS or Caché instance on Windows Server, you'll usually need to install it under a specific user account that has network access permissions. This is very handy when you needs to access network resources for creating files or directly accessing printers.

TL;DR: see key takeaways at the bottom!

5 0
0 347

InterSystems FAQ rubric

If the journal file is too large to be searched or filtered using the Management Portal, you can refer to it using the following two methods.

① How to use the ^JRNDUMP utility
② How to reference it in a program

================================================== ==========

5 0
1 145

One of the topics that comes up often when managing Ensemble productions is disk space:

The database (the CACHE.DAT file) grows in a rate that was unexpected; or the Journal files build up at a fast pace; or the database grows continuously though the system has a scheduled purge of the Ensemble runtime data.

It would have been better if these kind of phenomena would have been observed and accounted for yet at the development and testing stage rather than on a live system.

For this purpose I created a basic framework that could aid in this task.

Open Exchange app
4 7
2 1.3K

Setting the TZ Environment Variable on Linux

The Update Checklist for v2015.1 recommends setting the TZ environment variable on Linux platforms and points to the manpage for tzset. This is recommended to improve the performance of Cache’s time-related functions. You can find out more about this here:

https://community.intersystems.com/post/linux-tz-environment-variable-not-being-set-and-impact-caché

4 0
0 130.5K

Overview

Predictable storage IO performance with low latency is vital to provide scalability and reliability for your applications. This set of benchmarks is to inform users of IRIS considering deploying applications in AWS about EBS gp3 volume performance.

Summary

  • An LVM stripe can increase IOPS and throughput beyond single EBS volume performance limits.
  • An LVM stripe lowers read latency.
4 1
0 1.9K

InterSystems FAQ rubric

To remove InterSystems products installed on your Windows system, use Add or Remove Programs in Control Panel (in Windows 10, select Apps from Windows Settings).

Since we will be making changes to the system, you will need to log in as a user with administrator privileges.

1) Log in to the system as an administrator.

2) From the system tray, exit the launcher of the InterSystems product instance you want to uninstall (click launcher → exit).

4 0
0 159

I'm pleased to see this in the documentation of the just-published 2017.1 Field Test of Ensemble:

"In certain circumstances, it is useful to create namespaces that are not enabled for Ensemble. In this release you can do this by clearing the Make this an Ensemble namespace checkbox when creating a new namespace. "

4 1
0 566

Continuing on with providing some examples of various storage technologies and their performance profiles, this time we looked at the growing trend of leveraging internal commodity-based server storage, specifically the new HPE Cloudline 3150 Gen10 AMD processor-based single socket servers with two 3.2TB Samsung PM1725a NVMe drives.

4 2
0 1.3K

Hi All,

With this article, I would like to show you how easily and dynamically System Alerting and Monitoring (or SAM for short) can be configured. The use case could be that of a fast and agile CI/CD provisioning pipeline where you want to run your unit-tests but also stress-tests and you would want to quickly be able to see if those tests are successful or how they are stressing the systems and your application (the InterSystems IRIS backend SAM API is extendable for your APM implementation).

4 0
1 645
Article
· Sep 20, 2016 4m read
Diagnosing Framing Errors

Framing refers to the characters that mark the start and end of an HL7 message (or other types of framed messages). Most HL7 services and operations have a Framing setting that allows the user to define this framing. The most common choices are available as defaults, but with the AsciiMM/NN setting, components can be configured to recognize any framing characters.

4 0
2 2.3K

From the first glance, the task of configuring LDAP authentication in Caché is not hard at all – the manual describes this process in just 6 paragraphs. On the other hand, if the LDAP server uses Microsoft Active Directory, there a few non-evident things that need to be configured on the LDAP server side. Those who don’t do anything like that on a regular basis may get lost in Caché settings. In this article, we will describe the step-by-step process of setting up LDAP authentication and cover the diagnostic methods that can be used if something doesn’t work as expected.

4 3
2 2.1K

When you have more than ten thousand users in your database, it becomes time-consuming and inconvenient to assign group access rights through the standard IRIS interface. In this artilce I want to introduce you an application to automate this process.

I’ll show you how to assign and change the role lists for the users, selecting them by context, and I will also show you how to expand this application’s functionality. you know how to apply your work as an administrator and developer to the new features of the well-proven apptools software complex. With the addition of an adminLTE template, you can now quickly and easily create interface interactions for any entity and many functional modules.
The goal while developing this toolkit is to write as little JavaScript as possible as well as transfer and implement all the dynamics as much as possible in the ObjectScript.

Open Exchange app
4 0
0 530

InterSystems FAQ rubric

To resolve the error <PROTECT>, remove the read-only attribute of the system-wide library database (IRISLIB for InterSystems IRIS, CACHELIB for Caché/Ensemble/HealthShare (Caché-based))

Once you have finished importing the routine, remember to change it back to read-only.

[Version 2013.1 and above]
[Management Portal] > [System Administration] > [Configuration] > [System Configuration] > [Local Database] Uncheck "Mount read-only" from the database name link.

4 3
0 269

I wanted to see some alerts that occur in my Productions in a Mobile Device, I came across Pushover.net recently that although has an upfront cost $5 you can send as many messages as you like after that, there is a 7 day free trial to check it out.

To Integrate this with a production I did the following.

Create an account and set up a device on https://pushover.net/

Record the following API Keys from the web site on the main page you will see

3 5
0 1.2K