#System Administration

We are excited to announce a new part of InterSystems documentation that makes it easier to upgrade InterSystems IRIS® data platform, InterSystems IRIS® for Health™, or HealthShare® Health Connect. The Upgrade Impact Checklist at https://docs.intersystems.com/upgrade shows you all the things you need to consider – and only the things you need to consider – in an upgrade between any two versions. This takes all the content from our "Incompatibility History" and adds convenient filters, higher-level categories, and the ability to export the list as a CSV file so you can use it as a true

InterSystems FAQ rubric

If the system does not stop for 24 hours, old journal files will be deleted at 0:30 according to the "Journal file deletion settings".

A possible cause of journal files remaining that are older than the "Journal file deletion settings" is that there are transactions that remain open.

In that case, you will be able to delete the journal file by searching for processes executing transactions and finalizing the transactions.

The sample below checks for the existence of open transactions, and if they exist, outputs the target file name and journal record information.

The ideal number of table permissions to assign for your users is zero. Permissions should be granted upon sign-in based on the application used for access. For web applications, we have a simple way of doing this by appointing application roles, matching roles, and required resources in the System Management Portal.

ODBC and JDBC connections present a different problem, however, especially when third-party applications are involved. As providers of an ERP system, our customers often wish to be able to employ various software packages to integrate with or report on their data. Many of these programs are capable of running any kind of query. Yet, letting them do that can be devastating to a customer’s data.

We recently went through an Audit of our Security Policies and Procedures when it comes to IRIS. As a result of that Audit, we need to make adjustments to the way that Security is setup within IRIS. I have already done my changes on our TEST and DEVELOPMENT environments, but now I am trying to plan out how do we make these changes in Production.

These changes include moving away from the PWS, setting up Apache/Web Gateway, moving to LDAP instead of using Delegated Authentication, updating Web Applications, updating Resources, updating Services, etc...

InterSystems FAQ rubric

If you need to migrate your server for some reason, you can reduce the setup work by copying configuration information from the pre-migration environment to the post-migration environment.

The following setting information can be migrated.

• iris.cpf
• SQL gateway settings
• web gateway settings *Note 1
• user-created routines etc. stored in the IRISSYS database *Note 2
• security settings
• task settings

Hello Community,

How to properly connect and run the Grafana with my local IRIS community instance  in Windows machine. I had executed Mr. @Dmitry Maslennikov contianerzied environment from this POST  and it's working pretty. However the Plugin is not yet posted in the Grafana plugin datasource. What is the roadmap to do setup and establish connection same in my local environment . I have read some additional community post for reference 
 

Regards,

Ashok

InterSystems FAQ rubric

There is no need to recompile the routines after the version upgrade, but since the version update overwrites %SYS, user-created INT and OBJ format routines (*.INT,*.OBJ) in %SYS will be deleted. Therefore, you need to be careful. 

MAC, INT and OBJ routines with the following names are not deleted.

%Z*.INT, %z*.INT, Z*.INT,z*.INT
%Z*.OBJ, %z*.OBJ, Z*.OBJ,z*.OBJ

Please note that classes/CSPs need to be compiled after upgrading.

However, if you are upgrading to a maintenance release, no compilation is required. For details, please refer to the document below.

InterSystems FAQ rubric

If you restart the OS after changing the machine name without stopping InterSystems IRIS (hereinafter referred to as IRIS), a problem occurs when IRIS cannot start.

To get started, delete the <installation directory>\mgr\iris.ids file.

iris.ids file stores the started node name and shared memory information (shared memory ID). It is created when IRIS starts and deleted when stopped (iris stop or iris force). If you stop (restart) the OS without stopping IRIS, iris.ids, which contains IRIS startup information, may remain.

InterSystems FAQ rubric

To resolve the error <PROTECT>, remove the read-only attribute of the system-wide library database (IRISLIB for InterSystems IRIS, CACHELIB for Caché/Ensemble/HealthShare (Caché-based))

Once you have finished importing the routine, remember to change it back to read-only.
 

[Version 2013.1 and above]
[Management Portal] > [System Administration] > [Configuration] > [System Configuration] > [Local Database] Uncheck "Mount read-only" from the database name link.

I am often asked by customers, vendors or internal teams to explain CPU capacity planning for large production databases running on VMware vSphere.

This question originally appeared in the comments of the post: Making Prometheus Monitoring for InterSystems IRIS and Caché
 

I am new to IRIS, I was setting up the monitoring referring to the above documentation. Please can you help me how can I compile the my.metrics class mentioned in the documentation through CLI in the Linux VM where I am not having studio setup. Could you help me please?

InterSystems FAQ rubric

You can set the maximum size of the IRISTemp database at IRIS startup by setting a configuration parameter called MaxIRISTempSizeAtStart.

After setting, the system will truncate IRISTemp to the set value (MB) at the next IRIS startup. If the current size is less than the specified MaxIRISTempSizeAtStart, no truncation will occur. Also, if 0 is specified, truncation will not be performed, so the size will start without changing. (Default) Settings are made from the menu below.

InterSystems FAQ rubric

To run an online backup from a command you can use the API BACKUP^DBACK routine.
An example of performing a full backup is as follows.

set  status = $$ BACKUP ^DBACK( "" , "F" , "full backup" , "c:\backup\full.cbk" , "Y" , "c:\backup\full-log.log" , " NOINPUT" , "Y" , "Y" , "" , "" )

The return value is 1 if the backup is successful, and 0 if the backup is unsuccessful. Please refer to the log file for details on failure.

Additionally, you can specify C for the second argument TYPE to specify a cumulative backup, and specify I to specify a differential backup.

We are successfully using System Default Settings to manage differences in settings across environments where the production and underlying code are otherwise identical. However, the TestingEnabled and LogGeneralTraceEvents settings don't appear to be settable via this mechanism. While we appear to be able to set them on the SDS page, they do not show up as selectable when resetting the settings on the Production Settings tab in the management portal - see screenshots below. Is there any way of managing these two settings so we can have development and test servers running with TestingEnabled

We are moving away from Delegated Authentication in which I stored a username and password for our LDAP in a GLOBAL to be called by ZAUTHENTICATE.

Is there a way to pull in that GLOBAL into the LDAP Configuration within the Managment Portal instead of having to manually enter it? There seems to be an issue with Copy/Paste that the password isn't being set correctly when I use Copy/Paste.

Else I just export/import the LDAP Configuration from 1 server to another and manually update the Certificate to point to the correct file.

Thanks

Scott

Here in %SYS, we have already examined users, resources, and roles. Now that we know how to set all of that up, we should give it a purpose. Next we will talk about applications! As you may expect, we will see various identical class methods defined here that we have seen in the previous classes. However, some of them will have some tiny yet significant differences.

(This article was reviewed in February 2021.  It is still relevant to Caché-based installations and similarly applies to IRIS-based installations.)

This article discusses the Windows write caching setting which can leave systems vulnerable to data loss or corruption in the event of power loss or operating system crash.  The setting is on by default in some Windows configurations.

I need to develop a tool to help to get what data is being consumed by a certain process, in order to get all data used to build an automated test scenario.

For example, some user process will pull data from ^GLOBAL(1)="dataString", ^GLOBAL(2)="dataString2", ^GLOBAL1(1)="data1String", ^GLOBAL2(4)="data2String4". Amidst all other data on these Globals, I will ignore everything that was not used in the user process, and get the specific keys used on it.

Hello Community

IRISTEMP database consumes more disk space and make the production instance down when running Bulk SQL queries (maybe other processes aswell)

Is setting up the "Maximum" size it resolves the problem?. Is this setting impacts the performance? 

What are the approaches to resolve it

sample screenshot

Hello Community,

I got the below error while creating a new database.

Will it hurt anything if I disable the user that installed IRIS, within IRIS? Does this cause a problem with background processes running or with the restart? I know the _Ensemble user is used to start/stop/restart objects within IRIS, just didn't see anything in the documentation about the user that installed IRIS.

Thanks

Scott

I am trying to move us to Securing the Management Portal using Apache and the Web Gateway.

Our Development environment/namespace only has 1 server, but both Test and Production have failover/DR mirroring containing 3 servers for Test, and 3 additional servers for Production. 

• Development - 1 server
• Test -2 server's setup for Failover, and 1 Async DR Mirror
• Production - 2 servers' setup for Failover, and 1 Async DR Mirror

In Test and Production, the mirroring is setup using an Arbiter and the VIP address is controlled at the Hardware level.

We are back to %SYS once again! Since we covered managing users and resources in the last two articles, we can finally move on to roles. As you may have guessed, there are a lot of methods of managing them that you have already seen in our previous writings. However, we can still encounter key differences in this particular class.

I recently started work on trying to Tighten Security in our Development Instance of IRIS that is running based on recommendations from our Audit as you might of seen from my other posts. I am currently trying to get into the Private Web Gateway Manager within IRIS as CSPSystem, but when I attempt to sign in nothing happens. 

I went through and reset the password in the CSP.ini and within IRIS for CSPSystem. I made sure it had the new GatewayRole per suggested 

https://docs.intersystems.com/healthconnect20231/csp/docbook/DocBook.UI.Page.cls?KEY=GSECURING_tighten#GSECURING_tighten_smp_CSPSysAuthe

I am trying to lock down security within our Development environment per requirements from a Security Audit that was done earlier this year. I need to try to limit access at a public level, access to cache users, and exposure.

I installed IRIS with the Lockdown method, and have configured my web applications, services, resources, etc.

When I go into my namespace, I am constantly presented with the following error when I try to start or stop an Object...

Cannot login as IRIS manager. Please confirm the '_Ensemble' user is enabled and is assigned the '%All' role.

We currently have a couple of Shell scripts we have written to EnableConfigItem from a Unix (Red Hat) command line, so we can control when a Service/Operation is running via the cron in Unix. We do this by calling

:>iris session xxxxx

using _system user.

During our Security audit it was mentioned that we need to lock down some of the cache users. 

• So, has others written scripts to make IRIS calls via command line?
  • If so, what is the consensus of using a Cache user vs using say a LDAP service account?
• Or what have you used in the past to ensure that the password is not hardcoded anywhere?

InterSystems FAQ rubric

On Linux, use the iris command to execute a routine or method from a shell and get the return value.

For more information,  please refer to the document "About Instance Connections".

An example of a command is as follows.

iris terminal instname [arguments]

The return value of a shell script can be specified using a special variable using the Terminate() method of the %SYSTEM.Process class when the process ends, rather than by specifying an argument in the QUIT or RETURN command that is specified when a routine or method ends. Use the method of returning a value to $?.

Using the Windows Subsystem for Linux (WSL2), is it possible to install IRIS and run it from there? I am wanting to test IAM, but unable to run Docker Desktop on my VM, and do not have access to a Linux machine to install and test with.

Thanks

Scott

Is there any built-in functionality to send out an email or a text message when a mirror member fails?