When you first start working with InterSystems IRIS, it’s a common practice to install a system with only a minimum level of security. You have to enter passwords fewer times and this makes it easier to work with development services and web applications when you're first getting acquainted. And, sometimes, minimal security is more convenient for deploying a developed project or solution.
And yet there comes a moment when you need to move your project out of development, into an Internet environment that’s very likely hostile, and it needs to be tested with the maximum security settings (that is, completely locked down) before being deployed to production. And that’s what we’ll discuss in this article.
For more complete coverage of DBMS security issues in InterSystems Caché, Ensemble, and IRIS, you may want to read my other article, Recommendations on installing the InterSystems Caché DBMS for a production environment.
The security system in InterSystems IRIS is based on the concept of applying different security settings for different categories: users, roles, services, resources, privileges, and applications.

Users can be assigned roles. Users and roles can have privileges on resources — databases, services, and applications — with varying read, write, and use rights. Users and roles can also have SQL privileges on the SQL tables located in databases.

5 2
2 883

I'm working on a proposal for a deployment tool development project and I was wondering if anyone had any experience with such a thing.

We use Healthshare and implementations for new clients are tedius and lengthy. Lots of ensemble service, registry value, lookup tables, namespaces and other things have to be created and configured.

I would like to create a Zen or CSP page based deployment tool that can do all this with a few parameters and some custom code.

1 15
0 881

Here you have an easy way to write and execute COS code from your unix scripts. This way one does not need to write routines or even open Studio or Atelier. It can be an option for simple and small actions for instance things like installation tasks or compiling.

See sample bash script (compile.sh) to compile classes:

6 2
0 857

Hi,

Can a Cache Mirror be used in the cloud ? (ie stand up a Primary and Backup member instances in a High Availability Cache Mirroring configuration)

I'm investigating the validity of this configuration, because I was of the understanding that this may not possible due to these cloud servers not (typically) having fixed ip addresses, which interferes with the Virtual IP settings for the mirror set.

Is this correct, and if there are workarounds (like Load Balancing ?) can I have details on how this should be configured ?

1 8
0 850

Currently, we are running 2014.1 on two different servers (OpenVMS, RHEL). The plan is to transition from OpenVMS to RHEL, but our Write Daemon is in a Troubled state on both servers.

On the OpenVMS server, we have a WIJ file that's 26G and can grow to 40G (size of database cache). Since it hasn't grown to 40G, we don't believe the size of the WIJ file to be the issue.

What else should we be looking at regarding the performance of the Write Daemon?

0 1
0 847
Question
· Jul 13, 2017
EmergencyId startup

Hello, I am writing to request assistance on an issue I appear to be having when accessing Ensemble. I have it running on a Windows virtual machine, on a Mac laptop, and am trying to access it through the emergency ID account. When starting Ensemble through the command line window using ccontrol start ENSEMBLE /Em... I get an error and Ensemble does not start. Below is the error message I am getting when checking the logs:

1 2
0 838
InterSystems Official
· Nov 7, 2016
Feature Tracker in 2017.1

Starting with the Field Test of 2017.1 InterSystems products will include Feature Tracker. It is enabled by default during the Field Test and is explained more fully in the product documentation included below. Information collected by Feature Tracker is limited to technology usage information and instance identification. This tool has been carefully crafted to not transmit sensitive information related to customer applications or data.

3 0
0 837

I was wondering if there was a certain procedure or documentation on securing (Https://) the Web Portal into IRIS/Ensemble?

Currently we are using LDAP Delegated Authentication to access the Web Portal using LDAP. However as more and more emphasis is put on securing applications within networks, I can see Management/Security asking us to make sure that the web portal is more secure.

1 6
1 818

This post provides further detail on the suggestions from the DeepSee Troubleshooting Guide about what to do if a user is not able to view a listing in a DeepSee cube, but instead sees errors like this:

ERROR #5540: SQLCODE: -99 Message: User <username> is not privileged for the operation [zfindStatement+118^%SQL.DynamicStatement.1:<namespace>] (8)

1 1
0 808
Question
· Jan 12, 2020
Timeout for $zf

In one of the projects, when we have ECP with 10 ECP application servers, from time to time we faced the issue when our journals fail to purge, due to open transactions. While we have about 100-150 GB journal files per day, it quite quickly became a big issue, and with mirroring a very big issue. Mostly we just rebooted our ECP Data server, so it searches rollbacks any transactions, but such process is too long, may steal a few hours. I did not find any way, how to get the list of the open transactions from one place from ECP Data Server. We just migrated our Data server to 2018.1.

3 4
0 804

We will be transitioning from a server running HP OpenVMS to one running RHEL 7. The main question some of the team had was what would be the best method for moving the globals to the new system.

Also, I was wondering if any others have transitioned from OpenVMS to RHEL. If so, were there any kinks that we should be aware of prior to transition?

0 2
0 794

Just curious how many companies use in their work Docker containers, I mean not only with InterSystems products. And if such companies exist, which of them uses docker and doesn't use it for InterSystems products by some reasons. What are the reasons? For companies which already uses InterSystems in containers, how do you use it? Development environment, testing or even in production ?

And if you don't use but thought about it, what are the reasons which stop you.

As for me, I've been using InterSystems Caché inside a Docker container in some different cases:

3 2
0 782

Preview releases are now available for the first version (v1.0) of InterSystems System Alerting and Monitoring (InterSystems SAM for short).

InterSystems SAM v1.0 provides a modern monitoring solution for InterSystems IRIS-based products. It allows high-level views of clusters and single-node drilled down metrics-visualization together with alerts notifications. This first version provides visualization for more than one hundred InterSystems IRIS kernel metrics, and users can extend the default-supplied Grafana template to their liking.

V1.0 is meant to be a simple and intuitive baseline. Please help us make it great by trying it and sending us feedback!

SAM can display information from InterSystems-based instance starting with version 2019.4

SAM is only available in container format. You will need the SAM Manager container plus a small set of additional open-source components (Prometheus and Grafana) that are added automatically by the composition file.

SAM components and the SAM Manager Community Edition are available from

If you are traveling or prefer a voice-based Q&A description on what SAM is, here is a podcast we have prepared for you:

https://5e18edf067eb59-03854285.castos.com/player/198587
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

7 2
2 771
Question
· Apr 24, 2018
Custom Purge Job

I want to create an interface specific purge job. Please let me know if there are any holes in my approach. I realize that an interface that went from HospitalAService to HospitalARouter to PracticeBOperation would require two separate executes in my example below, but I want that granularity as there are some intermediate steps in our workflows that we don't need to retain messages for.

1 2
0 751

Can someone direct me to where in the documentation we can find how consumption may be calculated for global storage?

Caché Version2010.1
Operating SystemHP OpenVMS 8.4

EDIT: After receiving some responses, it seems I was unclear in my initial inquiry. I am looking to determine our rate of consumption of storage; however, I am having some difficulty in doing that.

0 6
0 738

Hi,

We have Mirroring established between NODE 1 & Node 2 . We have set the "cachesys" database enabled for Journalling. But we dont see the User Accounts , Roles, Resources created on Node 1 ( favoured Primary) reflected on Node 2 . Is creating them manually again is the only option for this ? . Is there any way to sync them or would adding %SYS to MIRROR a possible solution. Would it be great if anyone has faced this as we have an issue that during failovers Team is locked out .

Best Regards,

Arun Madhan

1 10
1 738

Recently, we scheduled two tasks (1008 and 1009) within Task Manager. Task ID 1008 is set to run after Purge Tasks (%SYS-ID:3), and Task 1009 is set to run at 7:00:00 each day.

In attempt to provide as much detail as possible, each of the tasks are as follows:

  • Task 1008

    WHILE (($p($h,",",2) < $ZTH("10:00 PM")) && ($P($g(^Task.1008(+$h,$j)),"^",1) = +$h)) { J ^ROUTINE, ^ROUTINE2 D SUB^ROUTINE3 H 5 }

0 4
0 730