Skip to content

Managing Virtual Appliances

Virtual appliances connect your SailPoint tenant and enterprise systems, supporting secure communication between them. It's therefore important to regularly monitor and maintain each SailPoint VA, and be familiar with the connected sources.

VA Updates

SailPoint manages VA updates. Whenever we make improvements to the VA image, we deploy them to the clusters, which then perform rolling updates and reboots on the related VAs one at a time. Having at least two VAs per cluster ensures connectivity with your sources during these updates. By applying updates and rebooting one at a time, the VA cluster maintains full availability during the update process.

Caution

If any VA in a cluster is not connected, no software or maintenance updates are made to any of the VAs in that cluster.

VA updates cannot be skipped or delayed. SailPoint does not notify before VA updates, only connector updates. VA updates are usually released to sandbox environments a week before they are released to production environments.

Your organization should have similar VA setups in sandbox and production and configure IdentityNow to send notifications if a VA fails. Following these guidelines, you will be notified in the rare case that a VA update causes a problem in sandbox before there is a problem in production.

Monitoring VA Health

You have the following options to check on the health of your VAs:

  • Notifications - You can configure IdentityNow to send you email when a VA goes down.

  • Admin Dashboard - Select the Clusters tile of the system components status panel.

  • Virtual Appliance Clusters Page - Select Admin > Connections > Virtual Appliances to view cards for each VA cluster in your organization. Each VA cluster card displays status and alert messages informing about the health of the cluster.

  • Virtual Appliance Cluster Details Page - To monitor the health of the individual VAs in the cluster, select Details on the cluster card, and then select the Virtual Appliances tab.

Cluster Status and Alert Messages

Badge Text Information
Healthy All VAs are operating as expected.
VA Update in Progress At least 1 VA in the cluster is in the configuring state. If the cluster contains at least 2 VAs, normal cluster operation is maintained during updates.
Empty Cluster The cluster does not have any VAs. SailPoint recommends having at least 2 VAs in a cluster. The cluster is not usable until VAs are added.
Only 1 VA in Cluster There is only 1 VA in the cluster. SailPoint recommends having at least 2 VAs in a cluster.
Inactive VA One or more of the VAs in the cluster are inactive.
VA Did Not Update One or more VAs in the cluster did not update. Restart the cluster.
All VAs Inactive All the VAs in the cluster are inactive.

VA Status and Alert Messages

Badge Text Information
Connected The VA is operating as expected.
Update in Progress The VA in the cluster is in the configuring state. Normal operation will resume after update is complete.
Configuration Incomplete The VA failed to connect during configuration. Delete this VA and try again. (This status is unlikely to be encountered, because VAs that fail to successfully connect during configuration are auto-deleted.)
VA Did Not Update Restart the cluster. If the problem persists, contact SailPoint Support.
Inactive State The VA is in an inactive state and cannot connect. Contact your network administrator.

Reviewing Sources Connected to VAs

To review the sources connected to a specific VA:

  1. Go to Admin > Connections > Virtual Appliances.

  2. Select Details on the cluster card you want to review.

  3. Select the Connections tab. All sources connected to the VA cluster are listed along with source status messages and other information.

Refer to Managing Sources for information about working with sources.

Connecting a VA Cluster to a Source

A VA cluster can be connected to a source when the source is being created in IdentityNow or after the source has already been created.

To connect a VA cluster to an existing source:

  1. Go to Admin > Connections > Sources.

  2. Select Edit on the source you want to change.

  3. In the Base Configuration, select a VA cluster in the Virtual Appliance Cluster dropdown list.

  4. Select Save.

Refer to Managing Sources for information about working with sources.

Disconnecting a VA Cluster from a Source

To disconnect a VA cluster from a source:

  1. Go to Admin > Connections > Sources.

  2. Select Edit on the source you want to change.

  3. Select a different cluster in the Virtual Appliance Cluster dropdown list.

  4. Select Save.

Refer to Managing Sources for information about working with sources.

Setting the VA Cluster Time Zone

The cluster time zone determines the GMT offset when scheduling account aggregations and entitlement aggregations for the connected source.

To set the VA cluster time zone:

  1. Go to Admin > Connections > Virtual Appliances.

  2. Select Edit on the VA cluster you want to change.

  3. Select a Time Zone.

  4. Select Save.

Refer to Loading Identity and Access Data for more information about working with aggregations.

Maintaining Your VA Infrastructure

Maintaining your VA infrastructure ensures continuous connectivity with your sources. If there is an issue with a VA, it is important to respond quickly so the VAs are available for updates and able to maintain connectivity.

Resetting your VA Password

You can change the password on a VA at any time:

  1. Sign in to the virtual machine on which the VA is running.

  2. At the command prompt, type passwd.

  3. Enter the current password.

  4. Enter the new password.

  5. Repeat the new password.

  6. Reboot the VA: sudo reboot

Restarting a VA Cluster

If a VA cluster or VA is not operating as expected, a status or alert message may prompt you to restart the VA cluster.

To restart a VA cluster:

  1. Go to Admin > Connections > Virtual Appliances.

  2. On the card for the cluster you want to restart, select Actions > Restart Cluster.

  3. In the confirmation window, select Restart Cluster. A confirmation banner confirms that the VA cluster restart process has been initiated.

Deleting a VA

You can delete a single VA without deleting the entire cluster.

To delete a specific VA:

  1. Go to Admin > Connections > Virtual Appliances.

  2. Select Edit on the cluster that includes the VA you want to delete.

  3. Select Virtual Appliances to display the list of VAs in the cluster.

  4. Select the Delete VA icon for the VA you want to delete.

Caution

After removing the VA from IdentityNow, you also need to shut down the related VA instances on your virtualization platform. Failure to do so can result in degraded performance or potential downtime.

Deleting a VA Cluster

To delete a VA cluster:

  1. Go to Admin > Connections > Virtual Appliances.

  2. Disconnect the VA cluster from the source.

  3. Delete each VA in the cluster you want to delete.

  4. On the card for the cluster to be deleted, select Actions > Delete Cluster.

  5. In the confirmation window, select Delete Cluster. A banner confirms that the VA cluster has been deleted, and the deleted cluster is removed from the cluster list.

Recovering from a VA Failure

When a VA cluster fails, you need to replace it quickly with a new VA cluster and reconnect all of the sources.

To replace a failed VA:

  1. Create a new VA cluster and at least 2 VAs on that cluster. You will be connecting your sources to this new VA cluster.

  2. On the failed VA cluster, select Details > Connections and make note of the sources that are connected to the failed VA cluster.

  3. Go to Admin > Sources and connect each source to the new VA cluster you just created as follows:

    a. Select Edit on the affected source.

    b. On the Base Configuration page, select the new VA cluster you just created in the Virtual Appliance Cluster dropdown.

    c. Select Save.

    d. Repeat steps A through C for each source connected to the failing cluster.

  4. Once all sources are connected to the new VA cluster, go to Admin > Connections > Virtual Appliances.

  5. Select Details on the new VA cluster.

  6. Select the Connections tab and verify that the new VA cluster is connected to the same sources that the failed VA was.

  7. Delete the failed VA cluster.​

For troubleshooting tools and resources, refer to the Virtual Appliance Troubleshooting Guide using your SailPoint Compass login.