Skip to main content

InterSystems IRIS Managed Service Reference Information

This section describes how to perform various activities that are part of the day-to-day operations of InterSystems IRIS Managed Service, organized by page. Use the links in the Deployments section of the main menu in the Cloud Services Portal to navigate from page to page.

For a high-level overview of setting up InterSystems IRIS Managed Service, see Introducing InterSystems IRIS Managed Service.

Note:

Some of the functionality described in this section may not be available to all users, depending on their role on the development team. For more information, see Tenants PageOpens in a new tab.

Overview Page

The Overview page contains several sections, as described below. Some content may or may not appear, based on your configuration.

Deployment Details

In the Deployment Details section of the Overview page for your deployment, you can view the details of your deployment, including:

  • Deployment size

  • Creation date

  • Deployment ID

  • Cloud provider and region

  • High Availability State

  • Underlying InterSystems IRIS platform

Note:

If a deployment has a status where you cannot access the deployment’s Overview page (for example, CREATING or UPDATING), its card on the Deployments page will display the Deployment ID. The Deployment ID uniquely identifies your deployment.

xDBC Details

The xDBC Details section of the Overview page provides information on how to connect to your InterSystems IRIS Managed Service database using a JDBC or ODBC client. You can also find out how to install the necessary InterSystems IRIS JDBC or ODBC driver.

You also need to create an inbound firewall rule to open port 1972 on the Firewall page.

For more information on querying your InterSystems IRIS Managed Service database using JDBC or ODBC, see Query Your Data.

Interoperability Details

The Interoperability Details section of the Overview page displays the File System Interoperability directory name to be used by Interoperability Productions Opens in a new tab that need to store files on the file system. If you have a High Availability configuration, files in this directory are copied automatically from the primary mirror member to the backup mirror member.

This section also displays the CIDR Block for the private network used for this deployment, as well as the Virtual IP Address of the deployment. This CIDR block defines the range of IP addresses used for the internal InterSystems IRIS Managed Service components. The Virtual IP address is a static address within the CIDR block that you use to communicate with this InterSystems IRIS Managed Service deployment. If you have a High Availability configuration, this Virtual IP address will continue to work no matter which mirror member is the primary member.

The External IP is displayed only if you have enabled public access on the Firewall page.

System Management Page

From the System Management page for your deployment, you can launch the InterSystems IRIS Managed Service Management Portal, which allows you to create and manage Interoperability Productions Opens in a new tab to connect systems that use different communication protocols and message formats.

Before you can connect to the Management Portal, you need to complete several prerequisite steps:

  1. If you are connecting to InterSystems IRIS Managed Service using a VPN (or private circuit), create an InterSystems Network ConnectOpens in a new tab deployment. On the Network Connect Configurations pageOpens in a new tab, attach your InterSystems IRIS Managed Service deployment and your VPN (or private circuit).

  2. On the InterSystems IRIS Managed Service Firewall page, create a firewall rule to allow traffic to flow to the Management Portal.

  3. On the Connect Users page, create a username and password you can use to log in to the Management Portal. Then assign to the user any productions you need to access.

    Note:

    You need to assign at least one production to the user in order to access the Management Portal. If no productions exist, create one on the Productions page.

After the prerequisite steps are complete, click Launch Management Portal and log in with the username and password of your connect user.

If you do not see a production you recently created, you might need to add access to that production for your user on the Connect Users page, or you might need to log out of the Management Portal and log back in.

For complete information on using the Management Portal, see the InterSystems IRIS documentation setOpens in a new tab. Note that some InterSystems IRIS functionality is not available to InterSystems IRIS Managed Service users, as these aspects of the service are managed for you by InterSystems.

Connect Users Page

The Connect Users page allows you to manage the users who need to log in to the InterSystems IRIS Managed Service Management Portal. The InterSystems IRIS Managed Service Management Portal can be launched from the System Management page.

For details on how to manage Connect Users, see The Connect Users Page.

Productions Page

The Productions page allows you to see all of the interoperability productions you have created and their current Production State (for example, Stopped or Running). In general terms, a production accepts messages from one or more external systems, transforms or processes the messages as required, and then sends them to one or more other external systems.

You can also use the Productions page to:

For general information on productions, see Introduction to Interoperability ProductionsOpens in a new tab. For configuration information specifically relevant to InterSystems IRIS Managed Service productions, see Configure InterSystems IRIS Managed Service Productions.

For information on how to grant access for a user to work on a production, see Connect Users page.

Create a Production

When you create an interoperability production, the Cloud Services Portal also creates a namespaceOpens in a new tab for the production, which includes a database for the code and data for that production. After creating a production, you can configure and manageOpens in a new tab it using the Management Portal.

For more information on developing productions, see the InterSystems IRIS documentation setOpens in a new tab.

If your InterSystems IRIS Managed Service deployment was created with the High Availability configuration, the databases for your interoperability productions are automatically mirrored to the backup server.

To create a production:

  1. On the Productions page, under Create Interoperability Production, type the desired name of your production.

  2. Click Create Production.

After you create a production, it shows up in the Productions list at the top of the page with a Production State of Stopped. When the creation process is finished, the Production State changes to Running. The Production Started column shows the time the production was started, in GMT. You may need to click Refresh to update the status.

To manage the production in the Management Portal, click Manage in the row for that production. You will need to log in as a user that you or a team member has created (and granted production access to) on the Connect Users page

Delete a Production

To delete an interoperability production:

  1. On the Productions page, click the Delete Production icon in the Actions column for that production.

  2. In the Delete Production dialog box, type Permanently Delete, and click Delete.

The production is removed from the Productions list at the top of the page.

SSL/TLS Configurations Page

Transport Layer Security (TLS) provides strong protection for communication between pairs of entities. It allows you to perform authentication, data integrity protection, and data encryption. TLS is the successor to the secure sockets layer (SSL).

InterSystems IRIS Managed Service supports the ability to create and store an SSL/TLS configuration and specify an associated configuration name. When you need an SSL/TLS connection (for example, to connect another system to InterSystems IRIS Managed Service or to connect InterSystems IRIS Managed Service to another system), you provide the applicable configuration name, and InterSystems IRIS Managed Service automatically handles the connection. For information on using SSL/TLS configurations in an production, see Configure a Production to Use SSL.

The SSL/TLS Configurations page allows you to see all of the SSL/TLS Configurations you have created, whether they are enabled or not, and the type of each connection (Client or Server).

You can also use the SSL/TLS Configurations page to:

Create an SSL/TLS Configuration

To create a new SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, under Create SSL/TLS Configuration, type the desired name of your SSL/TLS Configuration.

    Only alphanumeric characters are allowed. No spaces or special characters.

  2. Type an optional Description.

  3. If desired, check Enabled to enable the configuration after creating it.

    You can enable or disable it later by editing the configuration.

  4. Choose a Type for the configuration.

    Client means that this configuration is used when InterSystems IRIS Managed Service initiates a connection to another system, for example, in an outbound TCP adapter in a production’s business operation.

    Server means that this configuration used when another systems initiates a connection to InterSystems IRIS Managed Service, for example, in an inbound TCP adapter in a production’s business service.

  5. Choose the desired Certificate Verification for this configuration.

    If this is a Client configuration:

    • None means that the server does not need to provide a certificate and the client performs no verification.

    • Required means that the server must provide a certificate and the client verifies the certificate with the Certificate Authority that issued the certificate.

    If this is a Server configuration:

    • None means that the client neither requires or requests a certificate.

    • Request means that the client may or may not provide a certificate and the server verifies the certificate only if provided.

    • Required means that the client must provide a certificate and the server verifies the certificate with the Certificate Authority that issued the certificate.

  6. Upload the file containing the trusted Certificate Authority certificate(s).

    This file contains the X.509 certificate(s) in PEM format of the Certificate Authority (CA) or Certificate Authorities that this configuration trusts. The configuration uses the certificates of the trusted CA(s) to verify peer certificates. Typically, a production system uses certificates from commercial CAs with publicly available certificates.

    This field does not appear if certificate verification is not needed for this configuration.

  7. Upload the file containing configuration certificate.

    This is the configuration’s own X.509 certificate(s) in PEM format, if required.

  8. Upload the file containing associated private key.

    This is the configuration’s private key file.

    If a configuration certificate is provided, a private key is required.

  9. Select the Private Key Type.

    This is the algorithm used to generate the private key, where valid options are DSA (Digital Signature Algorithm) and RSA (Rivest, Shamir, and Adleman).

  10. Type the Private Key Password.

    If the private key is password-protected and you do not enter a value here, InterSystems IRIS Managed Service cannot confirm that the private key and the certificate’s public key match each other.

  11. Select the Minimum Protocol Version supported by this configuration.

    This is the earliest version of the TLS protocol that this configuration supports.

  12. Select the Maximum Protocol Version supported by this configuration.

    This is the latest version of the TLS protocol that this configuration supports.

  13. If desired, edit the Enabled Cipherlist.

    The default set of cipher suites is:

    • ALL — Includes all cipher suites except the eNULL ciphers

    • !aNULL — Excludes ciphers that do not offer authentication

    • !eNULL — Excludes ciphers that do not offer encryption

    • !EXP — Excludes export-approved algorithms (both 40- and 56-bit)

    • !SSLv2 — Excludes SSL v2.0 cipher suites

  14. For Server configurations only, select the size of Diffie-Hellman key (if using).

  15. For Server configurations only, optionally enable and configure OSCP Stapling.

    OCSP (Online Certificate Status Protocol) is an internet protocol that checks the validity status of a certificate in real-time.

  16. Click Create Configuration.

For more information on the fields on this page, see About ConfigurationsOpens in a new tab.

After you create a configuration, it shows up in the SSL/TLS Configurations list at the top of the page.

Edit an SSL/TLS Configuration

To edit an SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, click the Edit Configuration icon in the Actions column for that SSL/TLS Configuration.

  2. In the dialog box, edit any of the fields, and click Submit.

See Create an SSL/TLS Configuration for information on each field.

Delete an SSL/TLS Configuration

To delete an SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, click the Delete Configuration icon in the Actions column for that SSL/TLS Configuration.

  2. In the Delete Configuration dialog box, type Permanently Delete, and click Delete.

The configuration is removed from the SSL/TLS Configurations list at the top of the page.

Test an SSL/TLS Configuration

To test an SSL/TLS Configuration (client configurations only):

  1. On the SSL/TLS Configurations page, click the Test Connection icon in the Actions column for that SSL/TLS Configuration.

  2. In the SSL/TLS Connection Test dialog box, type a Hostname (not its URL) and a Port.

  3. Click Test Connection.

    The dialog box is updated with information saying whether the connection test succeeded or failed. If the test succeeded, additional details of the connection are provided, such as the protocol and ciphersuite that were used.

SQL Gateways Page

A SQL Gateway provides access from InterSystems IRIS Managed Service to external databases via JDBC and ODBC.

InterSystems IRIS Managed Service maintains a list of SQL Gateway configurations, which are logical names for connections to external databases. Each SQL Gateway configuration consists of a configuration name, information on connecting to the data source, and a username and password to use when establishing the connection.

The SQL Gateways page allows you to see all of the SQL Gateway configurations you have created, the driver used, the server URL, and username used to connect to the external database.

You can also use the SQL Gateways page to:

Create a SQL Gateway Configuration

To create a new SQL Gateway configuration:

  1. On the SQL Gateways page, under Create SQL Gateway Configuration, type the Configuration Name of your SQL Gateway configuration.

    Only alphanumeric characters are allowed. No spaces or special characters.

  2. Choose a Driver to use for the connection.

  3. In the Server box, type the URL of the server to use for this connection.

  4. In the Port box, type the port number to connect to on the server.

  5. In the Database box, type the name of the external database.

  6. In the User box, type the username to use to connect to the external database.

  7. In the Password box, type the password to use to connect to the external database.

  8. Click Create Configuration.

After you create a configuration, it shows up in the SQL Gateway Configurations list at the top of the page.

Test a SQL Gateway Configuration

To test a SQL Gateway configuration:

On the SQL Gateways page, click the Test Configuration icon in the Actions column for that configuration.

You should see the message “Successfully connected to remote server.”

If you see the message “There was an issue testing configuration. Please double check configuration parameters.” then edit the SQL Gateway configuration and try again.

Edit a SQL Gateway Configuration

To edit a SQL Gateway configuration:

  1. On the SQL Gateways page, click the Edit Configuration icon in the Actions column for that configuration.

  2. In the dialog box, edit any of the fields, and click Save.

See Create a SQL Gateway Configuration for information on each field.

Delete a SQL Gateway Configuration

To delete a SQL Gateway configuration:

  1. On the SQL Gateways page, click the Delete Configuration icon in the Actions column for that configuration.

  2. In the Delete Configuration dialog box, type Permanently Delete, and click Delete.

The configuration is removed from the SQL Gateway Configurations list at the top of the page.

Firewall Page

The Firewall page allows you to manage your deployment’s firewall, allowing (or denying) inbound traffic to your deployment or allowing (or denying) outbound traffic from your deployment.

Private rules allow (or deny) traffic to and from your deployment over the private network. To connect to your deployment over the private network, use InterSystems Network ConnectOpens in a new tab to connect a VPN gateway device (or a private circuit) to the deployment.

Public rules allow (or deny) traffic to and from your deployment over the internet. Enabling public access generates an external IP address, which can be viewed in the Global Network Settings section of the Firewall page and in the Interoperability Details section of the Overview page.

The following constraints apply to InterSystems IRIS Managed Service firewall rules:

  • For inbound rules, the allowed ports are 443, 1972, and 1024 through 65535. Use port 443 to allow a user to log into the deployment’s Management Portal. Use port 1972 to connect to your deployment’s database using a JDBC or ODBC client.

  • For outbound rules, the allowed ports are 22, 53, 80, 123, 443, 465, 587, and 1024 through 65535.

For details on how to manage your firewall rules, see Firewall Page.

Network Page

The Network page can be used to test connectivity from this deployment to a particular server or to monitor flow logs of the traffic coming in and out of this deployment.

Test Connectivity

The Network Connectivity Test section of the Network page allows you to test connectivity from this deployment to a particular server and port. The server could be an external server or an on-premise server accessed over your company’s VPN.

To perform a connectivity test:

  1. In the Network Connectivity Test section of the Network page, in the IP or Hostname box, type the IP address (such as 203.0.113.0) or hostname (such as example.com) of the server to which you want to connect.

  2. In the Port box, type the port number to which you want to connect on that server.

    You can specify one of the following ports: 22, 53, 443, 465, 587, or a port in the range 1024-65535.

  3. Click Test Connection.

    You will see either a success or failure message.

Monitor Flow Logs

The VPC Flow Logs section of the Network page allows you to monitor the traffic coming in and out of this deployment. This allows you to confirm that your network configuration is correct, debug network issues, monitor traffic patterns, or identify unauthorized access attempts.

To view flow log entries:

  1. In the VPC Flow Logs section of the Network page, optionally filter the log by entering one or more of the following fields:

    • Actions — Choose ACCEPT to see only traffic that was permitted to flow from the source to the destination or REJECT to see only traffic that was blocked from reaching its intended destination.

    • Host IP — Type the IP address of either the source or destination.

    • Host Port — Type the port of either the source or destination.

  2. Enter the Start Time and End Time of the period of time you want to examine.

    The default window is the most recent 10 minutes. The maximum window is 30 minutes in duration.

  3. Click Find.

    Flow log entries matching the entered criteria are displayed.

  4. Optionally, click Load More to load more log entries.

    This button only appears if more log entries remain to be loaded.

Custom Packages Page

The Custom Packages page allows you to manage any third-party packages that you want to use with your deployment. The page shows you a list of all of the available packages and which ones you have installed. Installed packages are indicated with a check mark and are highlighted in green.

To install or remove packages:

  1. Select any uninstalled packages from the list that you want to install, and deselect any installed packages you want to remove.

    These packages now appear under Staged Changes, marked as either Pending Install or Pending Removal.

  2. Click Save to save your changes.

    The packages are now marked Needs Deployment.

  3. Click Deploy to deploy your saved changes.

    All saved changes are deployed, and the list of packages is updated to reflect your changes.

    It can take a few minutes for all of the changes to be deployed.

Documentation

If you have any questions on how to use InterSystems IRIS Managed Service, on the main menu, click Documentation.

For documentation on all of the InterSystems cloud services, click your name at the top right of the Cloud Services Portal, and then click Documentation.

If you would like to submit any feedback to help InterSystems improve any of the InterSystems cloud services, click your name at the top right of the Cloud Services Portal, and then click Submit Feedback. While we cannot respond to all feedback we receive, we welcome your opinion and will take it into consideration when determining future directions and enhancements.

Common Cloud Services Portal Functionality

For information on common Cloud Services Portal functionality that is not specific to InterSystems IRIS Managed Service, see Cloud Services Portal Reference InformationOpens in a new tab. This document includes material describing the following features in the Cloud Services Portal:

Configure InterSystems IRIS Managed Service ProductionsNext section
Previous sectionIntroducing InterSystems IRIS Managed Service
FeedbackOpens in a new tab