Cloud Services Portal Reference Information

This section describes how to use the common features of the InterSystems Cloud Services Portal, organized by page. Use the top-level links in the main menu in the Cloud Services Portal to navigate from page to page.

For information on service-specific pages (the links in the Deployments section of the main menu), see:

Services Page

The Services page shows you all of your active InterSystems cloud service subscriptions and provides information on subscribing to additional cloud services. You can also find information on upcoming services here.

To subscribe to a service:

In the Cloud Services Portal, on the main menu, under Cloud Services, click Services.
The Services page shows you any active subscriptions you have to InterSystems cloud services and allows you to sign up for additional services.
On the card for the service to which you would like to subscribe, click Subscribe.
On the Subscribe page, read the pricing information and subscription options, and then Subscribe using the method of your choice.
If you subscribe to a service with InterSystems, we will bill you directly. If you subscribe with your current cloud provider, billing and subscription management are handled through your account with that cloud provider.

You can also subscribe to InterSystems cloud services directly from the AWS MarketplaceOpens in a new tab.

When you subscribe to an InterSystems cloud service, the subscription is tied to your Cloud Services Portal account and your default tenant.

For an estimate of the cost associated with the service, given your expected usage, see the Cost Calculator.

Cost Calculator Page

The Cost Calculator page allows you get an estimate of how much it will cost you to use a particular InterSystems cloud service. It lets you input your expected usage of the service, and the options you want to use for the service, and calculates the expected charges, by the hour, month, or year. If you have previously created estimates for any of the available InterSystems cloud services, you will see these estimates summarized on the page.

To create an estimate:

In the Cloud Services Portal, on the main menu, under Cloud Services, click Cost Calculator.
If you have one or more existing estimates, click Add Service. Otherwise, skip this step.
On the card for the service for which you want to create an estimate, click Configure.
In the dialog box, enter the requested information.
The fields on the dialog box differ according to the service you have chosen, but you may need to enter the expected workload, specify the number of cores or amount of disk space required, or select any optional features you wish to use.
Click Confirm.
The new estimate appears in the list of estimates on the page.

If you want to delete an existing estimate, in the row for that estimate, click the Delete icon in the Action column.

Deployments Page

The Deployments page allows you to see all of the deployments you have created. You can also use this page to:

Create a New Deployment

To create a new deployment, on the Deployments page, click Create New Deployment.

The procedure for creating a deployment varies by service. Follow the prompts on the screen.

For services that have more complex configuration options, also see the documentation on each individual service for more information:

Select a Deployment to Work On

To select a deployment, on the Deployments page, click the card for that deployment. This will display additional items in the main menu that you can use to configure or manage the deployment.

The current deployment is displayed in the breadcrumbs as a reminder.

If you are working on a deployment and want to return to the list of deployments, click Deployments in the breadcrumbs or List in the main menu.

See the reference information for each individual service for more information on how to manage or use that service:

Specify the Service Level for a Deployment

If you signed a Service Level Agreement (SLA) with InterSystems, you can identify a deployment in accordance with the SLA. For example, a deployment identified as Live may receive a higher level of service than one identified as Development or Test. Note that changing a deployment to a higher level of service may incur a higher cost. See the terms of your SLA for details.

If you do not have an SLA with InterSystems, you can still set a deployment to Development, Test, or Live, to help you easily identify the purpose of a deployment.

To specify the Service Level for a deployment:

On the Deployments page, click the action menu on the card for the deployment, and then click Service Level.
In the Service Level Deployment dialog box, specify a Service Level and a Service Level Urgency, and click Submit.

The Service Level you chose now appears on the card for the deployment and on the Overview page for the deployment.

Delete a Deployment

To delete a deployment:

On the Deployments page, click the action menu on the card for the deployment you want to delete, and then click Delete.
In the Delete Deployment dialog box, type the name of the deployment to be deleted, and click Delete.

While the deployment is being deleted, the status under the deployment name changes to DELETE. When the deletion process is complete, the card for the deployment is removed from the Deployments page.

Tenant Details Page

When you create an account in the Cloud Services Portal, a default tenant is created for you, and InterSystems cloud service deployments can be created in this tenant. The name of this tenant is generally <username> Default. You are considered the Owner of this tenant, and you are given the role of Admin in the tenant.

If you are part of a development team, you can invite other members of the team to a tenant, provided that you have either the Admin or Write role for that tenant. That way, they can log in to the Cloud Services Portal using their own usernames and passwords and have access to the deployments in the tenant.

If you have access to more than one tenant, you can see the name of your current tenant in the drop-down list at the top of the screen, next to the Refresh button. You can also use this drop-down list if you want to switch to another tenant.

Invite a Team Member to a Tenant

If you have either the Admin or Write role in a tenant, for example, in your default tenant, you can invite other team members to the tenant.

Team members who do not have an account in the Cloud Services Portal will receive an email asking them to sign up for an account. After they sign up, they will be automatically added to your tenant.

Team members who already have an account in the Cloud Services Portal will receive an email inviting them to your tenant. Make sure you send the invitations to the same email addresses they used to create their accounts so that they do not inadvertently create duplicate accounts.

To invite a new member to a tenant:

On the main menu, click Tenants.
You will see a list of all the Current Tenants you have access to, or for which you have pending invitations.
In the row for a tenant, click the Manage Access icon in the Actions column.
In the Current Members list for the tenant, click Invite Members.
In the dialog box, type the member’s email address.
In the Role drop-down list, select the role you would like the member to have:
- Admin—The member can access the tenant, manage a deployment in the tenant, and manage the members of the tenant.
- Write—The member can access the tenant, create or modify (but not delete) a deployment in the tenant, and manage the members of the tenant (but not grant the Admin role to another team member or remove a team member).
- Read—The member can access the tenant, but not manage the deployment in the tenant or manage the members of the tenant.
Click Invite.

The member will appear in the Current Members list for the tenant, with a Status of PENDING. When the member accepts the invitation, the Status changes to ACTIVE.

You can withdraw an invitation by clicking the Delete icon in the Actions column for that member.

If you withdraw an invitation, or a member rejects an invitation, that member is removed from the Current Members list.

Note:

Only users who have the Admin role can grant the Admin role to another member..

You may need to click Refresh to see the latest values in the Status column.

If the team member does not receive an invitation, make sure you typed the email address correctly and send another invitation if necessary.

Respond to an Invitation to a Tenant

The process of responding to an invitation to a tenant depends on whether or not you have an existing Cloud Services Portal account.

New Users

If you do not already have an account in the Cloud Services Portal, you will receive an email containing a link to a page where you can sign up for an account.

Click the link in your email to go to the Create Your Account pageOpens in a new tab.
On the Create Your Account page, enter the requested information, and click Create Acconut.
When asked for an email address, make sure to use the email address where you received the invitation.
Type the verification code sent to your email address, and click Confirm Account.

Your Cloud Services Portal account is created and you are automatically added to the tenant.

Existing Users

If you already have an account in the Cloud Services Portal, you will receive an email inviting you accept the invitation.

Click the link in your email.
If you are currently logged in to the Cloud Services Portal, you are automatically taken to the Tenant Details page.
If you are not currently logged in to the Cloud Services Portal, you are taken to the login pageOpens in a new tab. Sign in to your account. Then, on the main menu, click Tenants.
You will now see a list of all the Current Tenants you have access to, or for which you have pending invitations. In the row for a pending invitation, click the Accept Invitation icon or the Reject Invitation icon in the Actions column.

If you accept an invitation to a tenant, the Status column for that tenant changes to ACTIVE. You are now a member of the tenant.

If you reject an invitation, the tenant is removed from the list.

Switch to a New Tenant

If you have access to more than one tenant, can see the name of your current tenant in the drop-down list at the top of the screen, next to the Refresh button. You can also use this drop-down list if you want to switch to another tenant.

When you switch tenants, the drop-down list changes to indicate the current tenant. You now have access to the deployments in the new tenant. In the main menu, click Deployments to work on any of the deployments in this tenant.

Note:

The level of access you have to the deployments in this tenant is determined by the role you were given when you were invited to the tenant. Some of the functionality you are accustomed to using may not be available on the various screens in the Cloud Services Portal.

Leave a Tenant

If you no longer have the need to access a tenant, you may leave a tenant. After you leave a tenant, you will no longer have access to the tenant unless you are invited again by a member of the tenant with the role of Admin or Write.

To leave a tenant:

On the main menu, click Tenants.
You will see a list of all the Current Tenants you have access to, or for which you have pending invitations.
If you do not have the role of Admin for the tenant, in the row for the tenant you want to leave, click the Leave Tenant icon in the Actions column.
If you do have the role of Admin for the tenant:
1. In the row for the tenant you want to leave, click the Manage Access icon in the Action column.
2. In the Current Members list for the tenant, in the row for your name, click the Delete icon in the Actions column.

Note:

You cannot leave a tenant if you are the owner of that tenant.

Change the Role of a Team Member

If you have the Admin or Write role in a tenant, you can change the role of an existing team member in that tenant.

To change the role of team member:

On the main menu, click Tenants.
You will see a list of all the Current Tenants you have access to, or for which you have pending invitations.
In the row for a tenant, click the Manage Access icon in the Actions column.
In the Current Members list for the tenant, find the team member whose role you want to change, click the Open Menu icon in the Change Role column for that member, and select a new role from the list.

Note:

Only users who have the Admin role can grant the Admin role to another member..

You cannot change the role of the member who is the owner of a tenant. That user will always have the Admin role.

The owner of a tenant cannot transfer ownership of the tenant to another team member.

Remove a Team Member

If you have the Admin role in a tenant, you can remove a team member who no longer needs to access that tenant.

To remove a team member:

On the main menu, click Tenants.
You will see a list of all the Current Tenants you have access to, or for which you have pending invitations.
In the row for a tenant, click the Manage Access icon in the Actions column.
In the Current Members list for the tenant, find the team member whom you want to remove, and click the Delete icon in the Actions column.

Note:

You cannot remove the member who is the owner of a tenant.

Files Page

The Files page allows you to set up SFTP to upload files to an Amazon S3 bucket for later processing by any deployment within a tenant. For example, if you are using Health Connect Cloud or InterSystems IRIS Managed Cloud Service, you can use an FTP adapter in a production to send files between the S3 bucket and your Health Connect Cloud or InterSystems IRIS Managed Cloud Service deployment. Other InterSystems cloud services will offer support for this feature in the future.

You can also use this page to manage users who are authorized to use SFTP. If you want to use SFTP with a deployment’s productions, you can then upload your SFTP keys to the server.

Note:

If you see a message saying “File transfer is not enabled for this tenant,” contact us to get the SFTP feature enabled.

Set Up SFTP

Before you can use SFTP, you need to perform some one-time setup tasks on your tenant. If you have access to multiple tenants, make sure you are in the tenant for which you want to set up SFTP. If you are not, switch to that tenant.

To set up SFTP for your current tenant:

On the main menu, click Tenants, and then click Files.
At the top of the page, select the AWS region where your S3 bucket will be stored, and click Change Region.
In the S3 Storage section, Activate S3, if it is not already activated.
After activating S3 storage, it takes about a minute for the S3 bucket to become ready for use. The default setting for S3 storage is Deactivated, to prevent the consumption of unused cloud resources and to provide greater security.
In the SFTP Storage section, Enable SFTP, if it is not already enabled.
After enabling SFTP storage, it takes a few minutes for SFTP to become ready for use. The default setting for SFTP storage is Disabled, to prevent the consumption of unused cloud resources and to provide greater security.

You can change the region later by selecting a region and clicking Change Region. This is useful if you need to create an SFTP server in another region or if you need to manage the users in another region.

Note:

You can only manage the users of the region currently displayed on the screen.

You can use SFTP in multiple regions at the same time, not just the region that is currently displayed on the screen.

You cannot disable SFTP in a region if any users exist in that region, except for the admin user.

You cannot deactivate S3 in any region if SFTP is enabled in that region.

Manage File Transfer Users

After S3 storage is activated and SFTP is enabled, you need to create file transfer users on your tenant and specify the paths they are permitted to access. Paths correspond to folders and subfolders in your S3 bucket. One admin user is predefined, and that user has access to all folders that are created.

If you have access to multiple tenants, make sure you are in the tenant for which you want to create users. If you are not, switch to that tenant.

To create a user and assign paths to that user:

On the main menu, click Tenants, and then click Files.
In the File Transfer Users section, click Create User.
This creates a user with a random username.
In the Create User dialog box, in the Paths field, type a list of new or existing paths, separated by commas. You do not need to type the name of the bucket when specifying a path. This will be added for you.
If a path does not already exist, a folder corresponding to that path is created in your S3 bucket. A maximum number of 50 paths can be specified for each user.
In the Tag field, type a meaningful tag to identify the random username.
Click Submit.
The new user now appears in the list of users.

Creating a user also creates a private key. You will need to use this key to connect to the S3 bucket using SFTP or to use SFTP with a deployment’s productions. Download the key by clicking the Download Key icon in the Actions column for that user, and store it in a safe place.

To edit a user’s paths or tag, click the Edit icon in the Actions column for that user. The admin user cannot be edited.

To delete a user who no longer needs access to SFTP, click the Delete User icon in the Actions column for that user. The admin user cannot be deleted.

Note:

You can only manage the users in the region currently displayed on the screen. However, existing users in other regions can continue to use SFTP in those regions.

Use SFTP to Upload or Download Files

You can upload files to your S3 bucket by using SFTP from the command line or by using your favorite FTP client. To use either method, you must download the private key provided for you by clicking the Download Key icon in the Actions column for that user.

To upload a file from the command line, use the command shown in the SFTP Connection Instructions section of the page, as in the following example:

C:\uploads>sftp -i xyz-sftp-private-key.txt xyz@s-abc.server.transfer.us-east-1.amazonaws.com
Connected to s-abc.server.transfer.us-east-1.amazonaws.com.
sftp> pwd
Remote working directory: /
sftp> cd pqr-storage-bucket-us-east-1/myfolder
sftp> pwd
Remote working directory: /pqr-storage-bucket-us-east-1/myfolder
sftp> lcd filestoupload
sftp> put testfile.txt
Uploading testfile.txt to /pqr-storage-bucket-us-east-1/myfolder/testfile.txt
testfile.txt                                                  100% 1281KB   2.2MB/s   00:00
sftp> quit

This example assumes you have placed your private key in the directory C:\uploads on your computer. In this example, your generated username is xyz and the server name is s-abc.server.transfer.us-east-1.amazonaws.com. Substitute the actual values for the username and server name, as shown on the Files page in the Cloud Services Portal.

When you connect to the SFTP server, you are placed in the root directory. Change your remote working directory to the one of the directories in your path before uploading your files. (If you connect as the admin user, you can see all of the folders in the paths created in the S3 bucket for all of the users. However, an admin user comes in at the level of the bucket name, in the above example pqr-storage-bucket-us-east-1.)

Change your local directory to the location where your files to be uploaded are located (in this example, filestoupload), and upload them with the put command. In this example, the file testfile.txt is uploaded to the folder /pqr-storage-bucket-us-east-1/myfolder.

You can also use any of the other standard FTP commands, for example, get to download a file.

As mentioned earlier, you can also use an FTP client to interactively upload your files. Use your generated username and your private key to connect to the server.

Note:

If you encounter an error message like Permissions 0644 for 'xyz-sftp-private-key.txt' are too open, you must remove any permissions on your private key file for other users.

On Unix, set permissions using the chmod command, for example: chmod 400 xyz-sftp-private-key.txt.

On Windows, right-click your private key file, and on the Security page, click Advanced. Make sure you are the owner, and then remove permissions for all other users.

Upload SFTP Keys to a Server

If you plan to use SFTP with a deployment’s productions, you need to first upload your private and public keys to the server.

Download the private key you made when you created an file transfer user.
From your download directory, run the openssl command from the Unix command line (or from the Git bash prompt, if you have Git for Windows installed on a Windows PC) to generate a public key from the private key, as shown in the following example:
```
openssl rsa -in xyz-sftp-private-key.txt -pubout > xyz-sftp-public-key.txt
```
In this example, xyz is the name of the file transfer user. Substitute the name of your actual file transfer user.
Check the two key files in to your GitLab repository, for example, in the directory /ftp.
Edit the .gitlab-ci.yml fileOpens in a new tab at the root of your GitLab repository to add the following lines:
```
mkdir -p /connect/ftp
cp {$WORKING_DIR}/ftp/xyz-sftp-private-key.txt /connect/ftp/xyz-sftp-private-key.txt
cp {$WORKING_DIR}/ftp/xyz-sftp-public-key.txt /connect/ftp/xyz-sftp-public-key.txt
```
In this example, xyz is the name of the file transfer user. Substitute the name of your actual file transfer user.
When your CI/CD pipeline runs, it will create the directory /connect/ftp on your server, if it does not already exist, and copy your key files into the directory.

Use SFTP with Productions

After you have uploaded your SFTP keys, you can send files between the S3 bucket and your deployment’s productions.

For more information, see the documentation on each individual service:

Billing Page

For Health Connect Cloud users, the Billing page gives you a summary of the number of messages processed for a given month. The number of messages is broken down by deployment, and a total is given for all of your Health Connect Cloud deployments.

Use the Month and Year drop-down lists to view the statistics for any month, dating back to the time your first Health Connect Cloud deployment was created.

You can use these statistics along with the Cost Calculator to help gauge your Health Connect Cloud costs.

User Menu

The User menu at the top of the page contains the following options:

Account — Takes you to the Account page for your InterSystems Cloud Services account.
Documentation — Links to the main documentation page for all InterSystems Cloud Services.
Submit Feedback — Brings up a form you can use to submit feedback to InterSystems.
Do not use this form to submit support issues. If you need timely assistance, see Getting Help.
Logout — Allows you to log out of the Cloud Services Portal.

Account Page

The Account page lets you view and change the settings for your InterSystems Cloud Services account, such as:

Change the name and password for your account.
Add multi-factor authentication to your account to provide an extra layer of security to your username and password.
Using any the major authenticator app, add a new account, and then either scan the QR code shown on the Account Settings page or manually enter the TOTP (time-based one-time password) code. On the Account Settings screen, type a one-time password from your authenticator app, and click Enable MFA. You will now be prompted to enter a code from your authenticator app whenever you log in to your InterSystems Cloud Services account.

Automated Snapshots

InterSystems creates automated Amazon EBS snapshotsOpens in a new tab for all of your Health Connect Cloud, InterSystems IRIS Managed Cloud Service, and FHIR Server deployments on a regular basis. A snapshot is a backup of your data at a given point in time, created for safekeeping purposes.

Snapshots are taken for your deployments on the following schedule:

Daily — Every day at 05:03 UTC, retaining the most recent 6 snapshots
Weekly — Every Sunday at 05:43 UTC, retaining the most recent 3 snapshots
Monthly — The first day of every month at 05:23 UTC, retaining the most recent 11 snapshots
Yearly — Every January 1st at 05:43 UTC, retaining the most recent 11 snapshots

Note:

For Health Connect Cloud deployments that have a Message Bank configured, a snapshot is also created for the Message Bank.
Some settings, such as firewall rules or Connect Users (for Health Connect Cloud or InterSystems IRIS Managed Cloud Service) or OAuth2 users (for FHIR Server) are not stored within the deployment itself and are not affected by snapshot creation or snapshot restoration.
If you need to restore a snapshot for any reason, or if you have any questions about snapshots, contact InterSystems.

Getting Help

If you need additional assistance with the Cloud Services Portal or any of your InterSystems cloud services, please open a ticket with iServiceOpens in a new tab, the 24/7/365 support platform for InterSystems Cloud Services. If you do not yet have an iService account and are unable to register with iService directly, please email cloudsupport@intersystems.com or contact us by phoneOpens in a new tab.