Appliance System Requirements and Guidance

Review the following before you begin.

System Requirements

System requirements vary by the appliance generation. For appliance system requirements, see Imprivata OneSign Supported Components in the Imprivata Environment Reference.

The release introduction history of supported appliances is: 

• Imprivata OneSign 7.11 and later releases require G4 (fourth generation) appliances.

• Imprivata OneSign 7.10 introduced the General Availability (GA) release of the G4 appliance to all customers, including for G3 or G2 enterprise migrations to G4.

  Imprivata OneSign 7.10, 7.9, and 7.8 support either G3 or G4 appliances, but not both G3 and G4 appliances on the same enterprise.

• Imprivata OneSign 7.8 introduced the Controlled Availability (CA) release of the G4 appliance to select customers or on request. 

• All maintained releases of Imprivata OneSign, up to 7.10, require G3 appliances.

Unsupported

The following virtual appliance configurations are not supported:

• The cloning of appliance virtual machines is not supported.

• Infrastructure-level snapshots of appliance virtual machines are not supported.

Considerations for Storage Level RAID Protection

While most customers will want to use RAID 5, Imprivata recommends RAID 1+0 or RAID 10 for any appliances that are experiencing a challenge with throughput, especially G4 database appliances.

Number of Appliances to Deploy

G4 Appliances

The number of appliances appropriate for a G4 enterprise depends on many factors, including user counts, authentication methods, and other issues.

First, consider the two G4 appliance types and the limits on their numbers per enterprise:

• Database appliances host the databases, perform database replication, service endpoint agent requests, and contain all audit data.

  • Enforced maximum of two database appliances per enterprise.

  • The first two appliances configured are always database appliances.

• Service appliances exclusively service endpoint agent requests.

  • Recommended maximum of four service appliances per enterprise.

• Recommended maximum of six total appliances per enterprise. Adding more appliances beyond six typically does not yield performance improvements.

• No audit appliances.

For G4 appliances, Imprivata recommends three standard deployment options: two-, four-, and six-appliance enterprises. The two-appliance enterprise offers three different CPU and RAM configuration options for scale.

Recommended Options	2 Appliance Enterprise			4 Appliance Enterprise	6 Appliance Enterprise
Database appliances	2	2	2	2	2
CPUs per appliance	4	8	8	8	8
RAM (GB) per appliance	8	16	32	16	16
Service appliances				2	4
CPUs per appliance				2	2
RAM (GB) per appliance				8	8
Total appliance CPUs in enterprise	8	16	16	20	24
Total appliance RAM in enterprise	16	32	64	48	64
Number of user sessions supported (in optimal conditions)	22,000 to 28,000	28,000 to 36,500	36,500 to 47,500	47,500 to 62,000	62,000 to 80,000+

• The base two-appliance G4 enterprise, having 4 CPUs and 8 GB RAM per appliance, totaling 8 CPUs and 16 GB RAM for the enterprise, can be equated to a base two-appliance G3 enterprise that can accommodate 22,000 to 28,000 user sessions.

  Each additional column or step in the G4 table above yields approximately a 30% improvement in throughput.

• Odd numbers of appliances are recommended only when migrating from a G3 or G2 enterprise to a G4 enterprise, when the original enterprise has an odd number of appliances.

  • Migrations require the same number of G4 appliances in your new G4 enterprise as you have in your existing G3 or G2 enterprise, to support the enterprise export from G3 or G2 and import into G4.

  • For a migration with an odd number of appliances, after you transition your G4 enterprise to production, Imprivata recommends that you transition to a standard deployment configuration.

• Selecting an optimal enterprise configuration depends on knowing your total number of users and endpoints in your environment, usage patterns to identify peak activity periods, and disaster recovery needs that may stretch the topologies and halve the resources for active/active type setups.

  There are many factors that affect performance including authentication types, multi-factor authentication methods, EPCS (electronic prescription of controlled substances) workflows, underlying hardware options for hosting the virtual machines that host the appliances, underlying network topology, and more.

  Newer high performing systems may yield better throughputs, and conversely older systems may yield poorer performance.

• For customers with active G3 enterprises larger than two appliances, the rule of thumb is to first count the total number of CPUs in your current deployment. Then in the G4 table above, in row Total appliance CPUs in enterprise, find a G4 configuration with a matching CPU count.

G3 Appliances

The number of appliances appropriate for a G3 (third generation) enterprise depends on numerous factors, including user session counts, authentication methods, network topology, site configuration, and failover requirements.

• In general, using the fewest appliances necessary to meet these requirements is optimal.

• Only add appliances for redundancy or disaster recovery.

• Before adding appliances to the enterprise, consider scaling up by adding cores to the appliance beyond the preset two cores.

• The maximum number of cores per appliance is eight (8).

• Include audit appliances in the active mix of appliances servicing authentication requests.

• Approximately 11,000 to 14,000 user sessions can be supported per appliance, depending on workflows.

Examples

• For 22,000 to 28,000 user sessions, use an enterprise of two appliances, with two cores each.

• For 28,000 to 48,000 user sessions, use an enterprise of two to three appliance, with four cores each.

• For 48,000 to 100,000 user sessions, use an enterprise with three appliances, with four to eight cores each.

Network Services Configuration

The Imprivata appliance supports the initial assignment of the following:

• IP address, subnet mask, and default gateway.

• DNS servers.

• NTP servers from the NTP Pool Project.

IP Address and Default Gateway Configuration

As part of the initialization process, an IP address, subnet, and default gateway are initially assigned.

This is achieved using either DHCP, if enabled in your environment, or later using the Imprivata Appliance Console when adding the appliance to a network. If required, you can change the settings using one of the following:

• The Imprivata Appliance Console before running the Imprivata appliance configuration (setup) wizard.

• The Imprivata Appliance Console (https://<appliance IP address>:81/) after completing the appliance configuration (setup) wizard.

DNS Server Configuration

As part of the initialization process, up to three DNS servers are initially assigned.

• This is achieved using either DHCP, if enabled in your environment, or using the Imprivata Appliance Console.

• If required, the appliance configuration (setup) wizard lets you change these settings as part of the initial setup of the network services. Additionally, after the appliance has been added to the enterprise, you can use the Imprivata Appliance Console (Network > Name Resolution) to update them.

NTP Server Configuration

As part of the initialization process, the following servers from the North American pool are configured by default:

• 0.north-america.pool.ntp.org

• 1.north-america.pool.ntp.org

• 2.north-america.pool.ntp.org

If required, the appliance configuration wizard lets you change these settings as part of the initial setup of the network services. Additionally, after the appliance has been added to the enterprise, you can use the Imprivata Appliance Console (Network > NTP) to update them.