This section provides information and instructions to support Clarity LIMS and administration tasks. Topics covered include

• Database Cleanup Procedure

• LDAP Integration

• Illumina Connected Software Platform Integration

If you require assistance with Clarity LIMS administration, contact the Illumina Support Team.

Saving passwords in encrypted format is recommended. Use the omxprops to do this action.

To encrypt a password:

Use the following command:

# java -jar /opt/gls/clarity/tools/propertytool/omxprops-ConfigTool.jar encryptPassword <password>

This command returns a text string resembling the following example:

RqHL5XpY0NStVRjd+BngRQ==  

To set an encrypted password:

Set the password by enclosing the text string in the ENC() wrapper.

Consider the following examples:

• When setting an encrypted password in a configuration file:\

• When using the property tool to set an encrypted password:\

• Using ENC() is not needed when setting the password in Automation Worker:\

If necessary, the Illumina Support team can provide a backup of your Clarity LIMS data. The data are contained in an encrypted file, which can be downloaded from a secure SFTP server.

Prerequisites

To receive the backup data file, provide the Illumina Support team with a GNU Privacy Guard (GPG) public key.

For instructions on generating a GPG public key, see the following documentation:

After initial user training, but before the lab starts to use Clarity LIMS in production, a database cleanup is recommended.

This process removes any projects, samples, workflows, protocols, steps, and other artifacts from the system that were created during training but are not needed for production.

Contact the Clarity LIMS Support team to schedule a time for this cleanup procedure.

Preparation

In preparation for the clean-up, complete the following steps:

You can configure an alias for the short and long, singular, and plural forms of the term Project, as displayed in the Clarity LIMS interface.

Configuration tool & properties

Renaming is achieved by configuring the following properties, using the omxprops-ConfigTool.jar tool at:

/opt/gls/clarity/tools/propertytool 

Properties

• clarity.alias.project.short.singular - The short term for "Project"

• clarity.alias.project.short.plural - The short term for "Projects"

• clarity.alias.project.full.singular - The full term for "Project"

• clarity.alias.project.full.plural - The full term for "Projects"

Rules for alias

• clarity.alias.project.short.singular—Maximum of eight characters.

• clarity.alias.project.short.plural—Maximum of nine characters.

• If multiple words are used, capitalize each word (eg, Test Requests).

• Short form singular and plural aliases are truncated to eight characters and nine characters respectively. An ellipsis is used to indicate truncation.

The Config Slicer tool is used to move small incremental configuration changes, contained in a configuration set, between Clarity LIMS systems. For example, it moves changes between a test system and a production system.

This configuration tool provides granular export/import functionality that allows the management of configurations that support experimental workflows.

Use this tool to back up, copy, deploy, and restore configuration sets. By making small incremental changes, make sure that the modifications made to the production system are minimal.

Review the following key concepts:

• Configuration set—This item may be created by the Illumina Support team or by the customer. It comprises the items (know as entities) that are added to a Clarity LIMS system to allow for customization for a particular scientific experiment or workflow. The Illumina NGS Extensions Package is a good example. See .

Turning Container Name Uniqueness ON

This constraint is set at the database level. Container Uniqueness can be turned ON by using the migrator tool, and running the optional migration step called "ContainerNameUniqueConstraints". This can be done by calling this command:

Notes:

• Of course, edit the migrator.properties file to ensure that the mode is set to "migrate" not just "validate".

If running Config Slicer v3.0.x against a configuration package or manifest file that was generated with a pre-3.0 version of Config Slicer, an error message displays.

Scenario 1: Out-of-Date Configuration Package

In this scenario the error message will resemble the following:

SOLUTION:

Upgrade the configuration package file by running upgrade-config-slice.jar against it.

Clarity LIMS provides the ability to configure a step such that it requires sign-off by electronic signature (eSignature) before it can be completed.

• Steps that have eSignature enabled display an eSignature enforcement button in the Record Details screen, and require valid eSignature credentials (username and password) to be entered.

• Next Steps cannot be viewed until these credentials have been entered with eSignature signing permission.

• Until the step has been completed, any changes made to the step will again require an eSignature sign off.

This section explains how to use the LDAP Checker tool a script (ldap-checker.jar) that checks and reports on an LDAP configuration. Instructions for use are also provided in the README.txt file that accompanies the tool.

The ldap-checker script is included with the Clarity LIMS installation and is available at the following location:

/opt/gls/clarity/tools/ldap-checker

The ldap-checker script performs numerous checks of the LDAP configuration and reports on any incorrect items found.

Script Properties

Point the script to one or more files containing (at a minimum) the database connection properties. Alternatively, set these properties from the command line.

If there is an API version mismatch, Config Slicer will log a message at the beginning of an import:

Generally, this message is not a cause for concern.

However, if there are warnings about configuration differences during the import, changes that have been made to the API in between the package version and the server version may be responsible.

In addition, if the package being imported is from v4.x, a log message may appear at the beginning of an import:

Detected package is from a pre-5.0 Clarity system. The package will be upgraded to match new configuration requirements.

In this case, the package is upgraded and the resulting configuration is output to a folder in the same location as the package being imported. This upgraded configuration package is the v5.x representation of the v4.x configuration and can be used directly to troubleshoot error occurring on import. The updated packaged can also be imported directly.

BaseSpace Clarity LIMS provides Audit Trail, a robust data-tracking system that allows you track:

• All user activity - i.e. who did what and when.

• Every action that is written to the database.

Audit Trail has two capture systems, Event Log and Detail Log.

• Event Log records familiar BaseSpace Clarity LIMS user actions, and presents this information in a format that is easy to read and understand.

• Detail Log records exacting information about the changes resulting from the actions recorded in the Event Log. This includes both the updated values and the previous values.

Enabling Audit Trail

All of the following steps are performed on the BaseSpace Clarity LIMS server.

With the exception of steps 1 and 8, all are performed as the glsjboss user.

1. Stop Tomcat - as the glsjboss user:

2. Access the property tool:

3. Enable Audit Trail:

4. Confirm the setting:

Validating Audit Trail

1. Log in to BaseSpace Clarity LIMS and make a change – for example, add a project, create a sample, add a custom field, etc. The exact change is not important. There must simply be a change to the activity or the configuration data since Audit Trail was last enabled.

2. Use psql (postgres) or SQL*Plus (Oracle) to query the main BaseSpace Clarity LIMS database (clarityDB) to verify whether rows are being written to the following two tables:

   • auditeventlog

Disabling Audit Trail

All of the following steps are performed on the BaseSpace Clarity LIMS server.

With the exception of steps 1 and 8, all are performed as the glsjboss user.

1. Stop Tomcat - as the glsjboss user:

2. Access the property tool:

3. Disable Audit Trail:

4. Confirm the setting:

If you use, or would like to use, an LDAP server to consolidate directory services, it is possible to integrate LDAP with Clarity LIMS.

The Clarity LIMS LDAP solution allows for the following features:

• User name and password authentication against LDAP to govern access to Clarity LIMS.

• Ongoing unidirectional synchronization of user information (such as first name, last name, title, phone, fax, and email) from LDAP to Clarity LIMS. For example, if your telephone number is changed in the LDAP directory, the information is pushed down to Clarity LIMS, keeping contact information current.

As of Clarity LIMS v6.3, it is possible to integrate with Illumina Connected Software Platform (ICP). This is available as part of Clarity LIMS Enterprise Software for hosted instances.

The Clarity LIMS ICP solution allows for the following features:

• Single Sign-On (SSO) authentication to Clarity LIMS and LabLink when you are already logged into Illumina Connected Software Platform.

• Unidirectional synchronization of user information (such as first name, last name and title) from Illumina Connected Software Platform to Clarity LIMS.

Create a Configuration Package File for Import to Another System (or for Backup Purposes)

Use a configuration package file to copy a configuration set from one server to another or to back up a particular working configuration at a particular time.

Required steps:

1. Create a configuration manifest file.

By default, Clarity LIMS allows duplicate sample names within the same project. If you would like to enforce sample name uniqueness within a project, you can do so.

Two scripts have been developed to support this requirement:

• SampleNamePerProjectUniqueConstraintStep: Apply this uniqueness constraint to enforce unique sample names within a project.

• CleanupDuplicatedSampleNamesPerProjectStep: Prior to running the uniqueness constraint, use this optional cleanup script to clean up a database that already contains duplicate sample names.

Both scripts are available via the clarity-migrator.jar tool.

Introduction

Clarity LIMS creates various log files to help with the resolution of issues. During support request investigation, the Support team may ask for the following types of log files:

• Automation Worker log file

Automation Worker log file

Automation Worker creates history and log files, and stores them on laboratory computers in the logs folder of the Automation Worker installation directory.

Windows

If Automation Worker is installed on a Windows machine using the program default, find the logs folder at the following location:

Linux

If Automation Worker is installed on a Linux server, find the \logs folder at the following location:

The following log files are available:

• wrapper.log - This log file outputs information on the starting, running, and stopping of the Automatic Informatics service.

• automatedinformatics.log - This log file outputs messages from installed plug-ins, such as automation commands and ADC directory scans.

To monitor the automatedinformatics.log:

• Log on to the server using the glsai user ID and run the following command:

If the Automation Worker is installed on a server other than the Clarity LIMS server, use the appropriate user credentials.

Browser HTML and JavaScript Logging

In the web browser, if the LIMS interface does not display items/elements correctly, provide the information and error messages to the Illumina Support team.

Instructions for finding error messages within the browser console are described in the following sections.

Google Chrome

To Start the Chrome Console:

1. Right-click on an element in the browser and select 'inspect element.'

   A sub window opens below the main window in Chrome, showing the source HTML.

2. Select the Console tab, and reload the troublesome page - any JavaScript errors will be reported there. Include these errors in the Support Request ticket.

NOTE: Between stages in a protocol step you may see errors of the following type:

Such messages are expected. This is the EPP trigger checking that there is no EPP transition to fire on the page change. (This can be annoying for debug purposes, but feel free to include these in the Support Request ticket.)

To Get the JavaScript version:

1. Open up the Console as described in the previous section.

2. Go to the Network tab.

3. Select 'scripts' from the options listed at the bottom of the tab.

   A script named isis-all.js?v=XXXXX displays.

4. Determine the version build number. (In the previous example, XXXXX represents the version build number).

FireFox

To Start the FireFox Console:

1. Right-click on an element in the browser and select 'inspect element.'

   A sub window opens below the main window in Firefox, showing the source HTML

2. Select the Console tab, and reload the troublesome page - any JavaScript errors will be reported there. Include these errors in the Support Request ticket.

NOTE: Between stages in a protocol step you may see errors of the following type:

Such messages are expected. This is the EPP trigger checking that there is no EPP transition to fire on the page change. (This can be annoying for debug purposes, but feel free to include these in the Support Request ticket.)

To Get the JavaScript version:

1. Open up the Console as described in the previous section.

2. In the Filter options Search box and type 'isis'.

   A script named isis-all.js?v=XXXXX appears.

3. Hover over this script with your mouse to find the V (version) build number.

Using Log Files for Troubleshooting Purposes

If you are experiencing problems and need to submit a support request, use the following guidelines to determine which log files to send to the Illumina Support team:

• basespace-lims-*.log: Include if experiencing slowness in the application. (Default path: /opt/gls/clarity/tomcat/current/logs/)

• automatedinformatics.log: Include if you are experiencing problems with an integration or if a process using an EPP string does not work as expected. (Default path: /opt/gls/clarity/automation_worker/)

• wrapper.log: Include if the Automation Worker is unable to start (rarely needed).

Use the following steps to help troubleshoot the installed Automation Worker framework. A flowchart is provided as a reference.

Flowchart Reference

All Clarity LIMS installations include the installation of a separate component known as an Automation Worker (AW) node (formerly known as Automated Informatics (AI) node).

When writing automation-based triggers, the code invoked by an automation runs on the AW node.

While the AW node is a critical component, it typically does not require much attention. However, there are many other options that must be considered. These options include how many AW nodes a Clarity LIMS system uses, and where they are placed. This section discusses some of these options.

Automation Worker Nodes and Remote Computing

The AW node is installed adjacent to the Clarity LIMS application. Its original purpose was to enable remote computing.

To illustrate these features, assume that a need requires Clarity LIMS to produce a file in a specific location. The file is then processed and an action occurs.

A good example is label printing via the BarTender application. The BarTender application picks up the new file, associates it with a printer and a template, and causes a label to be printed.

The infrastructure for this file storage and processing likely occurs on a separate server from the one that contains the Clarity LIMS application and the AW node.

The Clarity LIMS application invokes the command to create the file on the AW node. After the file is in the file store, it is processed by the file processing application.

How does the AW node get the file to the file store, even if it is on a different server and possibly on a different network? The solution is to install an AW node on the external server.

The addition of the second AW node, which is local to the external server but remote as far as Clarity LIMS is concerned, provides a solution to the problem. This demonstrates how AW nodes can support remote computing..

1. Clarity LIMS invokes the production of the file via the remote AW node.

2. The remote AW node copies the file to the local file store.

3. The file processing application processes the file.

Automation Worker Properties

An AW node is a Java-based application and can run on most PCs/servers.

• The AW node and the Clarity LIMS application must be able to communicate through networking firewalls.

• When the Clarity LIMS application has the choice of sending the task to multiple AW nodes, the channel name property is used to determine which one receives the job. For example, the AW node installed on the Clarity LIMS server has the default channel name of limsserver. This is why you must specify the limsserver value when defining an automation command.

• When defining the automation, the following two items are defined:

Automation Workers in the Cloud

Consider the AW node that is installed on the Clarity LIMS server for a cloud-based implementation.

Although cloud-based Clarity LIMS servers contain an AW node, the best practice is not to run your code on it.

Why not? It is a question of security policies for both Illumina and our cloud-hosting provider. If we provide customers with command-line access to the AW node, we are allowing them command-line access to the Clarity LIMS server and, as a consequence, the Clarity LIMS application itself. If using Clarity LIMS in a clinical environment, this makes it more difficult to pass security and access audits.

If the Clarity LIMS instance is cloud-hosted, and you need to run custom code via an AW node, there is a solution.

You could install an AW node on your local architecture and have it interact seamlessly with Clarity LIMS, as illustrated in Figure 1. You can control access to the remote AW node, the infrastructure of the Clarity LIMS server is safely hidden behind firewalls, and security policies remain intact.

However, for some customers, part of the attraction of a cloud-based system is not having to maintain mission-critical hardware. To address this, we can offer an external AW node that does not live on local hardware but is also in the cloud.

Thus, we can provide an external AW node that lives on a separate machine, known as the Automation Worker host. This Software-as-a-Service (SaaS) model gives access to only those parts of the system that require it. You can access the Automation Worker host, and its AW node can interact with Clarity LIMS. However, you cannot access the Clarity LIMS server.

Because the AW node is running on a separate machine to the Clarity LIMS server, it needs its own copy of the toolkit JAR files. For some, this feature has an additional bonus in that the Automation Worker host hardware supports Python 3 for scripting.

For customers who are cloud-based and need a true local AW node, this is not a problem. They can have an AW node in the Automation Worker host and as many local AW nodes as needed. Place them wherever they are needed.

Automation Worker Node on Windows Server

In Clarity LIMS v5.4 and later, you can install the Automation Worker Node onto the Windows server. Before you begin the installation, make sure that you have met the following requirements:

• The clarity-aiinstaller-x-deployment-bundle.zip file must be retrieved from the server where Clarity LIMS is installed. You can find this file at /opt/gls/clarity/config/.templates/automation_worker/.

• For Windows 10 users, the command prompt must be specified in the Automation command line (eg, cmd.exe / c echo 'Hello World').

• If VISTA-SETUP.bat does not display in the installation window after Run as Administrator is selected, start the installation window as follows.

Install the Automated Worker Node as follows.

1. Copy the SecretUtil deployment bundle ZIP file to the remote Automation Worker node.

2. Extract the contents of the ZIP file to a folder named secretutil. You can add this folder to C:\opt\gls\clarity\tools or another location you choose.

3. Edit vault.properties of the file in the conf folder to update application.mode to file.

4. Make sure that the following System Environment Variables are set:

Command-line Options and Usage

Refer to Import/Export Mode and Guidelines and Semantics for Creating Manifest Files.

* The importAndOverwrite option lets Config Slicer update existing configuration, rather than create new configuration.

Usage

EXPORT: Creating a configuration package file

Prerequisites

• Created and validate a configuration set on the source server.

• Have access to the Config Slicer tool and the libs subdirectory.

Step 1: Create configuration manifest file

Create Simple manifest file or Custom manifest file.

Simple manifest file:

1. On the source server, copy and paste following code to the command line. Edit the variables (version, server IP address, username, password, and manifest file name) to match those in your system.

   A command with the variables filled in might look like this:

2. This step produces a manifest file containing information about the entire system configuration. For best practice, copy this file and rename the copy in a way that reflects the configuration (we'll use newconfiguration.txt for this example). Use the copied file for the next steps.

A manifest file is used as an intermediary step to produce an XML configuration package file.

The manifest file is only relevant to the data that exists in the system at the time it is created. Discard it after creating the configuration package file or save the manifest file for historical auditing purposes. It can provide a record of a known working configuration set on a particular system.

Custom manifest file:

To create a manifest file for only specific workflows, protocols, or process types, follow the steps outlined previously, using -o custom instead of -o example.

• When using this operation provide additional parameters (-w, -pr, and/or -pt) specify the exact entities for which to create a manifest.

  For example:

• Specifying every option is not required. It is also possible to specify more than one of each kind. For example, create a manifest file for a workflow with the following command:

• Or for two protocols like so:

Step 2: Edit Manifest File

The next step is to edit the manifest file, removing unnecessary information and preserving only the custom configuration to import into the destination system.

Example 1: In this example, everything is deleted from the manifest file, except for the two new process types to export.

Example 2: In this example, the manifest file contains definitions for some new reagent types:

Step 3: Export to XML Configuration Package File

• Copy and paste the following code onto the command line. Edit the variables (version, server IP address, username, password, and manifest and package file names) as required.

• An edited command might look like the following example:

This step generates a data file in an XML format (newconfiguration.xml in our example) that is compliant with the Rapid Scripting API.

IMPORT: Installing a Configuration Package File

Prerequisites

• A configuration package file has been exported. This example uses a file named newconfiguration.xml.

• Access to the Config Slicer tool on the destination server has been granted.

• There are no in progress steps for any of the protocols that are going to be sliced in, otherwise the import of the protocol fails.

Step 1: Import Configuration Package File

• On the destination server, copy and paste the following code to the command line. Edit the variables (version, package file name, server IP address, username, and password) as required.

• A command with the variables filled in might look like this:

About duplicate entities

If any of the configuration entities that are about to import, exist in the destination system, Config Slicer either logs a warning or attempts to update them. It depends on the mode being run (see ).

If Clarity LIMS has maintained an internal record of deleted items, the previous information may also apply to deleted entities. This situation may occur if those entities have created outputs that currently still exist in the system.

• When running in import mode, entities that exist and are different from the version in the package have a warning and full diff logged.

• When running in importAndOverwrite mode, Config Slicer attempts to update entities that exist and are different from the version in the package.

  • In this scenario, back up configuration package containing copies of the updated entities before they were changed is saved to the directory where the configuration package is located. If that directory is not writable, the backup package is saved to the same directory as the log file.

To avoid changing existing configuration (which could possibly break historical data), another option is manually renaming the old entities. Add an extension or a prefix and continue with importing the new configuration package.

Step 2: Validate the import

Use the following methods to validate whether an import has completed successfully:

Check the Import Log:

For each specific type of configuration that is being imported (e.g. container types, process types, workflows), Config Slicer will log a set of messages. The messages look similar to the following examples:

• Before it begins to process a specific entity, the file logs how many entities were found. Any errors or warnings about this set of entities always appear between Found 4 $Entities and Summary of $Entities.

• Every entity that is found in the configuration package always appears in the summary, in one category or another. If a scenario occurs where this isn't true, or where the initial count of entities does not match the number in the summary, something has gone wrong and a bug report should be filed.

Validate with Config Slicer:

Running Config Slicer with the validate operation checks every entity in the package to see if it exists on the destination server. It reports results in a format similar to the log format shown previously.

Run the validate operation before or after importing:

• Before importing—checks if there could be any problems when importing a configuration from a package. This feature is its primary use as it makes sure that during import, "configuration exists in package but not on server" is not considered an error case.

• After importing—makes sure that the results are what was expected.

Example of validate output:

Check Configuration on the Destination Server:

The ultimate test of whether configuration has imported successfully is to check the configuration on the destination server itself. Make sure it looks and behaves as expected.

Configuration can be checked either via the Configuration screen in the Clarity LIMS user interface, or via the configuration endpoints in the API.

Guidelines and Semantics for Creating Manifest Files

Top-level entities

• To be included in a configuration package file, the top-level entities of the custom configuration set must be explicitly enumerated.

• Some of the top-level entities are discrete 'self-contained' units, and do not include other units (for example, container types, reagent types, artifact groups, and non-artifact/non-process type UDFs).

• Some top-level entities (process types, for example) automatically include other units (refer to for more information).

• For process types, only configured processes, vanilla Transfer processes, Pool Samples (since 7.5), and Add Multiple Reagents (since 7.6) processes are supported. All process type details are exportable/importable.

Non-Top-Level Entities

• Some entities are only included as part of other entities.

  For example, process templates, process type UDFs, and artifact UDFs are only included when included in a top-level process type. (The latter is a special case, given that the same artifact UDF can be used by multiple process types.)

Required Entities

• Some entities may be required by other entities. In these cases, make sure that these entities are exported/imported in the correct order.

  For example, because process types may require the existence of a container type, create the container type first.

• Required entities are not automatically included. If they do not exist in the destination system, explicitly include them in the manifest file.

  For example, suppose that a process type declares a particular container type as a default output plate. If that container type does not exist in the destination system, include that container type in the manifest file.

Import/Export Mode

Import modes affect the transactability of the tool, allowing it to make incremental changes if errors occur or provide an all-or-none option. For example, use the operation validate mode to determine if errors were encountered.

Best-Effort Mode

• This is the default import mode.

• This mode attempts to import as many units as possible. Any failures are logged, but the import operation is not interrupted.

  • For example, a failing container type import will not prevent other container types from being processed.

  • Similarly, if a process type fails import because it already exists, any UDFs and process templates for that process type will still be processed.

Strict Mode

• If this mode is used, the import operation is aborted if it encounters a failure.

  • For example, if there is an API version mismatch, the operation will abort and no further imports will be executed. Note that any changes already performed are not reverted.

• Use the -Strict option to enable this import mode.

Validate Mode

Use the validate operation (instead of import) to enable this mode.

This mode produces a report listing showing the following items:

• Entities that would be successfully imported because they do not exist on the target server.

• Entities that already exist on the target server and are identical.

• Entities that already exist on the target server but are different.

Validate mode can only detect a limited set of errors. For example, it can check if a particular piece of configuration already exists. If so, it checks if it is identical to the one included in the configuration package.

This information can help determine if the importAndOverwrite option is needed instead. For details, see .

Example of console output:

Example Mode

• Use this mode to generate a manifest file if the configuration you want to export is not tied to a specific set of workflows, protocols, or process types.

• Use the example operation (instead of import) to enable this mode.

This article provides best practice recommendations and guidelines for the following procedures:

• Backing up and restoring the BaseSpace Clarity LIMS database

• Creating an archive of the Audit Trail database (for details on this feature, see the Enabling, Validating and Disabling Audit Trail), including performing a 'vacuum and analyze' database maintenance task to reclaim space and optimize performance.

Note that BaseSpace Clarity LIMS works with a variety of industry-standard operating systems and databases, and leverages their inherent file management systems. You should follow the guidelines that best meet the needs of your specific environment.

Assumptions

• The user performing the procedures described below must:

  • Be a Linux administrator who can create and restore database backups and associated file system backups, using standard Linux tools.

  • Know how to start and stop BaseSpace Clarity LIMS and its installed services.

  • Have access to the source and destination servers.

Recommendations

Database backup process

Your database backup process will depend on the size of your installation, your hardware environment, and how much data your laboratory processes. However, we recommend that you:

• Perform a full backup of the BaseSpace Clarity LIMS database at least once per week, and configure the database server to use archived logging.

• Perform a full backup of the BaseSpace Clarity LIMS file system at least once per week, and perform incremental backups daily.

• Use a file storage solution that has fail-over capabilities. For example, a RAID array.

You do not need to back up any other BaseSpace Clarity LIMS-specific data. The LIMS does not modify files once imported into the system and configuration information is stored in the database.

Incremental backups

An incremental backup is a recovery log (or redo log) that records database changes. Once configured, the relational database management system automatically updates the logs.

When performing incremental backups, there are a number of backup strategies and configurations, including the archival of recovery logs, which will depend on your environment. Your database administrator should establish a robust backup process that suits your organization’s environment and follows the database vendor’s administrative guidelines.

To improve performance and reduce risk, we recommend that you segregate the recovery logs onto a physical disk channel or device separate from where you store the data.

Audit Trail archive process

For best performance and to mitigate potential maintenance issues associated with disk space and large database size, it is recommended that you periodically archive the Audit Trail database. The frequency of performing this operation will differ depending on regulatory requirements.

Backing up the Basespace Clarity LIMS Database

1. Creating the backup copy

The following steps should be executed by the root user, on the source server.

To create the backup copy on the source server:

1. Print a list of BaseSpace Clarity LIMS installed components and note the version numbers (the version number should match the version of the LIMS previously installed):

   For example:

2. Create an export of the database that can be restored on the destination system.

3. Archive the customextensions directory: /opt/gls/clarity/customextensions

2. Transferring the archives to the destination server

Once the archives have been created, you can transfer them to the destination server.

3. Restoring the copy

Execute the following steps on the destination server.

To restore the copy on the destination server:

1. Make sure the BaseSpace Clarity LIMS repository file exists in /etc/yum.repos.d/

2. As the root user, install the components listed in file.txt.

3. Configure and validate the destination system, following the procedure outlined in . 4. Stop the application server stack:

1. Restore the database exported from the source server.

2. Restore the archives created.

3. As the glsjboss user, update configuration for external interface points (api, glsftp):

4. As the glsjboss user, manually migrate the database forward:

4. Possible scenarios

After restoring a system, the following scenarios may apply:

• The database and file system are from the same point in time

• The database is newer than the file system

• The file system is newer than the database

When the file system and database are from the same point in time

When you have synchronized file system and database backups, the system has maintained its integrity and no further action is required.

When the database is newer than the file system

When the file system backup is older than the database backup, files referenced in the database may no longer exist in the file system.

For example, suppose you have a database backup from 10am and a file system backup from 8am. To update the database, roll back the database and manually re-import the files into BaseSpace Clarity LIMS from their source locations.

To roll back and update the database:

1. Roll back the file system to the point of the last backup. In the example above, this is 8am.

2. In the current database, select all the files whose creation date is after the last backup of the file system. This finds all the files imported into the database that will not be in the file system backup. In the example above, these are the files created between 8am and 10am.

3. For each of the missing files found in step 2, find and record the associated LIMS projects, samples, and processes.

4. Roll back the database to the time of the last file system backup. In the example above, this is earlier than 8am.

Finding missing files

It can sometimes be difficult to find missing files as there may be no way to recover them from their source locations (such as instrument computers).

In this case, we recommend that you retain database entries for the missing files. This will display an error message notifying the user when they try to retrieve the file in the LIMS, yet it will not affect the operation of the system.

If the files are present in their source locations, and you use the Automated Informatics Automatic Data Capture (ADC) plug-in, you can reset the ADC to re-capture the files and reference them in the database automatically.

To do this, delete the corresponding entries from the file transfer log file stored in the logs folder of the instrument’s ADC installation.

When the file system is newer than the database

When the database backup is older than the file system backup, files residing in the file system may not be referenced in the database. To update the database, you'll need to manually re-import the files into the LIMS.

To update the database:

1. In the file system, search for files created after the last database backup.

2. In BaseSpace Clarity LIMS, re-import the files into the applicable projects.

It is sometimes difficult to determine the location(s) in which to re-import files in the LIMS. You can manually check for files created by processes that ran during the outage, but ultimately, there is no easy way to do this.

Archiving the Audit Trail Database

The Audit Trail Archiver tool archives the audit tables from a given date, saves them to a file, and remove those records from the Audit Trail database.

For instructions on using the tool, see the article in the Audit Trail section.

Rules & constraints

• The tool currently only supports Postgres databases. Oracle is not supported at this time.

• The tool prompts for a Postgres superuser as the depends upon it

• When archiving audit data that was created in a version of the LIMS prior to version 4.1, the tool will temporarily disable the audit trigger on the loginaudit table. This prevents the loginaudit delete operations performed by the tool being included in the auditchangelog. Once the deletes have been performed, the trigger is re-enabled.

Arguments

Running the Archiver tool

Follow the steps below to create the Audit Trail archive. Once you have successfully created the archive, perform a vacuuming and analyzing database maintenance task to reclaim database space and optimize performance.

To create the Audit Trail database archive:

1. Run the Audit Trail Archiver tool using the following command:

1. A warning message displays:

1. An answer of anything other than Y or Yes (case does not matter) will abort the tool.

2. All audit entries in the loginaudit, auditeventlog, and auditchangelog tables older than the supplied date are archived to a zip file.

   • The file contains comma-separated values (CSV) files of exported audit table data.

• The name of the generated zip file will be: ClarityAuditTrailArchive_before2016-12-31_generated2017-01-15-213246.zip

• After the archive is complete and records have been deleted, an audit entry is added to the auditeventlog. The message entry in the auditeventlog indicates where the archive was generated. For example:

Example output

The Audit Trail Archiver tool does not produce a log file. All output is directed to stdout and stderr. An example output is shown below:

Error conditions

The Archiver tool will exit with a -1 return code and an informative message for the following error conditions:

• One or more of the required arguments are not specified

• Invalid date format provided for the -date argument

• No servers found in the tenant lookup database<

• Multiple servers found, but the -F argument was not supplied

Vacuuming and analyzing the database

After completing an Audit Trail archive, you can use the vacuumdb operation described below to vacuum and analyze the database. This operation will reclaim space and optimize performance.

Before running the vacuumdb operation, please note the following:

• The steps below are provided for illustration purposes only and assume a Software as a Service (SaaS) installation.

• Paths shown assume a SaaS installation. In a typical on-premise installation, replace **/opt/gls/pgsql/**paths with /var/lib/pgsql/ However, note that this path may be changed. Confirm the correct path for your system.

• Other options may vary depending on your Postgres version and database setup.

To vacuum and analyze the database:

1. Check the database size on disk:

2. Stop BaseSpace Clarity LIMS, BaseSpace Clarity LIMS Reporting (if applicable), and all sequencing services (if applicable).

3. Restart PostgreSQL to drop any remaining connections to the database.

4. Run the vacuum command with Full (-f) and Analyze (-z) options in verbose (-v) mode:

Re-importing archived data

You can import archived data back into a database using the Postgres COPY command.

To re-import data:

1. Unzip the archive.

2. Run the COPY command in Postgres for each archived table. For example:

The System Settings screen allows for viewing and managing of certain operations: Clarity LIMS system configurations, log files export and whitelisting, that are previously possible only through using SSH command or CLI scripts.

System Settings screen

To access the System Settings screen, the SystemSettings:action permission is required. Without this permission, the System Settings is not visible.

By default, only the administrator role has the SystemSettings:action permission. For more on user roles and permissions, see User Roles and Configured Role-Based Permissions.

Access the SystemSettings Screen

In Clarity LIMS, select System Settings on the top right menu bar to access the screen. Use this screen to do the create and manage the following:

Applications Properties

Applications Properties allows for management of Clarity LIMS system configuration that is stored in the database.

You may view, create, modify, delete application properties.

Banner

Banner allows for management of custom announcement in Clarity LIMS. This banner shows up at the top of Clarity LMS page for all users when configured.

Export Logs

You can use Export Logs to retrieve the following log file generated by the various Clarity LIMS services for debugging purposes.

• Automation Worker

• Tomcat UI

• Tomcat API

• Elasticsearch

To Export Logs:

1. On the system settings screen, select the Export Logs tab.

2. Select the log to be exported.

3. Select Export.

Global Tokens

Global Tokens setting allows you to create and manage a list of user-defined tokens to be used in automations.

The following list of tokens is provided by default and cannot be deleted:

• {java}

IP Whitelisting

IP Whitelisting allows you to request for access to specific ports from the whitelisted IP.

You can request for access to the following three access types:

• Clarity Access Type: Port 80, 443

• SSH Access Type: Port 22

• Database Access Type: Port 5432

NOTE: For Database Access Type request, PostgreSQL config file (pg_hba.conf) need to be updated to allow the access to the database, in addition to submitting an IP whitelisting request. Contact Illumina Support Team to request for the read-only access credentials.

An IP whitelisting request will takes less than 30min to complete on the server. If there are other pending IP requests in the server (eg, N number of requesting), the time to complete the new request should be less than (N + 1) * 15 * 2 minutes.

Example

1 new IP whitelist request on a system with 5 pending IP whitelist requests will take less than 180 minutes to complete.

IP Whitelisting Status

The status of an IP whitelisting may be Requesting, Active, Failed, Delisting, Delist Failed or Archived. You can view and manage the list of IP requests records in IP Requests area.

The following table provides an overview of each IP request status:

NOTE: IP addresses with Failed status will be removed from IP Request table after 30 days.

Roles and Permissions management

Roles and Permissions management that allows you to create, modify, and delete roles and the associated permissions to a role.

SSH Request

SSH Request that allows you to request for SSH access via user public key.

SSH Request Status

The status of SSH Request may be Requesting, Active, Request Failed, or Archived. You can view and manage the list of SSH request records in SSH Listings area.

The following table provides an overview of each SSH request status:

NOTE: SSH access with Request Failed and Archived status will be removed from SSH listing table after 30 days.