Connected Insights - Local software performs a daily backup of database and variant data to the mounted external storage configured at the time of installation. This backup data is saved to /mnt/<ici_mount_path>/ici_<ServerFullyQualifiedDomainName> or /mnt/<ici_mount_path>/ici_<IPAddressInCaseOfStaticConfiguration>. The backup data can contain up to 5 days of information, including database and variant data exports.
The data backup process saves backup data when there is a difference between the previous successful backup and the current state of the application. If the application state has changed from the previous backup and new cases were processed, but no new backup directory was created for the following day, run the following command to generate a manual backup manually:
kubectl create job --from cronjob/elasticsearch-dbbackup esdb-test -n ici && kubectl create job --from cronjob/postgres-dbbackup pgdb-test -n ici
If there is a system failure, contact Illumina Technical Support to recover the system using the backup data.
The Storage Drives page allows you to configure the mounted external storage drive. It also displays the current disk space availability on the DRAGEN server v4 (/staging) and external storage drives and access is restricted to users with Administrator role. To view this page, login to application, click your username in the top right of any page, select Administration Console, then Storage Drives.
Connected Insights - Local software uses DRAGEN server v4 local storage /staging to store resource files and databases required to process and display case results. The resource files are stored at following locations:
/staging/ici
/staging/ici_temp
/staging/cms
/staging/sw_temp
Connected Insights - Local software uses an external storage drive directory to read the secondary analysis output data and to write analysis output data and backup files.
Configuring the external storage drive is an essential, one-time step setup during the initial installation process. Case ingestion will be blocked until external storage is configured. Below are the minimum requirements of the external storage which shall be mounted on the DRAGEN server v4:
Required: Configuration with CIFS/SMB or NFS protocols only.
Recommended: Use NFS v4.0 or CIFS/SMB v3.1 or higher versions for data security. Illumina also recommends an encrypted data storage drive to safeguard your data.
Required: 100 gigabytes (GB) of available storage space.
Add External Storage configuration
âť— Instructions in this section can only be performed after mounting an external storage drive directory to the DRAGEN server v4. You must also know the UID and GID of a user with read and write access in that directory. For instructions on mounting and finding the UID and GID, see section Get the UID:GID.
To configure external storage drive access, refer to below instructions:
From any page, click your username in the top right, select Administration Console, then External storage.
Click Add under the External storage section.
Provide the external storage mounted path, UID and GID of the user who has read write access to the external storage.
Edit External Storage configuration
Illumina Local Installer software allows you to only change the UID and GID of mounted external storage drive. The mounted storage path cannot be changed or altered.
âť— It is not recommended to use this feature frequently as it impacts the existing data permissions generated by the application. This is because editing the current UID/GID will modify the permission of the existing data to the new UID/GID. Before performing this action, review the instructions on mounting with the new UID and GID under Get the UID:GID.
To edit the existing storage drive UID and GID configuration, refer to below instructions:
From any page, click your username in the top right, select Administration Console, then Storage Drives. The Administration Console page is only accessible by Connected Insights - Local software users with an Administration role.
Click Edit under the existing External storage section.
Provide the UID and GID of the user with read write access to the external storage.
The application checks for the condition below and saves the settings only when the validations are successful:
The provided UID and GID are valid and that user has permission to the read and write in the mounted external storage drive.
Storage Drive Notifications
Connected Insights - Local software displays the following error notifications and to prevent you from using one or more features when the following conditions are met:
When the configured storage drive is inaccessible, the following notification appears in the Cases, Overview, and Storage Drives pages. New case ingestion is blocked.
External storage drive is not accessible. Data Upload, variant details, reports and visualization feature will not be available
To ingest a new case, it is required to have a minimum of 50 GB free space on the external storage drive and 150 GB free space on the DRAGEN server v4 (in /staging). When the requirement is not met, this notification displays in the Cases page. Case ingestion is blocked.
Insufficient disk space on the DRAGEN server v4 and/or External storage drives. Case ingestion has been stopped. Please free up space to resume Case ingestion or contact Administrator.
Disk space usage
The Storage Drives page allows you to monitor storage utilization. The page displays information on Connected Insights - Local software usage, other usage, and available space for both the DRAGEN server v4 (in /staging) and the external storage drive.
Required: External storage drive is always connected and accessible to the DRAGEN server v4 during the time of configuration setup.
Required: Previously mounted the external storage drive directory to the DRAGEN server v4 and knowledge of the UID and GID of a user with read and write access in that directory. For instructions on how to mount external storage and find the UID and GID.
Click Save.
A confirmation pop up will be displayed indicating the application will be inaccessible while configuration is in progress.
Click Confirm on the confirmation pop up.
The application checks for below conditions and saves the settings only when the validations are successful:
The provided mounted path exists and is not a local directory.
The provided UID and GID are valid and that user has permission to the read and write in the mounted external storage drive.
The external storage drive directory has minimum of 100 GB free space.
While the configuration is in progress, software will be inaccessible and takes approximately 5 - 25 minutes to complete the configuration. A maintenance page will be displayed to prevent user from performing any action on the application. The application will redirect to the login screen upon successful completion.
While the configuration is in progress, ensure the network connection to the storage is not interrupted and the permission is not modified.
After the storage drive is successfully added, the application creates the following folders. In these folders, the application will write case output files with the UID and GID provided above:
/mnt/<External_storage_mounted_path>/d53e4b2d-0428-4b3e-92bf-955f7153c360
/mnt/<External_storage_mounted_path>/cms_<Server host name or IP address>
/mnt/<External_storage_mounted_path>/ici_report_temp
Click Save.
A confirmation pop up will be displayed indicating the application will be inaccessible while the configuration is in progress.
Click OK on the confirmation pop up.
If Connected Insights - Local software was installed, while the configuration is in progress, Connected Insights - Local software will be inaccessible and a maintenance page will be displayed to prevent user from performing any action on the application (approximately 20 to 25 minutes).
When the configured external storage drive UID and/or GID permissions are altered from its configured settings, the following notification appears in the Cases, Overview, and Storage Drives pages.
External storage drive permissions have been changed from their configured settings. Data upload, variant details, reports and visualization features will not be available.
The external storage server directory must be mounted to the DRAGEN server v4 . Mount the storage as follows.
Using a Secure Shell (SSH), log in to the DRAGEN server v4.
Run the following command:
mkdir -p /mnt/<ici_mount>
âť— <ici_mount> is an example directory name and can be replaced. The directory name can include dash (-) and underscore (_) characters, but cannot include spaces or special characters.
If you are using CIFS/SMB share storage, run the following command:
mount -t cifs -o rw,user=<username>,mfsymlinks,uid=<userid of user read andwrite permissions to the mounted drive>,gid=<group id of the user> //<External Storage Server Fully Qualified Domain Name or IP Address>/<AbsolutePathToTheMountedDirectory>/ /mnt/<ici_mount>/
Replace <username> with the username of an account with read and write permissions for the share network-mounted directory. For example:
mount -t cifs -o rw,user=bsmith,mfsymlinks,uid=39456,gid=34569 '//server-abc-01/My_Team/Project/MountingFolder/'/mnt/<ici_mount>
âť— Before mounting the NFS share storage, the following requirements must be met:
The DRAGEN server v4 must be registered in the /etc/exports file of the NFS storage server. Make sure to confirm this registration with your IT support.
Connected Insights - Local software needs a minimum of 755 permissions for the secondary analysis folder that is located or copied under the external storage drive mounted as the <ici_mount> directory.
If you are using Access Control List (ACL), then your IT support must have all given all the ACL permissions(read,write,execute, change and delete) on the external share of the NFS storage that is being mounted on the DRAGEN server v4.
If you are using NFS share storage, run the following commands:
mount -t nfs <External Storage Server Fully Qualified Domain Name or IPAddress>:/<AbsolutePathToTheMountedDirectory>/ /mnt/<ici_mount>
For example: mount -t nfs server-abc-01:/My_Team/Project/MountingFolder/ /mnt/<ici_mount>
chmod 755 /mnt/<ici_mount>
Add the network share to the /etc/fstab file so that the mount is permanent when rebooting.
For MacOS
Open Terminal
Install Homebrew. If you donw have Homebrew installed, copy and paste the following into terminal: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Install e2fprogs and xfsprogs:
Command: brew install e2fsprogs
On the DRAGEN server v4 , create the /media/usbinstall directory that is used for mounting the USB ( mkdir /media/usbinstall ).
Connect the USB drive to the DRAGEN server v4.
Run the following command to mount the USB drive partition that contains the five downloaded installer files to the DRAGEN server v4: mount / /media/usbinstall
Run the following command to make sure that the downloaded files have executable permissions: chmod +x *
For Windows OS
From your Windows machine, go to any free installation software which formats USB to ext4/xfs example: DiskGenius website and download the free version.
Insert the USB Drive into the Windows machine.
Launch the USB formatter software (example: DiskGenius) and locate the USB drive.
For DRAGEN SERVER v4
Format a USB with the xfs or ext4 file system using the following commands.
Replace <xfs/ext4> with either xfs or ext4 depending on which file system you use.
Insert the USB drive into a PC with an OS that is compatible with xfs or ext4 (for example, Linux).
The domain name server (DNS) registers the DRAGEN server v4 with the domain and resolves the IP address.
With DNS Server
Use the following commands to return the host name, domain name, and fully qualified domain name with a DNS server.
hostname — This command returns the host name of the server. To set a host name, use the hostnamectl set-hostname<Hostname of the server> --static command. Make sure that only the host name is entered. Check the /etc/hostname file tomake sure that only the host name is displayed and not the fully qualified domain name. For example, if the host name is testserver , the /etc/hostname file must only contain testserver
âť— Make sure that the host name commands ( hostname, hostname -d, and hostname -f ) return the correct values. If these commands do not return the correct values, the installation fails.
If the correct values are not returned, refer to the Connected Insights - Local software section of .
Remote PC to DRAGEN Server v4 If there is no DNS, you can connect to the DRAGEN server v4 from your PC or a remote PC with SSH. Make sure that the IP address and fully qualified domain name of the DRAGEN server v4 (for example,< DRAGEN server v4 IP address> < testserver.abc.com>) are added to the hosts file on the PC.For instructions, refer to .
On the storage where you have been added as a user with read/write permissions, login to its shell and enter: id Example: Storage server name: teststorage User name: jsmith ssh jsmith@teststorage 'Command: id jsmith' Output: uid = 112233(jsmith) gid=32000(Storage_Users)
If the mounted storage/partition is controlled by an Access Control List, then get the ID of the access list and enter the gid of the Access control list. You can get the GID of the ACL by using the getent command on the Storage server: Example: Storage server name: teststorage Storage Parition with ACl: TestCIFSwithACL User name: jsmith ssh jsmith@teststorage Command: getent group TestCIFSwithACL Example Output: TestCIFSwithACL:669933
Other way to check the UID:GID once the storage is mounted is on the command line enter the command: Command: stat -c %u:%g <Path/to/mountedstoragedrive> Example: stat -c %u:%g /mnt/<ici_mount>
Follow the below steps to add the ceriticate to the Trusted URLs such that the message 'Your connection is not private" does not appear in your browser. For Mac OS
Launch the browser and enter the application URL FQDN or with the Static IP from the nohup.out file.
In the browser URL box, click on Not secure and then select Certificate is not valid option. This opens the Certificate Viewer pop-up
Click on the Details tab in the pop-up and the click on the Export button at the bottom right corner to export this ceritificate.
Now once you launch the application from the browser, the message 'Your connection is not secured' will no longer appear.
Use the vi /etc/fstab command to open the file in an editor.
Replace <username> with the username of an account with read and write permissions for the share network-mounted directory. For CIFS/SMB or NFS mounts, refer to the following examples:
CIFS/SMB://<External Storage Server Fully Qualified Domain Name or IPAddress>/<AbsolutePathToTheMountedDirectory>/ /mnt/<ici_mount> cifs rw,user=<username>,mfsymlinks,uid=431,gid=433 0 0
NFS: <External Storage Server Fully Qualified Domain Name or IPAddress>:/<AbsolutePathToTheMountedDirectory>/ /mnt/<ici_mount> nfs defaults 0 0
âť— All spaces (except for the space between 0 and 0) are tabs.
If there are issues with updating the CIFS/SMB or NFS mount, refer to Software Errors and Corrective Actions.
Command: brew install e2fsprogsInsert and identify the USB Drive. After inserting your USB drive, list all disks to identify your USB drive: Command: diskutil list
Unmount the USB drive. Replace diskX with the disk identifier of your USB drive: Command: diskutil umountDisk /dev/diskX
Format the USB drive.
To format as ext4: Command: sudo /usb/local/opt/e2fsprogs/sbin/mkfs.ext4 /dev/diskX
To format as XFS: Command: sudo /usb/local/opt/e2fsprogs/sbin/mkfs.xfs /dev/diskX
Create a new partition. Right click on the unallocated space and select "Create New Partition".
Select File system type as ext4 or XFS. Name the parititon label as usbinstall.
Hit save all to confirm all changes.
Run the following command to format the drive.
Replace <sd?> with the name of the USB drive (for example, sdc).
sudo mkfs -t <xfs/ext4> /dev/<sd?>
Run the following command to create a partition directory:
fdisk /dev/<sd?#>
Make the partition in the correct format by replacing <sd?> with the name of the partition directory (for example, sdc1).
mkfs.<xfs/ext4> /dev/<sd?#>
hostname -d/etc/resolv.confsearch <domain name>nameserver <DNS IPaddress><domain name>nameserver <DNS IP address>nameserver <DNS IP address>hostname -f— This command returns the fully qualified domain name (for example, testerver.abc.com).
From search box in the Mac, open the Keychain Access.
Click on the Certificates tab, then select System on the left pane.
Drag and drop the exported certificate(.pem file). The system would prompt to enter the password in the Keychain access.
Enter network/laptop password in the Keychain access. This will add the certificate under the System certificates.
Right click on the listed certificate and select Get Info.
Expand the Trust section and in the option 'When using this certificate', select Always trust option from the dropdown.
Once you close this pop-up it would ask you to re-enter your network password to update the Keychain access settings. Enter the password.
If you have the Administrator role, you can use the Administration Console to add users, reset passwords, manage software updates and manage API Keys.
Add users as follows.
From the profile drop-down list, select Administration Console.
Select User Management.
Select Users, and then select Add User.
Populate the following fields:
User Name
First Name
Last Name
Select Save. The new user appears in the Users section of the Administration Console.
Select the Username to view user details. You can also edit the role and change the password for the user or suspend the account.
Login to Administration Console.
Select the User from the list
Provide user emailId and select suitable role for the user for Connected Insights
âť—Illumina recommends having at least two users with Administrator privileges to prevent any potential lockout from the Administrator user login when managing actions on the Administration Console.
Login to the application and launch Administration Console.
Select Workgroups
Select Add Workgroup
âť—Allow the application approximately 15 minutes to complete the new workgroup configuration in the background before attempting to access it.
The Sign In Security section of the Administration Console contains password, session, and security question settings. Password and Session Policy From the Password Policy section, you can change the following password settings:
Password Expiry — The length of time your password is valid (for example, 3 months).
Password Notification — The amount of time before your password expires (for example, 10 days)
Number of Unique Passwords before Reuse — The number of passwords that must be unique before you can start reusing passwords(for example, 3)
From the Session Policy section, you can change the idle time limit for a session (for example, 30 minutes). When this limit is reached, the inactive user is signed out. After making any changes, select Save.
âť—Any security changes or user account change, will take effect in the subsequent user login for the user account.
Security Questions The Security Questions section shows the security questions that are included with the application. You can edit or remove questions that are not in use by any user accounts, or you can select New Question to add a security question. If this option is selected, a field displays. Type in a new question and select Save.
From the Connected Insights login screen, select Forgot password?.
On the Forgot Password screen, enter a user name in the User Name field and select Reset.
On the Answer Security Questions screen, enter the answer for each question and select Submit. If you do not remember your answers, contact your administrator.
Administrator can create and delete the API key.
To generate API Keys, refer to below instructions:
In Connected Insights, select Manage API Keys from the Account drop-down menu.
Select Generate.
Enter a name for the API key.
Show — Reveals the API key.
Download API Key — Downloads the API key in .TXT file format.
Copy the API Key to clip board.
âť— The API key cannot be viewed again after closing this window. Download the API key or save it in a secure location.
Close after you have stored the API key. The API key is added to the Manage API keys list and can be used for API authorization.
To delete existing API Keys, refer to below instructions:
From the User name drop down, select Manage API Keys
In the API Keys list, select Delete icon against an API Key.
A prompt is displayed to confirm the delete action.
Application shall send user's temporary passwords and password expiry notifications via email if the below Email server configuration is setup.
Login to the application and launch Administration Console by clicking on the User icon on the right side of the header bar.
Select Email Server Configuration on the left side navigation.
Populate the following fields:
Email Address
Choose the Workgroup and user's role for the workgroup
Create Temporary Password
Confirm Password
Workgroup name; must be unique.
Select users and their roles for the Workgroup.
Select Save. The new workgroup appears in the Workgroups section of the Administration Console.
Select the Workgroup name from table to view workgroup details. You can also edit the workgroup to modify the users and their roles.
Sign Out After — The amount of sign-in attempts before an account is suspended (for example, 3)
Account Suspension Time — The amount of time an account is suspended after exceeding the sign-in attempts (for example, 1 hour)
On the Reset Password screen, enter your new password in the New Password and Confirm Password fields and select Reset.
SMTP server address
SMTP server port
Sender's email address - the address user's will receive email from
Enable SSL (or) Enable TLS
Enable Authentication - If authentication is enabled, it will prompt to provide the email server authentication.
Upon providing the above fields, click Send against "Send Test Email".
If the test email is successful, Save button will be enabled.
Select Save to save the email server configuration.
For Connected Insights - Local software, the Administration Console handles the following tasks:
Adding additional users and workgroups
Resetting passwords
Manage Software and package updates, including Genome Equivalent Sample file updates.
Manage Storage Drive
Email notifications configuration
For Connected Insights - Cloud software, refer to the and for more information on domain administration.