Appian Cloud FAQ

The purpose of this topic is to provide answers and links to additional information for the most commonly asked questions around Appian Cloud capabilities and policies.

Initial Cloud Site Setup

How are sites named?

Your Appian Cloud siteURLs are generated based on the site name that is recorded in your legal agreement, using the following naming conventions:

  • Production Environment: <sitename>.appiancloud.com
    • Example: appian.appiancloud.com
  • Lower Environments: <sitename>dev.appiancloud.com and <sitename>test.appiancloud.com
    • Example: appiandev.appiancloud.com and appiantest.appiancloud.com

Can our site name be changed?

If you wish to change the name of one or more of your sites, this can be requested from Appian Support by one of your designated support contacts opening a support case through Appian Forum. Please note that this change will require a maintenance window, during which time the site will not be available.

For information on configuring a custom domain, please refer to KB-1536.

Who is my Site Administrator?

The legal agreement will name your first Site Administrator. It is important to name the correct person because Appian can only provide certain details to this named individual.

When your sites are initially setup and provided to you, the first Site Administrator account is created for each instance. The Site Administrator will receive email notification with the details of each Site URL and the details for first time login. The Site Administrator can then log into your Appian Cloud instances and create additional users, including additional Site Administrators.

The Site Administrator also serves as your initial User Registration Administrator and Licensing Point of Contact. User Registration Administrators are responsible for naming your company's designated support contacts. Licensing Points of Contact can approve/deny product license requests and are also notified when licenses are going to expire. These assignments can be modified on the Accounts site on Appian Forum under Related Actions.

How can I change our Site Admin to a new person?

If you have a requirement to change the Site Administrator from the user that you provided in your legal agreement, the current Site Administrator can create the additional Site Administrator users on your site. If you have only one Site Administrator and that individual is not available to perform this action (e.g. left your company), you follow the process outlined in KB-1811. Please note that creating a new Site Administrator provides full control of your site, so Appian Support will be required to verify the authenticity of the request and secure necessary approvals before performing this change.

Where is my site hosted?

A list of all of Appian's available regions and availability zones can be found here. Your sites are hosted based on the location requested in your legal agreement. If you need to confirm this location for any reason, one of your designated support contacts can request this information from Appian Support by creating a support case in Appian Forum.

Can my site be moved to a different region?

Sites can be moved to a different hosting region and you will need to initiate this request by creating a support case in Appian Forum. The process to migrate the site is straight forward, but clients need to consider the potential work to re-provision VPN connections and any associated impact.

Upgrade Policies & Maintenance Windows

What are Appian's policies for upgrading Appian Cloud environments?

Appian releases new versions of its platform on a quarterly basis. The process to convert Appian Cloud customers to the latest release is fully automated and can usually be scheduled a few weeks after the release is generally available. Appian will make all efforts to minimize the number of service interruptions for customers of Appian Cloud, as well as to perform maintenance activities outside of regular business hours for end users of the system.

Additional information on Appian product release history and currently supported versions can be found here.

How are site upgrades scheduled, and can they be rescheduled?

Maintenance windows for upgrades are scheduled to take place outside of regular business hours (based on the region where your site is hosted) to minimize impact on end users of the system. If you would like to change the date and time for a scheduled upgrade, you can self-manage your upgrades from the Cloud Installations site on Appian Forum, or a designated support contact can create a support cases requesting a new date or time.

Who is notified about upgrades or any other maintenance activities that require application downtime?

Customers are notified about maintenance activities in advance via email. Email notifications are also sent at the start and completion of the scheduled maintenance. These notifications are sent to the original Site Administrator, your company's designated support contacts, and any other users or distribution lists you have defined on the Accounts site under Related Actions.

The email notifications include the exact date and time when your Appian Cloud sites have been scheduled for patches or upgrades and will be at least two weeks out from the date of the notification.

How can I update our contact lists for receiving these notifications?

Your User Registration Administrator can add additional contacts for these notifications on the Accounts site on Appian Forum under Related Actions. If you prefer, you can also create an email distribution list that you manage on your side and add that distribution list for notifications.

Where can I find more information about the type of maintenance activities in Appian Cloud?

The Appian Cloud Site Maintenance topic includes information about the types of maintenance activities for Appian Cloud.

Monitoring & Alerting

What areas are included in Appian Cloud Monitoring?

Appian Cloud tracks the health of your sites 24x7x365. This includes monitoring on key operational metrics across the following areas and more…

  • Disk space Utilization
  • Memory Utilization
  • Login Page Availability
  • VPN Tunnel Health (Production Environments)
  • Anti-Virus Alerts
  • Health & Status of Appian Components

What happens if Appian Cloud Monitoring detects a problem on our Site?

For any alerts that indicate a current or potential site impact, Appian Support will create a case to notify your designated support contacts and inform them of remediation steps that Appian is taking, or that are required of the customer.

How does Appian communicate changes that could affect system security, availability, and/or confidentiality?

Unless such a change is initiated upon customer request, changes that may materially affect system security, availability, and/or confidentiality are communicated to affected customers for review in accordance with Appian Maintenance Services agreements before the implementation of the proposed changes. The communication will provide instructions for you to request additional information if desired.

How does Appian communicate information about any security incidents?

For any confirmed incidents or major updates that affect security, confidentiality, or availability of customer data, Appian will notify affected customers via a support case in Appian Forum.

How does Appian communicate about unexpected service degradation?

Appian will notify affected customers via a support case in Appian Forum about unexpected service degradation. For production incidents, customers might define specific administrators or distribution lists that need to be contacted separately by Appian Technical Support as well.

For widespread issues affecting Appian Cloud, the Appian Cloud status page will be updated: http://status.appiancloud.com

How do I notify Appian about any information security incidents in the Appian platform?

You can notify Appian about any information security incidents for an Appian Cloud site by either raising a support case in Appian Forum, or by filling out the form available at https://forum.appian.com/suite/cloud/securityincident.popup

Private Networks

Why would I want to configure a VPN on our Cloud sites?

IPSec VPN connections enable access to computer resources on a private network from an Appian Cloud instance. Each Appian Cloud instance can have multiple VPN tunnels enabled to securely integrate with resources in different networks. This enables the use of Appian smart services such as the Query Database or the Web Service smart service to connect to resources that are located on your private network, as well as securely integrating with a corporate authentication system (e.g. Active Directory).

What is required for setting up a VPN?

Information on the requirements for configuring a VPN can be found here.

How many VPNs do I need for HA?

At least one VPN connection is required for each of the three nodes in an Appian Cloud production HA configuration.

Can I have multiple VPNs to the same location, for failover and resilience?

Yes. One failover tunnel is required for each existing main tunnel. For a single node site with 1 VPN tunnel, failover would require 2 VPN tunnels. For a High Availability site with 3 VPN tunnels, failover would require a total of 6 VPN tunnels.

Can I have multiple VPNs going to different locations from the same Appian Cloud instance?

Yes, you can request for VPN connections to multiple, different end locations. The process for this is the same as setting up the original tunnel as described here. Note that the subnets/IPs that we connect to on your side cannot overlap from one location to the other due to networking limitations.

Does the same VPN serve all my Appian Cloud instances (production and non-production)?

No. We need to configure a separate VPN connection for each Appian Cloud instance to ensure security and integrity for each site.

Does the VPN connection allow third party reporting tools to query the MySQL Database in the cloud site?

Customers with High-Availability configured in their instance and enrolled in Premier Support can request direct access to their MySQL business data source over the VPN tunnel. For more information on this configuration, refer to Enhanced Data Pipeline for Appian Cloud. Non-Premier Support customers can create their own Appian process models that write directly to 3rd party RDBMS within the organization's network using the Query Database Node or Write to Datastore Node. Refer to the Query Database Smart Service topic for more information about this.

Data in Appian Cloud

Which databases are supported in Appian Cloud?

You can integrate Appian Cloud with any of the databases supported by Appian as per the System Requirements topic. An instance of MySQL is provided as part of Appian Cloud; customers who want to use a different database management system can host a supported database locally and connect to it remotely. See also: Appian Cloud Integration.

Where can I find more information about the capabilities of the relational database provided as part of Appian Cloud?

The Appian Cloud Web Administration and Query Database Smart Service topics include sections specifically for Appian Cloud customers where you can find additional information about this topic.

Is there a way to access the relational database provided as part of Appian Cloud through a different client?

Access to the MySQL instance provided with Appian Cloud is only available through Appian or phpMyAdmin interface.

However, customers can integrate Appian with additional external relational databases hosted within VPN endpoints such as their corporate network. Additional information is available the Query Database Smart Service topic.

Additionally, Enhanced Data Pipeline feature that is available with Premier Support provides the ability to read data from the Appian Cloud MySQL business database. More information on Enhanced Data Pipeline can be found here.

Can I pull log data from Appian Cloud into my local environment?

Log Streaming is available to customers that are on Premier Support using version 18.3 or higher. With this feature, your Appian Cloud instances can be configured to stream supported logs, in real time, to a syslog receiver within your network. Once logs are stored in a central repository, you can index, access, search, and correlate events using your existing Log Management and Security Information & Event Management (SIEM) tools.

These logs can be further digested and aggregated by tools of your choice, such as Splunk, LogRhythm, and Elasticsearch-Logstash-Kibana (ELK) stack.

Customers can also access logs through the interface /suite/logs. Please note that MySQL log files are not currently available.

How is data stored in Appian Cloud backed up?

Data stored in Appian Cloud sites is backed up every night and retained for 28 calendar days unless otherwise stated in a customer's legal agreement. These backups include all data stored in each Appian Cloud site. Data from these backups is stored in a location separate from the primary processing location.

Can Appian delete data generated during testing?

It is possible, for a fee, for Appian Support to create a Snapshot of a site before testing and to restore the site to this Snapshot after testing completes. You can contact your Account Executive if you are interested in doing this. If you have provisioned the Snapshot capability and wish to use this, one of your designated support contacts should open a support case through Appian Forum at least 3 days in advance and provide the following information on that case:

  • The date when the Snapshot should be taken.
  • The start time and estimated completion time of the test so that Appian can proactively schedule a maintenance window after that time to restore the site.

Can Appian copy data from one site into another site?

Appian enforces the information security best practice of keeping all systems and data specific to one site separate from other sites. Consequently, Appian does not provide support to transfer data between sites.

Customers can only use application import / export to move applications across environments. Customers who need data for testing purposes have to generate sample data for the sites where it is needed.

Is it possible to delete all data from an Appian Cloud site?

Deleting data from Appian Cloud must be done from the user interface. Appian does not delete any customer data from an Appian Cloud site. This is also applicable for requests to restore a site to a "blank" state.

Does the VPN connection allow third party reporting tools to query the MySQL Database in the cloud site?

Customers with High-Availability configured in their instance and enrolled in Premier Support can request direct access to their MySQL business data source over the VPN tunnel. For more information on this configuration, refer to Enhanced Data Pipeline for Appian Cloud. Non-Premier Support customers can create their own Appian process models that write directly to 3rd party RDBMS within the organization's network using the Query Database Node or Write to Datastore Node. Refer to the Query Database Smart Service topic for more information about this.

What is the data storage limit in Appian Cloud instances?

Storage for Appian Cloud instances is provisioned in alignment with the Customer Service Agreement and there is no upper limit. Customers can work with their Account Executive at any point to expand the storage capacity of an existing Appian Cloud instance.

Integrations & Customizations

Where can I find a list of the integration options supported in Appian Cloud?

The Appian Cloud Integration topic provides additional information about the available options to integrate Appian Cloud with other systems.

Can I create custom plug-ins?

Yes, but a licensed on-premise installation is required to develop and test custom plug-ins. An alternative for Appian Cloud customers is to utilize Appian Professional Services or an Appian Partner to build and test custom plug-ins. Any custom plug-in that you want to deploy to your site must be requested via a support case on Appian Forum and source code for the plug-in must be provided along with the request. Appian Support will review and approve the plug-in before it can be deployed. Please allow 2 days for this review process.

Cloud Approved Shared Components can be added to sites and updated to the latest version through the Admin Console.

Please note that custom plug-ins and Shared Components are not supported by Appian Support. Appian Cloud customers are responsible for maintaining these customizations.

Is it possible to configure our Appian Cloud instance to use our mail server to deliver emails?

Yes, it is possible to do this. You will need a working VPN connection to this email server first. If you do not have a VPN tunnel set up yet for your Appian Cloud instance, please fill out the worksheet provided in Cloud VPN Integration and submit a support case on Appian Forum.

Once the VPN tunnel is set up, create a support case on Appian Forum to configure your sites to use your own mail server.

Can I add custom email senders in Appian Cloud?

Yes, this is a supported configuration. Please refer to the Configuring Custom Email Senders in the documentation for more information on this topic.

Can I configure our Appian Cloud instance to poll our own email server?

Yes, this capability is available to Appian Cloud customers. A designated support contact can create a support case in Appian Forum to configure your Appian Cloud sites. See also: Mail Server Setup for detailed information about the information needed to enable this functionality.— layout: basic title: Appian Cloud FAQ notice: cloud_only — — layout: basic title: Appian Cloud FAQ notice: cloud_only —

Can I integrate Appian Cloud with SharePoint?—

layout: basic title: Appian Cloud FAQ notice: cloud_only — — layout: basic title: Appian Cloud FAQ notice: cloud_only — Yes. Please refer to the Appian for SharePoint topic to find out more information about the supported functionality for integrating Appian Cloud with on-premise SharePoint instances. Document integration with SharePoint Online can be achieved using the Office 365 Integration Shared Component. Please note that Shared Components are provided as-is and are not supported by Appian Support. Appian Cloud customers are responsible for testing and maintaining these customizations in their applications.

Can I configure custom properties in Appian Cloud?

Appian Cloud utilizes standard configuration settings that are the default for Appian. These standard configuration settings have been set based on data collected throughout time from all Appian deployments and have been set to prefer the stability and performance of the system. Designers are required to design and tune their applications to be within standard configuration settings, rather than requesting custom settings to circumvent sub-optimal design patterns or poor performing system integrations.

The only changes to settings allowed are those that are exposed via the web browser via the Appian Administration Console.

IP Addresses and Controlling Access to your Appian Sites

How do I get the IP address for my Appian site(s)?

Appian Cloud doesn't use static IPs. Customers who need IP based routing must use Cloud VPN Integration. Whitelisting traffic coming from the Appian Cloud infrastructure as a whole is possible by whitelisting the IPs for your region listed in KB-1582. These IPs are subject to change on a quarterly basis. You can receive notifications of any quarterly updates by enabling notifications on this KB article.

How do I get the IP addresses of SMTP servers for whitelisting?

Appian Cloud SMTP server IP addresses are subject to change at any time. Appian Cloud publishes up-to-date Sender Policy Framework (SPF) records so that receiving mail exchangers can validate Appian Cloud emails are originating from an authorized SMTP server.

Can I whitelist traffic coming from Appian Cloud to my network?

Yes, please refer to KB-1582 to learn more about whitelisting Appian Cloud IP addresses.

Can I restrict access to my Appian Cloud site(s) by using IP whitelisting?

Yes, please refer to Configuring Trusted IP Addresses for Appian Cloud to learn more about whitelisting IP addresses in Appian Cloud.

Can I use a VPN so my end users connect directly from the client network rather than over the internet?

Yes. This configuration is intended for customers who require that only users and systems within their network can access the Appian Cloud site. The steps required for configuring your Appian Cloud site to receive inbound HTTPS traffic only over an IPSec VPN tunnel are documented in KB-1541. With this configuration, the site will not be accessible over the Internet and all users must first be on their corporate network before navigating to their Appian Cloud sites.

Appian also supports dual access, or access over the internet plus through a VPN. More information on this can be found in KB-1537.

Performance, Security and Encryption

Is it important to do performance testing in Appian Cloud?

Appian strongly recommends Appian Cloud customers to plan, design and perform performance testing on their applications prior to their production launch.

Even though Appian performs internal performance and scalability testing; application performance is also a function of the way applications are designed and developed. Consequently, it is recommended for customers to design performance tests specifically for their applications and what they consider the most common use cases.

Appian Support does not provide assistance related to performance testing tools. Those services are provided by our Professional Services organization.

Is it important to do penetration testing in Appian Cloud?

Even though Appian works with a third-party to perform penetration testing as part of its development cycle, it is recommended for customers to perform penetration testing specifically tailored to their applications.

Appian requires customers to give notice about their penetration and vulnerability testing at least three business days in advance via a support case on Appian Forum. Customers must provide contact information, the start time of the test (including timezone), its duration, the expected peak bandwidth in Gigabits per second (Gbps), as well as the source IP addresses generating the test traffic. This is important to prevent Appian or its hosting service providers from blacklisting those IP addresses.

Does Appian Cloud support BYOK for clients to control the encryption keys for their site?

Yes, Appian Cloud supports integration with the Amazon HSM platform. This will require a dedicated VPN connection between the Amazon HSM instance and the Appian Cloud site.

Other Frequently Asked Questions

Where can I get more information about Appian Cloud security?

Appian is committed to keeping your applications secure, available and compliant with local and global regulations. Comprehensive information on Security & Compliance, Third Party Audits, and Advanced Governance can be found in Appian's Trust Center.

Are Appian best practices still applicable in Appian Cloud?

Yes. Appian recommends reviewing The Appian Playbook when developing applications, whether it is on-premise or in the cloud. The Appian Playbook is available to customers and partners only.

Does Appian support AWS Direct Connect in Appian Cloud?

Out of the 2 types of AWS Direct Connect (private / public) the option for setup with Appian Cloud is the public version. Customers can work directly with AWS to setup Direct Connect. Their connections to Appian Cloud sites will automatically benefit from this dedicated network connection to AWS. This is a relationship and purchase between AWS and each customer where Appian doesn't need to be involved.

Does Appian support AWS VPC Peering in Appian Cloud?

No, Appian Cloud does not support the use of VPC Peering as a form of connection with customer sites; however, Appian Cloud does provide multiple alternatives to connect with AWS resources. One such option is the use of AWS PrivateLink for outbound traffic to customer VPC Endpoint Services. In the case of needing the ability to send both inbound and outbound traffic or for integrations with services not supported by AWS PrivateLink, Appian Cloud recommends the use of IPSec VPN Tunnels.

Links included in the reset password emails are valid for 15 minutes by default. This expiration can be configured from the Administration Console.

Can emails be sent to process and process models in Appian Cloud?

Yes, the send email to process and process model functionality is supported to Appian Cloud customer. Please note that CNAME expansion must be disabled on your SMTP server per KB-1394.

FEEDBACK