|
This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. |
The purpose of this page is to provide answers and links to additional information for the most commonly asked questions around Appian Cloud capabilities and policies.
Your Appian Cloud environment URLs are generated based on the environment name that is recorded in your legal agreement, using the following naming conventions:
| Commercial regions | US GovCloud regions | |
|---|---|---|
| Production environment | ENVIRONMENT_NAME.appiancloud.com |
ENVIRONMENT_NAME.appiancloud.us |
| Lower environments | ENVIRONMENT_NAMEdev.appiancloud.com |
ENVIRONMENT_NAMEdev.appiancloud.us |
Example production environment: hello.appiancloud.com.
Example lower environments: hellodev.appiancloud.com and hellotest.appiancloud.com.
If you wish to change the name of one or more of your environments, this can be requested from Appian Support by one of your designated support contacts opening a support case through MyAppian. Note that this change will require a maintenance window, during which time the environments will not be available.
For information on configuring a custom domain, refer to Using a Custom Domain in Appian Cloud.
The legal agreement will name your first subscription administrator, also known as a license administrator. It is important to name the correct person because Appian can only provide certain details to this named individual.
When your environments are initially set up and provided to you, a system administrator account is created for each environment. The subscription administrator will receive an email notification with the details of each environment URL and the details for first time login. The subscription administrator can then log into your Appian Cloud environments and create additional users, including additional system administrators.
The subscription administrator also serves as your initial User Registration Administrator and Licensing Point of Contact. User Registration Administrators are responsible for naming your company's designated support contacts. Licensing Points of Contact can approve or deny product license requests and are also notified when licenses are going to expire.
To modify these assignments:
The current subscription administrator can create additional system administrator users on your site. If you have only one subscription administrator and that individual is not available to perform this action (e.g. left your company), you can follow the process outlined in KB-1811. Note that creating a new system administrator provides full control of your environment, so Appian Support will be required to verify the authenticity of the request and secure necessary approvals before performing this change.
A list of all of Appian's available regions and availability zones can be found here. Your environments are hosted based on the location requested in your legal agreement. If you need to confirm this location for any reason, one of your designated support contacts can request this information from Appian Support by creating a support case in MyAppian.
Environments can be moved to a different hosting region and you will need to initiate this request by creating a support case in MyAppian. The process to migrate the environment is straight forward, but clients need to consider the potential work to re-provision VPN connections and any associated impact.
Appian releases new versions of its platform on a quarterly basis. The process to convert Appian Cloud customers to the latest release is fully automated and can usually be scheduled a few weeks after the release is generally available. Appian will make all efforts to minimize the number of service interruptions for customers of Appian Cloud, as well as to perform maintenance activities outside of regular business hours for end users of the system.
Additional information on currently supported versions can be found here.
Maintenance windows for upgrades are scheduled to take place outside of regular business hours (based on the region where your environment is hosted) to minimize impact on end users of the system. If you would like to change the date and time for a scheduled upgrade, you can self-manage your upgrades from the Cloud Installations site in MyAppian, or a designated support contact can create a support cases requesting a new date or time.
Customers are notified about maintenance activities in advance via email. Email notifications are also sent at the start and completion of the scheduled maintenance. These notifications are sent to the original subscription administrator, your company's designated support contacts, and any other users or distribution lists you have defined on a particular account.
The email notifications include the exact date and time when your Appian Cloud environments have been scheduled for patches or upgrades and will be at least two weeks out from the date of the notification.
Your User Registration Administrator can add additional contacts for these notifications.
To add additional contacts:
If you prefer, you can also create an email distribution list that you manage on your side and add that distribution list for notifications.
The Appian Cloud Environment Maintenance topic includes information about the types of maintenance activities for Appian Cloud.
Appian Cloud tracks the health of your environment 24x7x365. This includes monitoring on key operational metrics across the following areas and more…
For any alerts that indicate a current or potential environment impact, Appian Support will create a case to notify your designated support contacts and inform them of remediation steps that Appian is taking, or that are required of the customer.
Unless such a change is initiated upon customer request, changes that may materially affect system security, availability, and/or confidentiality are communicated to affected customers for review in accordance with Appian Maintenance Services agreements before the implementation of the proposed changes. The communication will provide instructions for you to request additional information if desired.
For any confirmed incidents or major updates that affect security, confidentiality, or availability of customer data, Appian will notify affected customers via a support case in MyAppian.
Appian will notify affected customers via a support case in MyAppian about unexpected service degradation. For production incidents, customers might define specific administrators or distribution lists that need to be contacted separately by Appian Technical Support as well.
For widespread issues affecting Appian Cloud, the Appian Cloud status page will be updated: https://status.appiancloud.com
You can notify Appian about any information security incidents for an Appian Cloud environment by either raising a support case in MyAppian, or by filling out the form available at https://forum.appianportals.com/SecurityIncident.
IPSec VPN connections enable access to computer resources on a private network from an Appian Cloud environment. Each Appian Cloud environments can have multiple VPN tunnels enabled to securely integrate with resources in different networks. This enables the use of Appian smart services such as the Query Database or the Web Service smart service to connect to resources that are located on your private network, as well as securely integrating with a corporate authentication system (e.g. Active Directory).
Information on the requirements for configuring a VPN can be found here.
At least one VPN connection is required for each of the three nodes in an Appian Cloud production High Availability configuration.
Yes. One failover tunnel is required for each existing main tunnel. For a single node environment with 1 VPN tunnel, failover would require 2 VPN tunnels. For a High Availability environment with 3 VPN tunnels, failover would require a total of 6 VPN tunnels.
Yes, you can request for VPN connections to multiple, different end locations. The process for this is the same as setting up the original tunnel as described here. Note that the subnets/IPs that we connect to on your side cannot overlap from one location to the other due to networking limitations.
No. We need to configure a separate VPN connection for each Appian Cloud environment to ensure security and integrity for each environment.
Customers with High Availability configured in their environment and enrolled in Advanced or Enterprise Support can request direct access to their business data source provided by Appian Cloud over the VPN tunnel. For more information on this configuration, refer to Enhanced Data Pipeline for Appian Cloud. Essential Support customers can create their own Appian process models that write directly to 3rd party RDBMS within the organization's network using the Query Database Node or Write to Datastore Node. Refer to the Query Database Smart Service topic for more information about this.
You can integrate Appian Cloud with any of the databases supported by Appian as per the System Requirements topic. An instance of MariaDB is provided as part of Appian Cloud; customers who want to use a different database management system can host a supported database locally and connect to it remotely. See also: Appian Cloud Integration.
The Appian Cloud Web Administration and Query Database Smart Service topics include sections specifically for Appian Cloud customers where you can find additional information about this topic.
Access to the database instance provided with Appian Cloud is only available through Appian or phpMyAdmin interface.
However, customers can integrate Appian with additional external relational databases hosted within VPN endpoints such as their corporate network. Additional information is available the Query Database Smart Service topic.
Additionally, the Enhanced Data Pipeline feature that is available with Advanced or Enterprise Support provides the ability to read data from the Appian Cloud business database. More information on Enhanced Data Pipeline can be found here.
Log Streaming is available to customers that are on Advanced or Enterprise Support using version 18.3 or higher. With this feature, your Appian Cloud environments can be configured to stream supported logs, in real time, to a syslog receiver within your network. Once logs are stored in a central repository, you can index, access, search, and correlate events using your existing Log Management and Security Information & Event Management (SIEM) tools.
These logs can be further digested and aggregated by tools of your choice, such as Splunk, LogRhythm, and Elasticsearch-Logstash-Kibana (ELK) stack.
Customers can also access logs through the interface ENVIRONMENT_URL/suite/logs.
Data stored in Appian Cloud environments is backed up every night and retained for 28 calendar days unless otherwise stated in a customer's legal agreement. These backups include all data stored in each Appian Cloud environment. Data from these backups is stored in a location separate from the primary processing location.
Appian Cloud has DLP in place at the infrastructure level to protect against data loss from Appian Cloud's networks. Events flagged by DLP sensors are securely stored in Appian's information security monitoring infrastructure. Access to view these events is strictly limited to Appian's information security team.
DLP events are not available to customers or third parties, but Appian notifies customers of confirmed anomalous activity through technical support cases. If you need DLP for your own endpoints, you will need to implement this solution outside of the Appian Cloud.
It is possible, for a fee, for Appian Support to create a Snapshot of an environment before testing and to restore the environment to this Snapshot after testing completes. You can contact your Account Executive if you are interested in doing this. If you have provisioned the Snapshot capability and wish to use this, one of your designated support contacts should open a support case through MyAppian at least 3 days in advance and provide the following information on that case:
Appian enforces the information security best practice of keeping all systems and data specific to one environment separate from other environments. Consequently, Appian does not provide support to transfer data between environments.
Customers can only use application import / export to move applications across environments. Customers who need data for testing purposes have to generate sample data for the environments where it is needed.
Deleting data from Appian Cloud must be done from the user interface. Appian does not delete any customer data from an Appian Cloud environment. This is also applicable for requests to restore a environment to a "blank" state.
Customers with High Availability configured in their environment and enrolled in Advanced or Enterprise Support can request direct access to their business data source provided by Appian Cloud over the VPN tunnel. For more information on this configuration, refer to Enhanced Data Pipeline for Appian Cloud. Essential Support customers can create their own Appian process models that write directly to 3rd party RDBMS within the organization's network using the Query Database Node or Write to Datastore Node. Refer to the Query Database Smart Service topic for more information about this.
Storage for Appian Cloud environments is provisioned in alignment with the Customer Service Agreement and there is no upper limit. Customers can work with their Account Executive at any point to expand the storage capacity of an existing Appian Cloud environment.
The Appian Cloud Integration topic provides additional information about the available options to integrate Appian Cloud with other systems.
Yes, but a licensed self-managed installation is required to develop and test custom plug-ins. An alternative for Appian Cloud customers is to utilize Appian Professional Services or an Appian Partner to build and test custom plug-ins. Any custom plug-in that you want to deploy to your environment must be requested via a support case in MyAppian and source code for the plug-in must be provided along with the request. Appian Support will review and approve the plug-in before it can be deployed. Allow 2 days for this review process.
Cloud Approved Shared Components can be added to environments and updated to the latest version through the Admin Console.
Note that custom plug-ins and Shared Components are not supported by Appian Support. Appian Cloud customers are responsible for maintaining these customizations.
Yes, it is possible to do this. You will need a working VPN connection to this email server first. If you do not have a VPN tunnel set up yet for your Appian Cloud environment, fill out the worksheet provided in Cloud VPN Integration and submit a support case in MyAppian.
Once the VPN tunnel is set up, create a support case in MyAppian to configure your environments to use your own mail server.
Yes, this is a supported configuration. Refer to the Configuring Custom Email Senders in the documentation for more information on this topic.
Yes, this capability is available to Appian Cloud customers. A designated support contact can create a support case in MyAppian to configure your Appian Cloud environments. See also: Mail Server Setup for detailed information about the information needed to enable this functionality.
Yes. Refer to the Appian for SharePoint topic to find more information about the supported functionality for integrating Appian Cloud with self-managed SharePoint instances. Document integration with SharePoint Online can be achieved using the Office 365 Integration Shared Component. Note that Shared Components are provided as-is and are not supported by Appian Support. Appian Cloud customers are responsible for testing and maintaining these customizations in their applications.
Appian Cloud utilizes standard configuration settings that are the default for Appian. These standard configuration settings have been set based on data collected throughout time from all Appian deployments and have been set to prefer the stability and performance of the system. Designers are required to design and tune their applications to be within standard configuration settings, rather than requesting custom settings to circumvent suboptimal design patterns or poor performing system integrations.
The only changes to settings allowed are those that are exposed via the web browser via the Admin Console.
Appian Cloud does not use static IPs for inbound traffic of environments accessed over the Internet. Customers who need IP based routing must set up their environment for inbound access over VPN.
Yes, allowing traffic coming from Appian Cloud infrastructure is possible by adding the IPs for the region where your environments are running to an allow list in your network. Refer to KB-1582 for details. These IPs are subject to change on a quarterly basis. You can receive notifications of any quarterly updates by enabling notifications on this KB article.
Appian Cloud SMTP server IP addresses are subject to change at any time. Appian Cloud publishes up-to-date Sender Policy Framework (SPF) records so that receiving mail exchangers can validate Appian Cloud emails are originating from an authorized SMTP server. For an example of how to retrieve up-to-date records for your Appian Cloud site, refer to KB-2010
Yes, refer to Configuring Trusted IP Addresses for Appian Cloud to learn more about adding IP addresses spaces to an allow list for your Appian Cloud environment(s).
Yes. This configuration is intended for customers who require that only users and systems within their network can access the Appian Cloud environment. The steps required for configuring your Appian Cloud environment to receive inbound HTTPS traffic only over an IPSec VPN tunnel are documented in Configuring Inbound Traffic over VPN. With this configuration, the environment will not be accessible over the Internet and all users must first be on their corporate network before navigating to their Appian Cloud environments.
Appian also supports dual access, or access over the internet plus through a VPN. More information on this can be found in Configuring Dual Inbound Access.
Appian strongly recommends Appian Cloud customers to plan, design and perform performance testing on their applications prior to their production launch.
Even though Appian performs internal performance and scalability testing; application performance is also a function of the way applications are designed and developed. Consequently, it is recommended for customers to design performance tests specifically for their applications and what they consider the most common use cases.
Appian Support does not provide assistance related to performance testing tools. Those services are provided by our Professional Services organization.
Even though Appian works with a third-party to perform penetration testing as part of its development cycle, it is recommended for customers to perform penetration testing specifically tailored to their applications. Appian requires customers to give notice about their penetration and vulnerability testing at least three business days in advance via a support case. Review KB-1447 Vulnerability Testing for full details around assessment rules and submitting the results.
Appian is committed to keeping your applications secure, available and compliant with local and global regulations. Comprehensive information on Security & Compliance, Third Party Audits, and Advanced Governance can be found in Appian's Trust Center.
Yes. Appian recommends reviewing Appian MAX when developing applications.
Customers may work directly with Amazon to set up a Public Virtual Interface (VIF) and route user traffic through Amazon Direct Connect to their Appian environments. No Appian intervention is required.
If a customer would like to use a Private Virtual Interface to expose their resources, customers may work with Amazon to connect their own Virtual Private Cloud (VPC) and use AWS PrivateLink to connect the exposed resources to their Appian environments hosted within Appian's AWS environment.
No, Appian Cloud does not support the use of VPC Peering as a form of connection with customer environments; however, Appian Cloud does provide multiple alternatives to connect with AWS resources. One such option is the use of AWS PrivateLink for outbound traffic to customer VPC Endpoint Services. In the case of needing the ability to send both inbound and outbound traffic or for integrations with services not supported by AWS PrivateLink, Appian Cloud recommends the use of IPSec VPN Tunnels.
Links included in the reset password emails are valid for 15 minutes by default. This expiration can be configured from the Admin Console.
Yes, sending an email to a process is supported in Appian Cloud.
Note that in order for this functionalty to work with a custom mail server CNAME expansion must be disabled in your environment per KB-1394.
The certificates for environments hosted on the Appian Cloud default domains are typically renewed each year. Our team is alerted a month before certificates expire and will renew them before their expiry date. No action is required by customers to keep the certificates up-to-date. Appian may also replace these certificates at any time and without prior notice. Systems integrating with Appian should not rely exclusively on cached certificates and should not pin these SSL certificates or their chain of trust, as it could lead to connectivity issues when a new SSL certificate gets deployed. If you must pin an SSL certificate or chain of trust for your environment, we recommend configuring a custom domain using your own SSL certificates.
Appian Cloud adheres to the HTTP/2 spec as defined in RFC 7540 section 8.1.2, and as such, does not guarantee that request headers sent by your clients will maintain their original casing. Thus, Appian Cloud customers should not rely on case sensitive HTTP header names in their Web APIs or other portions of their Appian applications.
Yes, Appian Cloud has the following limit for inbound web requests, following industry and security best practices:
If the size in a request exceeds any of these limits, Appian Cloud will return a 413 - Request Entity Too Large error.
Appian Cloud FAQ
