VA - Virtual Appliances
Date Posted:
2 Jul 2025
Category:
Security
VA - Virtual Appliances
Date Posted:
2 Jul 2025
Category:
Security
VA - Virtual Appliances
Date Posted:
2 Jul 2025
Category:
Security
Introduction Of Virtual Appliances (VAs)
The VA is delivered in the form of a virtual disk image. Each VA is implemented within your infrastructure and is overseen by SailPoint. SailPoint is responsible for the maintenance, updates, and upgrades of the VA software.
SailPoint does not establish a direct connection to the VA. SailPoint utilizes Virtual Appliances (VAs) to link your tenant with on-premises applications. A VA is a Linux-based virtual machine that connects to your data sources and applications through SailPoint APIs.
What’s Happening Inside the SailPoint Virtual Appliance?
If your organization uses SailPoint IdentityNow, you’ve probably heard of something called the Virtual Appliance, or VA for short. It plays a critical role in helping IdentityNow communicate with your internal systems like Active Directory, SQL databases, or HR platforms.
But what exactly does the VA do? And what’s happening behind the scenes?
In this post, we’ll explore the key services running inside the VA and the logs it generates—without diving too deep into technical jargon. Whether you're an identity engineer or just getting started with SailPoint, this guide will help you understand the VA in a clear and approachable way.
What Is the SailPoint Virtual Appliance?
Think of the VA as a secure translator between your internal IT systems and the cloud-based IdentityNow platform. While IdentityNow lives in the cloud, many of the systems you want it to manage still live inside your organization’s network.
That’s where the VA comes in. It’s a small, secure, Linux-based virtual machine that gets deployed within your company’s environment. It serves as the bridge that allows IdentityNow to:
Read identity and account data from your internal systems.
Push changes, such as account creations or deactivations.
Capture password changes in real-time.
Run tasks like password resets or access revocations.
Stay automatically updated without manual maintenance.
And the best part? It does all this while keeping your internal systems protected from direct cloud exposure.
What Services Run Inside the VA?
Inside the VA, multiple background services work together to keep everything functioning. Each one has a unique responsibility, and together they make the VA operate smoothly.
Here’s a breakdown of the core services:
Cloud Connector
This is the engine that connects to on-prem systems like Active Directory, LDAP, or databases. It pulls user data and sends updates. If identity syncs or provisioning tasks aren’t working, this is the first service to check.
Network Tunnel
This service securely routes traffic between the VA and IdentityNow over HTTPS (port 443). It ensures that communications are encrypted and trusted.
PWI Proxy
For organizations using Password Interceptor (PWI) to track password changes in Active Directory, this service captures those changes and sends them securely to IdentityNow.
VA Agent
Think of this as the brain of the VA. It regularly communicates with SailPoint’s cloud to receive tasks (like provisioning) and handles secure credential storage.
Charon
Charon is like the internal manager of the VA. It monitors the health of services, handles updates, and restarts services when needed.
Toolbox
This toolkit is built in for advanced diagnostics. It’s typically used when troubleshooting deeper technical issues.
Fluent
This service manages log collection. It gathers logs from different parts of the VA and forwards them to SailPoint for analysis.
Otel Agent (OpenTelemetry)
A newer service that collects performance and operational metrics from connectors. It helps provide visibility into how your integrations are performing.
Privileged Action Gateway (PAG)
This is a powerful service that enables IdentityNow to perform secure administrative tasks—such as disabling a user account or rotating passwords—directly on your internal systems.
Where Do the Logs Go?
Each service inside the VA keeps its log files. These logs are essential for understanding what the VA is doing and troubleshooting any issues that come up.
For example:
The Cloud Connector logs show aggregation and provisioning activity.
The VA Agent logs reflect background jobs and check-ins.
The Tunnel and PWI Proxy logs highlight secure traffic routing and password events.
The Charon logs track service health and updates.
Fluent and Otel logs show what’s being sent to SailPoint for analysis.
The PAG logs list what privileged actions were performed, when, and by whom.
If something isn’t working—like provisioning failures or sync issues—checking the logs is often the fastest way to figure out what’s going wrong.
Can I Use Tools Like Splunk or Datadog?
This is a common question. You can’t install monitoring agents like Splunk or Datadog directly on the VA, since the appliance is locked down for security. However, there’s still a way to use your preferred monitoring platform.
Many organizations download the logs from the VA—either manually or using scripts—and feed them into tools like Splunk or ELK for central analysis and alerting. This keeps your visibility consistent while respecting the VA’s secure architecture.
How Are Updates Handled?
One of the great things about the VA is that it stays up to date automatically. SailPoint regularly pushes updates that improve stability, add features, and patch vulnerabilities.
As long as your VAs are online and healthy, they’ll receive these updates without requiring manual intervention. But it’s important to note: even one offline or unused VA in your environment can hold up the update process for the rest. That’s why it’s best to decommission stale VAs promptly.
Conclusion
The SailPoint Virtual Appliance may seem like a mysterious box at first, but under the hood it’s a well-organized and secure system. Its job is to ensure that IdentityNow can safely and efficiently communicate with your internal systems—without putting your network at risk.
By understanding the services it runs and where to find the logs, you’ll be in a much better position to keep your identity program running smoothly, respond to issues quickly, and make informed decisions about your integration setup.
Behind every successful aggregation, secure password sync, or automated access task—there’s a VA doing the heavy lifting quietly in the background.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Security
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Stay tuned to our blog to see more posts about
Sailpoint products implementation and its related updates.
Category:
Category:
Security
Security
Get your
Tailored Quote for your
Organisation
Get your
Tailored Quote for your
Organisation
Introduction Of Virtual Appliances (VAs)
The VA is delivered in the form of a virtual disk image. Each VA is implemented within your infrastructure and is overseen by SailPoint. SailPoint is responsible for the maintenance, updates, and upgrades of the VA software.
SailPoint does not establish a direct connection to the VA. SailPoint utilizes Virtual Appliances (VAs) to link your tenant with on-premises applications. A VA is a Linux-based virtual machine that connects to your data sources and applications through SailPoint APIs.
What’s Happening Inside the SailPoint Virtual Appliance?
If your organization uses SailPoint IdentityNow, you’ve probably heard of something called the Virtual Appliance, or VA for short. It plays a critical role in helping IdentityNow communicate with your internal systems like Active Directory, SQL databases, or HR platforms.
But what exactly does the VA do? And what’s happening behind the scenes?
In this post, we’ll explore the key services running inside the VA and the logs it generates—without diving too deep into technical jargon. Whether you're an identity engineer or just getting started with SailPoint, this guide will help you understand the VA in a clear and approachable way.
What Is the SailPoint Virtual Appliance?
Think of the VA as a secure translator between your internal IT systems and the cloud-based IdentityNow platform. While IdentityNow lives in the cloud, many of the systems you want it to manage still live inside your organization’s network.
That’s where the VA comes in. It’s a small, secure, Linux-based virtual machine that gets deployed within your company’s environment. It serves as the bridge that allows IdentityNow to:
Read identity and account data from your internal systems.
Push changes, such as account creations or deactivations.
Capture password changes in real-time.
Run tasks like password resets or access revocations.
Stay automatically updated without manual maintenance.
And the best part? It does all this while keeping your internal systems protected from direct cloud exposure.
What Services Run Inside the VA?
Inside the VA, multiple background services work together to keep everything functioning. Each one has a unique responsibility, and together they make the VA operate smoothly.
Here’s a breakdown of the core services:
Cloud Connector
This is the engine that connects to on-prem systems like Active Directory, LDAP, or databases. It pulls user data and sends updates. If identity syncs or provisioning tasks aren’t working, this is the first service to check.
Network Tunnel
This service securely routes traffic between the VA and IdentityNow over HTTPS (port 443). It ensures that communications are encrypted and trusted.
PWI Proxy
For organizations using Password Interceptor (PWI) to track password changes in Active Directory, this service captures those changes and sends them securely to IdentityNow.
VA Agent
Think of this as the brain of the VA. It regularly communicates with SailPoint’s cloud to receive tasks (like provisioning) and handles secure credential storage.
Charon
Charon is like the internal manager of the VA. It monitors the health of services, handles updates, and restarts services when needed.
Toolbox
This toolkit is built in for advanced diagnostics. It’s typically used when troubleshooting deeper technical issues.
Fluent
This service manages log collection. It gathers logs from different parts of the VA and forwards them to SailPoint for analysis.
Otel Agent (OpenTelemetry)
A newer service that collects performance and operational metrics from connectors. It helps provide visibility into how your integrations are performing.
Privileged Action Gateway (PAG)
This is a powerful service that enables IdentityNow to perform secure administrative tasks—such as disabling a user account or rotating passwords—directly on your internal systems.
Where Do the Logs Go?
Each service inside the VA keeps its log files. These logs are essential for understanding what the VA is doing and troubleshooting any issues that come up.
For example:
The Cloud Connector logs show aggregation and provisioning activity.
The VA Agent logs reflect background jobs and check-ins.
The Tunnel and PWI Proxy logs highlight secure traffic routing and password events.
The Charon logs track service health and updates.
Fluent and Otel logs show what’s being sent to SailPoint for analysis.
The PAG logs list what privileged actions were performed, when, and by whom.
If something isn’t working—like provisioning failures or sync issues—checking the logs is often the fastest way to figure out what’s going wrong.
Can I Use Tools Like Splunk or Datadog?
This is a common question. You can’t install monitoring agents like Splunk or Datadog directly on the VA, since the appliance is locked down for security. However, there’s still a way to use your preferred monitoring platform.
Many organizations download the logs from the VA—either manually or using scripts—and feed them into tools like Splunk or ELK for central analysis and alerting. This keeps your visibility consistent while respecting the VA’s secure architecture.
How Are Updates Handled?
One of the great things about the VA is that it stays up to date automatically. SailPoint regularly pushes updates that improve stability, add features, and patch vulnerabilities.
As long as your VAs are online and healthy, they’ll receive these updates without requiring manual intervention. But it’s important to note: even one offline or unused VA in your environment can hold up the update process for the rest. That’s why it’s best to decommission stale VAs promptly.
Conclusion
The SailPoint Virtual Appliance may seem like a mysterious box at first, but under the hood it’s a well-organized and secure system. Its job is to ensure that IdentityNow can safely and efficiently communicate with your internal systems—without putting your network at risk.
By understanding the services it runs and where to find the logs, you’ll be in a much better position to keep your identity program running smoothly, respond to issues quickly, and make informed decisions about your integration setup.
Behind every successful aggregation, secure password sync, or automated access task—there’s a VA doing the heavy lifting quietly in the background.