Hi,
There are 100+ server inside secured zone which is communicating to a beacon outside the secured zone environment, we have built a new beacon server inside the secured zone and want all the servers inside the secured zone to communicate to that new build beacon.
How do we redirect the agent communication ?
‎Jun 12, 2020 03:38 AM - edited ‎Jun 12, 2020 03:39 AM
Hi,
Can these servers still communicate with the original Beacon, outside the zone? Then the agents should get the new Beacon details when they update failover settings.
If they're "stuck" in the secured zone, you'll have to update them manually, via script or redeploy them using the new Beacon for bootstrapping.
Best regards,
Markward
‎Jun 12, 2020 03:48 AM
Hi Markward,
Thanks for your response,
Can these servers still communicate with the original Beacon, outside the zone? - Yes they are communicating with no issues so there is no failover, only request is they should communicate inside the secured zone to a new build beacon instead communicating to the beacon outside the secured zone.
‎Jun 12, 2020 04:08 AM
Hi,
I see 2 options for you:
Best regards,
Markward
‎Jun 12, 2020 04:57 AM
Hi Markward,
I thought of trying the 1st option but we are in 2018 R1 version so we do not have this settings, do we have any similar kind of setting that I can change in 2018 R1 version that you could suggest.
Just restrict machine communication to inside the secure zone. That way the agents only can contact your new beacon and should "fail over" to it. - how do we do this.
Regard
Raghuvaran R
‎Jun 15, 2020 06:48 AM
@raghuvaran_ram - Since you are on 2018 R1 there is no easy way to achieve the outcome that you wish using FlexNet Manager itself.
If you cannot upgrade, then you can configure the firewall and proxy rules so that the FlexNet Manager Agents cannot communicate outside of your secure zone. They would attempt to connect, but they would fail. They would be able to upload to the Beacon within your Secure Zone and that would be the only way to communicate.
However, your best option is to upgrade to the newer version of FlexNet Manager and then you would be able to use Option 1 as outlined by @mfranz .
I would recommend that you review the features that are included in the upcoming FNMS 2020 R1 release and upgrade to this latest version as there are several great new features that are part of this release.
‎Jun 15, 2020 06:59 AM
Hi,
Because you mentioned the zoning concept, I would assume there are firewalls securing communication between these zones. As mentioned by @kclausen:
"[...] you can configure the firewall and proxy rules so that the FlexNet Manager Agents cannot communicate outside of your secure zone."
You should talk to your security/network team about this.
Best regards,
Markward
‎Jun 15, 2020 07:06 AM
If possible, could you send us an excerpt from the tracker.log / upload.log of the agent - the part with the prioritization of the beacon is sufficient for me.
I would like to understand why the beacon is still used as primary target outside the SecureZone. Each agent performs a number of prioritization algorithms (Best Ping Response, Closest ADSite Match).
I would now expect that the agent would prefer the beacon within the zone, as it is "better" to reach.
Greetings and thanks
Dennis
‎Jun 15, 2020 07:52 AM