Redirect agent communication
There are 100+ server inside secured zone which is communicating to a beacon outside the secured zone environment, we have built a new beacon server inside the secured zone and want all the servers inside the secured zone to communicate to that new build beacon.
How do we redirect the agent communication ?
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
Can these servers still communicate with the original Beacon, outside the zone? Then the agents should get the new Beacon details when they update failover settings.
If they're "stuck" in the secured zone, you'll have to update them manually, via script or redeploy them using the new Beacon for bootstrapping.
Thanks for your response,
Can these servers still communicate with the original Beacon, outside the zone? - Yes they are communicating with no issues so there is no failover, only request is they should communicate inside the secured zone to a new build beacon instead communicating to the beacon outside the secured zone.
I see 2 options for you:
- Use the FNMS 2019 R2 Feature to restrick the agent communication.
- Just restrict machine communication to inside the secure zone. That way the agents only can contact your new beacon and should "fail over" to it.
I thought of trying the 1st option but we are in 2018 R1 version so we do not have this settings, do we have any similar kind of setting that I can change in 2018 R1 version that you could suggest.
Just restrict machine communication to inside the secure zone. That way the agents only can contact your new beacon and should "fail over" to it. - how do we do this.
@raghuvaran_ram - Since you are on 2018 R1 there is no easy way to achieve the outcome that you wish using FlexNet Manager itself.
If you cannot upgrade, then you can configure the firewall and proxy rules so that the FlexNet Manager Agents cannot communicate outside of your secure zone. They would attempt to connect, but they would fail. They would be able to upload to the Beacon within your Secure Zone and that would be the only way to communicate.
However, your best option is to upgrade to the newer version of FlexNet Manager and then you would be able to use Option 1 as outlined by @mfranz .
I would recommend that you review the features that are included in the upcoming FNMS 2020 R1 release and upgrade to this latest version as there are several great new features that are part of this release.
Because you mentioned the zoning concept, I would assume there are firewalls securing communication between these zones. As mentioned by @kclausen:
"[...] you can configure the firewall and proxy rules so that the FlexNet Manager Agents cannot communicate outside of your secure zone."
You should talk to your security/network team about this.
If possible, could you send us an excerpt from the tracker.log / upload.log of the agent - the part with the prioritization of the beacon is sufficient for me.
I would like to understand why the beacon is still used as primary target outside the SecureZone. Each agent performs a number of prioritization algorithms (Best Ping Response, Closest ADSite Match).
I would now expect that the agent would prefer the beacon within the zone, as it is "better" to reach.
Greetings and thanks