You can configure one or more Agent Manager instances to act as a concentrator in situations where:
Your firewall configuration does not allow the Agent Manager instances on your monitored hosts to connect directly to the Management Server (running on ManagementServerHost). However, there is an intermediate host in your environment (IntermediateHost) that can accept connections from your monitored hosts and also communicate with the Management Server.
To allow connections from your monitored hosts to be forwarded to the Management Server, you install an Agent Manager instance on IntermediateHost and configure it as a concentrator:
1 |
While installing the instance on IntermediateHost (using the GUI installer), you specify the host name and port (ManagementServerHost and 8080) of the Management Server to which you want this concentrator to connect in the Configure Server URLs step. |
2 |
When the installation is complete, you ensure that the instance is shut down and configure it as a concentrator by editing its fglam.config.xml file so that it listens for connections from downstream instances on a specified port (8081). |
3 |
You restart the Agent Manager instance on IntermediateHost. This instance is now configured as a concentrator: it listens for connections from downstream instances on port 8081 and forwards data to the Management Server on port 8080. |
Now that the concentrator is set up on IntermediateHost, you configure the Agent Manager instances on the monitored hosts to connect to the concentrator:
2 |
In the configuration interface, you specify the concentrator’s host name and the port on which it is listening (IntermediateHost and 8081) when setting the URL to which the instances connect. |
You can configure the concentrator to connect to the upstream target in different ways:
• |
Using HTTP: Set the upstream target of the concentrator in the same way you typically set the Management Server URL: |
• |
• |
• |
Using HTTPS: To configure a concentrator connection to the Management Server using a secure connection, follow the instructions in Configuring the Agent Manager to use SSL certificates . |
When running the Agent Manager as a concentrator, you must increase the default disk cache sizes.
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
2 |
Locate the <queue-sizes> XML element. |
3 |
• |
Change the argument for the max-disk-space attribute in both the <upstream/> and <downstream/> blocks to a value larger than the default setting (1024 KB). For example, to change the default disk cache size to 1 GB, set the max-disk-space attribute in both the <upstream/> and <downstream/> blocks as follows: |
4 |
Save your changes to the fglam.config.xml file. |
1 |
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing. |
2 |
Locate the <http-downstreams> XML element. |
3 |
a |
Replace port_number with an available port number. This is the port on which the concentrator listens for connections from downstream Agent Manager instances. |
b |
Optional. If required, you can also bind the concentrator to single network address. To do so, include the attribute address="network_address" in the http-downstream child element (shown as an optional attribute in Step 3), replacing network_address with the network address where you want the concentrator to receive connections from the downstream instances. |
4 |
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <http-downstream/> elements and setting the port number (and, optionally, the network address), as described above. |
• |
• |
3 |
1 |
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/jre/<jre_version>/<jre>/bin/ directory. |
2 |
If you do not already have an SSL certificate for the concentrator host, you can create a self-signed certificate by executing the following command on the concentrator machine, where <password> is replaced with your desired password: |
3 |
Respond to the prompts from keytool. Only the “first and last name” are required, all other fields can be left blank. The “first and last name” form the common name (CN) for this key pair and this needs to be provided to the Management Server (for reverse polling) or downstream Agent Managers (as the ssl-cert-common-name). You can type anything you want into this field, but the host name is the most common choice. The default value, if left blank, is Unknown. |
5 |
Open the file <fglam_home>/state/<state name>/config/fglam.config.xml for editing. |
6 |
Between the existing <http-downstreams> and </http-downstreams> tags, add an <https-downstream/> child element: |
• |
• |
• |
<port_number> is the port number on which you want the concentrator to listen for connections from downstream Agent Manager instances. |
• |
<network_address> is the network address, to which the concentrator is bound when receiving connections from the downstream instances. This argument is optional. It is useful when a machine has two or more network addresses and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another. |
IMPORTANT: Other optional attributes are available for the <https-downstreams> element. See the file fglam.config.xml for details. |
7 |
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <https-downstream/> elements and setting the arguments as described above. |
NOTE: It is not recommended to enable the ssl-allow-self-signed configuration when the downstream Agent Manager is running in FIPS-compliant mode. If this configuration is disabled, you have to add the concentrator's certificate to the downstream Agent Manager's keystore in order to connect to the concentrator using HTTPS. To export certificate from concentrator: 1. Locate the element <config:http-downstream> in <fglam_home>/state/default/config/fglam.config.xml file on concentrator Agent Manager, and get the path of the keystore corresponding to the downstream Agent Manager. If it is a relative path, it is relative to the path of "<fglam_home>/state/default/". 2. Launch a command shell and navigate to the <fglam_home>/jre/<jre_version>/jre/bin directory. 3. Issue the following command to export concentrator's certificate: keytool -exportcert -noprompt -rfc -alias fglam-cert -file <exported-cert-filename> -keystore </path/to/keystore> -storepass <key-password> -storetype BCFKS -providerpath "<fglam_home>\client\<build-version>\lib\bc-fips.jar" -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider To import the exported certificate to downstream Agent Manager: 1. Launch a command shell and navigate to the <fglam_home>/bin on the downstream Agent Manager. 2. Issue the following command to import certificate: fglam --add-certificate <alias=/path/to/exported-cert-filename> |
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center