サポートと今すぐチャット
サポートとのチャット

Foglight Agent Manager 7.3.0 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Configuring the Agent Manager to use SSL certificates

You can configure the Agent Manager to communicate with the Management Server using an HTTPS connection.

You can set this option either while installing the Agent Manager, or after installation. See Installing the Agent Manager , or Configuring the Agent Manager , for more information about configuring the Agent Manager to connect to the Management Server using HTTPS.

By default, Foglight® ships with a self-signed SSL certificate. If you configure the Management Server to use an SSL certificate signed by a third-party Certificate Authority (CA), whose root certificate is already included in the JRE used by the Agent Manager, you do not need to add a new CA to the Agent Manager keystore. Instead, ensure that the Agent Manager connects to the Management Server using HTTPS.

You must add a new CA to the JRE used by the Agent Manager if:

The Agent Manager includes command-line options for managing certificates in the Agent Manager keystore.

You add a new CA by importing a new root certificate for the CA into the certificate store used by the Agent Manager, as described below.

1
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/jre/<jre_version>/jre/bin directory.
keytool --keystore ..\path\cacerts -storepass changeit -list | findstr
<3rd_party_signer>
keytool --keystore ..\lib\security\cacerts -storepass changeit -list | findstr
godaddy
fglam --add-certificate <alias=/path/to/certificate>
If you are using the command-line version of the configuration interface, set the start of the url parameter to https (for example, url=https://server1.example.com:8443).

Configuring an Agent Manager instance as a Concentrator

A concentrator is an Agent Manager instance that functions similarly to an HTTP proxy. Configure it to accept connections from other Agent Manager instances (called downstream instances) and forward these connections to an upstream target, either the Management Server or another Agent Manager concentrator.

You can configure one or more Agent Manager instances to act as a concentrator in situations where:

Your firewall configuration does not allow the Agent Manager instances on your monitored hosts to connect directly to the Management Server (running on ManagementServerHost). However, there is an intermediate host in your environment (IntermediateHost) that can accept connections from your monitored hosts and also communicate with the Management Server.

To allow connections from your monitored hosts to be forwarded to the Management Server, you install an Agent Manager instance on IntermediateHost and configure it as a concentrator:

1
While installing the instance on IntermediateHost (using the GUI installer), you specify the host name and port (ManagementServerHost and 8080) of the Management Server to which you want this concentrator to connect in the Configure Server URLs step.
2
When the installation is complete, you ensure that the instance is shut down and configure it as a concentrator by editing its fglam.config.xml file so that it listens for connections from downstream instances on a specified port (8081).
3
You restart the Agent Manager instance on IntermediateHost. This instance is now configured as a concentrator: it listens for connections from downstream instances on port 8081 and forwards data to the Management Server on port 8080.

Now that the concentrator is set up on IntermediateHost, you configure the Agent Manager instances on the monitored hosts to connect to the concentrator:

2
In the configuration interface, you specify the concentrator’s host name and the port on which it is listening (IntermediateHost and 8081) when setting the URL to which the instances connect.

The Agent Manager instances on the monitored hosts can now connect to the Management Server through the concentrator. You can also perform agent management tasks from the Management Server, such as deploying agent packages to the monitored hosts and creating new agent instances on them. There is no indication that the downstream instances are not connected directly to the Management Server.

Configuring the concentrator

This section describes how to configure the concentrator to connect to the upstream target (either the Management Server or another Agent Manager concentrator) and to listen for connections from downstream Agent Manager instances.

A concentrator’s upstream connection is independent of the downstream connections. For example, several Agent Manager instances on a local subnet can communicate to a concentrator using HTTP while the concentrator forwards requests over an non-secure network to the Management Server using HTTPS (or the other way around).

You can configure the concentrator to connect to the upstream target in different ways:

Using HTTP: Set the upstream target of the concentrator in the same way you typically set the Management Server URL:
Using HTTPS: To configure a concentrator connection to the Management Server using a secure connection, follow the instructions in Configuring the Agent Manager to use SSL certificates .

Between connections, the Agent Manager collects all upstream and downstream messages in queues. Queuing messages prevents them from getting lost in the event of a disconnection.

When running the Agent Manager as a concentrator, you must increase the default disk cache sizes.

1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Locate the <queue-sizes> XML element.
3
Edit the <upstream/> and <downstream/> blocks that appear after the <documentation> block:
Change the argument for the max-disk-space attribute in both the <upstream/> and <downstream/> blocks to a value larger than the default setting (1024 KB). For example, to change the default disk cache size to 1 GB, set the max-disk-space attribute in both the <upstream/> and <downstream/> blocks as follows:
The max-disk-space argument sets the amount of disk space (in KB) that can be used to store messages.
4
Save your changes to the fglam.config.xml file.
1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Locate the <http-downstreams> XML element.
3
After the <documentation> block, add an <http-downstream/> child element:
<config:http-downstream port="port_number" [address="network_address"]/>
a
Replace port_number with an available port number. This is the port on which the concentrator listens for connections from downstream Agent Manager instances.
b
Optional. If required, you can also bind the concentrator to single network address. To do so, include the attribute address="network_address" in the http-downstream child element (shown as an optional attribute in Step 3), replacing network_address with the network address where you want the concentrator to receive connections from the downstream instances.
The optional address attribute is useful when a machine has two or more network addresses, and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another.
4
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <http-downstream/> elements and setting the port number (and, optionally, the network address), as described above.

Configuring downstream Instances

This section describes how to configure the downstream Agent Manager instances to connect to the concentrator.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択