Use the following to configure the Control-M SaaS Agent to use a Proxy server.
The Control-M SaaS Agent uses https during installation to register with AWS S3/SQS and more. Please whitelist below URLs before proceeding.
*.controlm.com
*.amazonaws.com
NOTE: Proper proxy configuration is required for the Control-M SaaS Agent host mainly during installation. After installing, the Agent will get the proxy configuration internally using the agproxy.json file.
Proxy Configuration
Verify that the Proxy server is configured on the Agent host.
Linux:
run the command: env | grep -i proxy
If the Agent host works with proxy, it will return proxy environment variables such as in the below example, which are defined in /etc/profile.d/proxy.d/proxy.sh (or .csh)
example for proxy settings defined in linux with environment variables:
http_proxy=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128
https_proxy=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128
HTTP_PROXY=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128
HTTPS_PROXY=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128
NO_PROXY=localhost
NOTE: Proxies that use authentication (having username and password in the proxy url) are currently not supported. RFE CTM-7736 is open to add this support in a future version.
NOTE: Sometimes a proxy is configured for one user as the root user, yet not configured for the user used to install the Control-M SaaS Agent. This should not happen since for a proxy client machine, the internet in general is blocked for the machine and not per user. Thus tunneling to proxy server, which is enabled by the proxy configuration, should be set for all the machine's users.
NOTE: It is necessary to exclude localhost in the proxy configuration. Example: NO_PROXY=localhost
Windows:
Open Control Panel and Search for the term: proxy
Select Internet Options and in the Connections tab click the LAN Settings button and check the Proxy server section.
NOTE: Proxies URL protocol defined does not need to match the protocol its trying to route. HTTPS_PROXY=http:// is valid as it defines the means how the data is delivered to the proxy server and not protocol that goes out to the target. Consult with internal IT how the URL should be specified.
Control-M SaaS Agent Proxy Configuration files
When the Agent is installed, the machine’s proxy configuration is retrieved and saved to the ctm/data/agproxy.json file.
Example content:
{"httpHost":"your-proxy-server.com","httpPort":"3128","httpsHost":"your-proxy-server.com","httpsPort":"3128"}
When no proxy is configured on the Agent machine, (BMC_NO_PROXY=true ) the file content will be similar to the following:
{"httpHost":null,"httpPort":null,"httpsHost":null,"httpsPort":null}
The proxy configuration saved to agproxy.json, is used for all Agent https connections making sure https is tunneled to the proxy server.
If the proxy configuration changes on the Agent machine after installation, it will be necessary to manually update the agproxy.json file. NO_PROXY variable is not stored as the code implicitly handles that localhost should not be routed through a proxy. If you are using Application Integrator or factory integration jobs that are based on Application Integrator then NO_PROXY is required to defined. See documentation for running AI job types with a Proxy.
Troubleshooting
If there is a need to troubleshoot the connection through Proxy please refer to KA 000412151