What are the steps to configure a Proxy server on a BMC Helix Control-M Agent host? If a Proxy sever is used to communicate to the internet, the Agent host acts as a Proxy client, and all http(s) requests are tunneled first to a Proxy server and then to the requested http(s) target. On a host that is a Proxy client, internet access is blocked except through the Proxy server. Tunneling https to the Proxy server is done by adding Proxy configuration to the Proxy client host. |
Use the following to configure the Control-M SaaS Agent to use a Proxy server. The Control-M SaaS Agent uses https during installation to register with AWS S3/SQS and more. Please whitelist below URLs before proceeding. *.controlm.com *.amazonaws.com NOTE: Proper proxy configuration is required for the Control-M SaaS Agent host mainly during installation. After installing, the Agent will get the proxy configuration internally using the agproxy.json file. Proxy Configuration Verify that the Proxy server is configured on the Agent host. Linux:
run the command: env | grep -i proxy If the Agent host works with proxy, it will return proxy environment variables such as in the below example, which are defined in /etc/profile.d/proxy.d/proxy.sh (or .csh) example for proxy settings defined in linux with environment variables: http_proxy=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128 https_proxy=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128 HTTP_PROXY=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128 HTTPS_PROXY=http://bmc-devops-proxy-server-r53.ci.ctmsaas.com:3128 NOTE: Proxies that use authentication (having username and password in the proxy url) are currently not supported. RFE CTM-7736 is open to add this support in a future version.
NOTE: Sometimes a proxy is configured for one user as the root user, yet not configured for the user used to install the Control-M SaaS Agent. This should not happen since for a proxy client machine, the internet in general is blocked for the machine and not per user. Thus tunneling to proxy server, which is enabled by the proxy configuration, should be set for all the machine's users.
NOTE: It is necessary to exclude localhost in the proxy configuration. Example: NO_PROXY=localhost Windows: Open Control Panel and Search for the term: proxy Select Internet Options and in the Connections tab click the LAN Settings button and check the Proxy server section. NOTE: Proxies URL protocol defined does not need to match the protocol its trying to route. HTTPS_PROXY=http:// is valid as it defines the means how the data is delivered to the proxy server and not protocol that goes out to the target. Consult with internal IT how the URL should be specified. Control-M SaaS Agent Proxy Configuration files When the Agent is installed, the machine’s proxy configuration is retrieved and saved to the ctm/data/agproxy.json file. Example content: {"httpHost":"your-proxy-server.com","httpPort":"3128","httpsHost":"your-proxy-server.com","httpsPort":"3128"} When no proxy is configured on the Agent machine, the file content will be similar to the following: {"httpHost":null,"httpPort":null,"httpsHost":null,"httpsPort":null} The proxy configuration saved to agproxy.json, is used for all Agent https connections making sure https is tunneled to the proxy server. If the proxy configuration changes on the Agent machine after installation, it will be necessar to manually update the agproxy.json file. Troubleshooting If there is a need to troubleshoot the connection through Proxy please refer to KA 000412151 |