Share:|

 

Why would you change the beacon post from HTTP to HTTPS?

 

However, before explaining why we want to change the beacon post, let discuss what is a beacon post within the App Visibility End User Monitoring.

 

In App Visibility End User Experience Monitoring a JavaScript is injected into the actual pages loaded by users. That JavaScript then sends beacons to TrueSight App Visibility Manager which contains metrics collected from the end user’s browser about the page it just finished rendering.

 

App Visibility End User Experience Monitoring either needs an Agent to automatically inject the JavaScript (which can only work in servers supported by the AD Agent) or you need to manually add the JavaScript to your pages (which will work for any server).

 

******************************************************************************

 

Going forward we will also be introducing 2 more modes in Automatic Injection which will not require the agent.

As an application specialist you would be able to Automatically set up Active End User Monitoring for the following:

1)F5 Server

2)Apache Web Server

 

******************************************************************************

 

The AD Agent just monitors the request as normal. However, when it sees the response which contains the actual page which is being sent to the browser, it edits that page automatically before passing it on back to the client. In this edit, it inserts a <script> tag into the Head section of the HTML telling the browser where to find the JavaScript and leaves the rest of the page unchanged. Thus, when the page returns to the client browser, that browser begins to execute the JavaScript inside the browser itself. When significant actions happen in the browser, that script sends out notifications called Beacons to the TrueSight App Visibility Proxy component. Note that the hostname and port of the Proxy component were hard coded into the script when the AD Agent edited the page. Thus, all Beacons from that page will go to the same Proxy until the page is reloaded or a new page is loaded. A new Proxy component may be dynamically assigned by the AD Agent in that new edit of the page. The proxy component then sends its information up to the TrueSight App Visibility Portal where it becomes available just as any other TrueSight Application Visibility data.

 

The App Visibility End User Experience Monitoring data that comes in through the Proxy component to the TrueSight App Visible Portal is visible within the Application View is TrueSight Presentation Server.

 

Where the AD Agent Business Transaction data populates the Web, Business, and Database tiers, the App Visibility End User Experience Monitoring data populates the User and Network tiers.

 

Below is a link to the documentation that will explain App Visibility End User Monitoring further:

 

https://docs.bmc.com/docs/applicationmanagement/110/app-visibility-end-user-monitoring-721191241.html

 

 

OK so why would you change the beacon post from HTTP to HTTPS?

 

By default, the behaviour of the Beacons is that it matches the protocol used by the page. For example, if the application web page is HTTPS then the App Visibility End User Monitoring will inject the JavaScript into the web page, and the beacon post will be HTTPS.

 

If the application web page is HTTP then a setting in the App Visibility End User Monitoring will need to be changed in order to inject the JavaScript into the http web page, and the beacon post will be HTTP.  However, there may be certain situation where the user would like to receive the Beacon in https while the application web page is in HTTP.

So, if the user wants the beacon post to be more secure then the protocol would need to be changed to HTTPS.

 

 

Below are the steps to change the beacon post from HTTP to HTTPS:

 

In the JavaScript code, there are variables to App Visibility Proxy http and https ports. You need to look for the code that builds the beacon URL based on the page protocol, search for the URL that is built for HTTP protocol and update the beacons URL to use HTTPS port and protocol. 


In all App Visibility Proxies install directory, update <apm-proxy-install-dir>/webapps/static-resources/aeuem-10.1.0.min.js file. Change 'http' to 'https' in all places that are marked in the screenshot.

 

Changing Beacon Post.png

 

 

 


How to verify that the beacon post is now HTTPS?

 

The best way to verify that beacons are being sent with HTTPS is to use the Developer tool which is available in any browser.

After opening the Developer tool, you should check the Network Tab -- >JavaScript(JS)-->Protocol

 

Here you can see “beacons” item and verify that it is sent with HTTPS

 

Does this step apply to Manual and Automatic JavaScript Injection Or just manual JavaScript Injection?

 

These steps will apply both for Manual as well as Automatic Injection (Any Kind)