having a similar environment, which kind socks proxy are you using?
do you have any issue with stale connections from the socks itself?
We are using SS5 socks proxy - http://ss5.sourceforge.net/. So far it seems to work fairly seamlessly, though I can't say we've stressed it much.
Any suggestions on defining add'l rules for add'l locations? Thanks.
we have 2 socks for 2 different networks
so i've created 2 rules
??TARGET.CED_NETLOCATION?? = location1
??TARGET.CED_NETLOCATION?? = location2
CED_NETLOCATION is a custom property created with the routing rules wizard
on each server i set the CED_NETLOCATION property value according to the belonging network
Judith, i'm doing some tests with SS5 to see if it solves some issues we have with dante, but i keep getting a TLS protocol error from BL
can you post the configuration you're using as a reference?
Are you looking for socks config (ss5.conf) or BladeLogic config?
i'm already using another socks with bl and trying to replace it with ss5
still no luck for me
I get occasional TLS errors when I run USP jobs, but there's nothing in the ss5 logs or the appserver logs indicating what the problem is. Many of the servers in the SOCKS environment run fine, with no error, though, so it's more of an anomaly than a major issue.
i was precisely trying an USP job
but the TLS error causes the server to be flagged "agent non responding"
that is a major issue for me
my other proxy (dante) does not have this issue
Hmm. I only see it on some servers, have been ignoring it so far because we have bigger SOCKS problems. When you run a "verify server" against the server it comes up "agent is alive" - seems to be a transient communication issue. Do you get it on all of your agents or just some?
i just tried on only one server
as you say, if i verify the proxy itself in infrastructure management, it's marked as alive, but i consistently get a TLS error when updating server properties
so far, i'm going to keep my old proxy
deploying a full fledged ms isa server for socks seems overkill, so i was trying the small linux route
Question for you - you said your environment seems similar to ours. In ours, the remote locations (behind SOCKS proxy servers) have DNS only locally. Managing from central appserver works, generally, but nsh type commands don't work - custom commands, etc. In trying to get this working we were implementing NSH proxy server, but that doesn't talk to the SOCKS proxy so doesn't help. How do you deal with this?
as we are managing several customers which does not have a common DNS infrastructure, we does not use DNS
all our agents are addressed by ip address directly
we neither have nsh proxy deployed
to use nsh with "remote" agents we login directly to the linux box that is has the socks installed, and run nsh from there
you can even nest nsh calls:
from my pc i run nsh then
and then i have an nsh prompt running from the proxy itself
you have to install the nsh package on proxy btw