BES Client relay configuration after move to new network

system · November 26, 2010, 4:04pm

(imported topic written by jonaserlundhammarback91)

Hi

In out production environment we have one deployment network and a lot of different VLAN behind firewalls. These networks also belongs to different customers.

New machines are installed on the deployment network and when they are ready they are moved to correct VLAN and IP address is changed. Deployment net

My problem is that from some of the VLAN’s the BES Client can not connect to the default relays, but they need to connect to a NAT address instead or they need to connect to a local relay already running on the local network.

Currentlly I specify in clientsettings.cfg __RelayServer1, __RelayServer2 and __BESClient_RelaySelect_FailoverRelay. This covers about 95 % of the VLAN’s but still a few there the client can “phone home” when they are moved.

I have tried to use the __BESClient_RelaySelect_TertiaryRelayList setting, but I can not get the clients to try all relays in this list.

The clients only try __RelayServer1, __RelayServer2 and __BESClient_RelaySelect_FailoverRelay and finally they try to connect to the BES Server. The BES Server is behind a firewall and clients are not allowed to connect direct to this machine.

What is the format of __BESClient_RelaySelect_TertiaryRelayList and do I need to do anything more to get it functional?

Is there any other way to tell BES Clients to try more relays? Automatic relay detection will not work, ICMP is blocked from most VLAN’s.

Regards

Jonas

BenKus · November 26, 2010, 11:14pm

(imported comment written by BenKus)

Hey Jonas,

Quick question:

Why does relay autoselection not work for you in this scenario? It seems that the agents would be able to connect to any local relay if one existed… Is the problem that the NAT address is different from the relay address? If so, how many NAT addresses are there?

Ben

system · November 29, 2010, 12:00pm

(imported comment written by jonaserlundhammarback91)

Hi Ben

If I had relays on all different networks this would be the best solution.

We have more than 250 VLAN’s protected by firewalls, on some of these networks there are only a hand full of machines, some networks only have one or two machine. On these small networks we have not installed relays.

In total we have ca 60 relays deployed, and 4 master relays on the management network.

The default config point out the master relays. The clients are retargeted with the local relay manually.

Regarding NAT addresses there are different address. My need is to specify 10 to 15 relays to get all possible exceptions from the standard config covered.

The relays do not advertise them self with the NAT address but the real addresses. Name resolution is not an option as most of these networks do not have DNS because they are DMZ’s.

/Jonas