CA Nimsoft Monitor Probe Guide for TCP/IP Proxy Service probe tcp_proxy v1.1 series
Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided "as is," and is subject to being changed, without notice, in future editions. Further, to the maximum extent permitted by applicable law, Nimsoft LLC disclaims all warranties, either express or implied, with regard to this manual and any information contained herein, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Nimsoft LLC shall not be liable for errors or for incidental or consequential damages in connection with the furnishing, use, or performance of this document or of any information contained herein. Should Nimsoft LLC and the user have a separate written agreement with warranty terms covering the material in this document that conflict with these terms, the warranty terms in the separate agreement shall control. Technology Licenses The hardware and/or software described in this document are furnished under a license and may be used or copied only in accordance with the terms of such license. No part of this manual may be reproduced in any form or by any means (including electronic storage and retrieval or translation into a foreign language) without prior agreement and written consent from Nimsoft LLC as governed by United States and international copyright laws. Restricted Rights Legend If software is for use in the performance of a U.S. Government prime contract or subcontract, Software is delivered and licensed as "Commercial computer software" as defined in DFAR 252.227-7014 (June 1995), or as a "commercial item" as defined in FAR 2.101(a) or as "Restricted computer software" as defined in FAR 52.227-19 (June 1987) or any equivalent agency regulation or contract clause. Use, duplication or disclosure of Software is subject to Nimsoft LLC s standard commercial license terms, and non-dod Departments and Agencies of the U.S. Government will receive no greater than Restricted Rights as defined in FAR 52.227-19(c)(1-2) (June 1987). U.S. Government users will receive no greater than Limited Rights as defined in FAR 52.227-14 (June 1987) or DFAR 252.227-7015 (b)(2) (November 1995), as applicable in any technical data. Trademarks Nimsoft is a trademark of CA. Adobe, Acrobat, Acrobat Reader, and Acrobat Exchange are registered trademarks of Adobe Systems Incorporated. Intel and Pentium are U.S. registered trademarks of Intel Corporation. Java(TM) is a U.S. trademark of Sun Microsystems, Inc. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Netscape(TM) is a U.S. trademark of Netscape Communications Corporation. Oracle is a U.S. registered trademark of Oracle Corporation, Redwood City, California. UNIX is a registered trademark of the Open Group. ITIL is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. For information on licensed and public domain software, see the Nimsoft Monitor Third-Party Licenses and Terms of Use document at: http://docs.nimsoft.com/prodhelp/en_us/library/index.htm?toc.htm?1981724.html.
Contact CA Nimsoft Contact CA Support For your convenience, CA Technologies provides one site where you can access the information that you need for your Home Office, Small Business, and Enterprise CA Technologies products. At http://ca.com/support, you can access the following resources: Online and telephone contact information for technical assistance and customer services Information about user communities and forums Product and documentation downloads CA Support policies and guidelines Other helpful resources appropriate for your product Providing Feedback About Product Documentation Send comments or questions about CA Technologies Nimsoft product documentation to nimsoft.techpubs@ca.com. To provide feedback about general CA Technologies product documentation, complete our short customer survey which is available on the CA Support website at http://ca.com/docs.
Contents Chapter 1: Overview 7 About this Guide... 7 Related Documentation... 8 Preconfiguration Requirements... 8 Supported Platforms... 8 Chapter 2: Configuration Details 9 tcp_proxy Node... 9 <Profile Name> Node... 9 Configure a Node... 10 Manage Profiles... 11 Delete Profile... 11 Chapter 3: tcp_proxy Metrics 13 Contents 5
Documentation Changes This table describes the version history for this document. Version Date What's New? 1.1 September 2013 Initial web-based GUI version of this probe. (Previous versions of this probe are configured using Infrastructure Manager). 6 Probe Guide for TCP/IP Proxy Service probe
Chapter 1: Overview The TCP/IP Proxy Service probe allows you to set up proxy connections to a set of defined TCP services, either locally or through an SSL tunnel. For example, this probe can be used to set up a remote desktop connection through a firewall. You can manage access to the listening socket by configuring the definition of access control lists (ACLs) in the profile. This section contains the following topics: About this Guide (see page 7) Related Documentation (see page 8) Preconfiguration Requirements (see page 8) About this Guide This guide is for the CA Nimsoft Monitor Administrator to help understand the configuration of the TCP/IP Proxy Service probe. This guide contains the following information: An overview of the TCP/IP Proxy Service probe. The related documentation for previous probe versions, release notes, and so on. The configuration details of the probe including information for the fields that are required to configure the probe. The common procedures that can be used in the probe configuration. Field information for the fields, required to configure the probe in the first-time deployment of the probe. Important! The field description for intuitive terms in the GUI has not been included in the document. Chapter 1: Overview 7
Related Documentation Related Documentation For related information that may be of interest, see the following material: Related Documentation Documentation for other versions of the tcp_proxy probe The Release Notes for the tcp_proxy probe User documentation for the Admin Console Monitor Metrics Reference Information for CA Nimsoft Probes (http://docs.nimsoft.com/prodhelp/en_us/probes/probereference/index.htm) Preconfiguration Requirements This section contains the preconfiguration requirements for the TCP/IP Proxy Service probe probe. Supported Platforms Refer to the Nimsoft Compatibility Support Matrix for the latest information about supported platforms. See also the Support Matrix for Nimsoft Probes for more specific information about the TCP/IP Proxy Service probe. 8 Probe Guide for TCP/IP Proxy Service probe
Chapter 2: Configuration Details The TCP/IP Proxy Service probe is configured to set up a virtual TCP proxy between the server and the client. The TCP proxy server monitors the communication between the two for enforcing an authenticated and secure communication. This section contains the following topics: tcp_proxy Node (see page 9) Configure a Node (see page 10) Manage Profiles (see page 11) Delete Profile (see page 11) tcp_proxy Node The tcp_proxy node displays the probe-related information and allows you to configure the log level. Navigation: tcp_proxy Set or modify the following values that are based on your requirement: tcp_proxy > Probe Information This section provides information about the probe name, probe version, start time of the probe, and the vendor who created the probe. tcp_proxy > Log Properties This section allows you to configure the log level of the probe. Higher log level stores more information. Recommendation is to select a lower log level during the normal operation and minimize the disk consumption. The default log level is 0-Normal. You can increase the log level while debugging. <Profile Name> Node The profile name node is used to configure the proxy settings on the target system for start serving incoming and outgoing requests. Every profile that you add to the TCP/IP Proxy Service probe is added as a child node of the tcp_proxy node. Hence, this node is referred as the profile name node in this document. Chapter 2: Configuration Details 9
Configure a Node Navigation: tcp_proxy > profile name Set or modify the following values that are based on your requirement: profile name > Profile Properties This section defines the properties to create a proxy on the target system. You can deploy the probe on both server and client and can configure this section for starting a proxy-based communication. Server host: Defines the name of the host server, on which the profile is configured. Server port: Defines the port number of the host server. Listen port: Defines the port number on which the profile listens for incoming messages or requests. Proxy: Defines a proxy name. profile name > ACL Allow This section defines the list of IP addresses or Hostnames, which are allowed to communicate with the system through the proxy. Use the New and the Delete buttons for managing this list. profile name > ACL Deny This section defines the list of IP addresses or Host Names which are restricted from communicating with the system through the proxy. Use the New and the Delete buttons for managing this list. Configure a Node This procedure provides the information to configure a particular section within a node. Each section within the node allows you to configure the properties of the probe for creating a virtual TCP proxy. Follow these steps: 1. Select the appropriate navigation path. 2. Update the field information and click Save. The specified section of the probe is configured. The probe is now ready to communicate over a TCP proxy with the client or the server system. 10 Probe Guide for TCP/IP Proxy Service probe
Manage Profiles Manage Profiles The TCP/IP Proxy Service probe creates a profile on the system to configure a TCP proxy for a secure communication. This profile is configured on both server and the client system for establishing a communication between them. You can configure the proxy properties at time of defining the profile. Follow these steps: 1. Click the Options icon next to the tcp_proxy node in the navigation pane. 2. Click the Create new profile option. The Profile properties dialog appears. 3. Update the field information and click Submit. The profile is saved and you can configure the profile properties for monitoring the incoming and outgoing requests over a TCP proxy. Delete Profile You can delete a profile from the TCP/IP Proxy Service probe, which is no longer required a TCP or IP proxy connection. Navigation: tcp_proxy > profile name Follow these steps: 1. Click the Options icon next to the profile name node in the navigation pane. 2. Click the Delete Profile option. 3. Click Save. The selected profile is removed from the navigation pane. Chapter 2: Configuration Details 11
Chapter 3: tcp_proxy Metrics The TCP/IP Proxy Service probe does not generate any QoS. Therefore there are no probe checkpoint metrics to be configured for this probe. Chapter 3: tcp_proxy Metrics 13