1.6.12 Procedure for automatically setting the connection destination via Internet gateway for agents

If your agent connects to management server through an Internet gateway, you can distribute setting information to managed computers to determine which Internet gateway to connect to, and then automatically determine the appropriate destination Internet gateway from IP address of the agent. This section describes how to automatically configure an Internet gateway to which agent connects.

You can use this function in JP1/IT Desktop Management 2 - Agent. Note that you cannot use this function in relay systems, agents for UNIX, and agents for Mac.

Organization of this subsection

(1) Automatically setting and change the host system to be connected via the Internet gateway

To automatically configure or change the Internet gateway you want to connect to, create an Internet gateway file for connection destinations (itdmigw.conf) in advance and distribute it to managed computers. The destination Internet gateway is automatically set at certain timings after distribution.

Create an Internet gateway file for connection destinations

The Internet gateway file for connection destinations is a file used to determine which Internet gateway to connect to. This file defines the range of managed computer's IP addressing pairs with the corresponding destination Internet gateway. For more information about how to create an Internet gateway file for connection destinations, see (2) Creating the Internet gateway file for connection destinations (itdmigw.conf).

Distribute the Internet gateway file for connection destinations to managed computer

When JP1/IT Desktop Management 2 - Agent is installed using the imported installation set, Internet gateway file for connection destinations is stored in the following folder on the managed computer:

JP1/IT Desktop Management 2 Agent-installation-folder\MASTER\DB

If you register the Internet gateway file for connection destinations as a package and then create a job that distributes that package, you can distribute the package to managed computers. When doing so, specify the above folder as the distribution destination.

For computers that are not yet managed, you can store the file manually.

Time when the Internet gateway connection destination is determined

After you store the Internet gateway file for connection destinations on a managed computer, wait until polling (a job inquiry from the agent) is performed or restart the OS on the managed computer. The Internet gateway to which the agent is connected is set according to the contents of the Internet gateway file for connection destinations.

The following three types of polling can be used to determine the connection destination for the agent:

Polling based on system startup

Used if the Perform poll based on the system startup check box is selected in Basic Settings in the agent configuration
Regular polling (every 30 minutes by default)
Polling at a specified time

Used if the Perform polling at the specified time check box is selected in Basic Settings in the agent configuration.

To reset the connection destination you have set, perform either of the following operations, and then wait for polling to be performed or restart the OS:

Change the IP address of the managed computer.
Edit or overwrite the Internet gateway file for connection destinations.

You can re-distribute the Internet gateway file for connection destinations in which the connection destination information is changed to agents, or directly edit and overwrite the Internet gateway file for connection destinations stored in the installation-folder\MASTER\DB of each agent. Then, restart the computer to apply the change to the connection destination.

If you move a managed computer and change its IP address, all you have to do to change the connection destination to an appropriate Internet gateway is to wait for polling to be performed or restart the OS. End users need not be aware of changes to connection destinations.

If connection destinations of agents are automatically set or changed based on the Internet gateway file for connection destinations, log data for each agent is collected in the installation-folder\LOG\USER.LOG file. For details about logs relating to automatic changes to connection destinations, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

Tip: If multiple IP addresses are specified for an agent, the agent connects to an Internet gateway by using the IP address that has the highest priority defined by the operating system. If the connection succeeds, that system is set as the connection destination of the agent.

Relationship between automatic changes to connection destinations and other functions

Automatic changes to connection destinations by using the Internet gateway file for connection destinations might not be possible in conjunction with other JP1/IT Desktop Management 2 functions. Note the following:

If the Internet gateway file for connection destinations exists under JP1/IT-Desktop-Management-2-Agent-installation-folder¥MASTER¥DB¥ when you start managed computers, the agents are not connected to the Internet gateway server specified in the agent configuration. Instead, they are connected to an Internet gateway based on the connection destination information specified in the Internet gateway file for connection destinations.
If the Internet connection option is enabled in managed computer agent settings and an Internet gateway file for connection destinations (itdmigw.conf) in addition to the file for connection destinations (itdmhost.conf) or the information file for higher connection destinations (dmhost.txt) exist in JP1/IT-Desktop-Management-2-Agent-installation-folder¥MASTER¥DB¥ on a managed computer, the system connects to the Internet gateway server specified in Internet gateway file for connection destinations (itdmigw.conf) instead of the parent system (management server or agent settings) based on the destination information specified in file for connection destinations.
It connects to the higher system (management server or relay system) based on file for connection destinations (itdmhost.conf) or information file for higher connection destinations (dmhost.txt) destination, if all of the following conditions are true. If file for connection destinations is not present, it connects to the parent system for management server or distribution, to distribute configured in agent settings.
- Cannot connect to the Internet gateway server specified for the Internet gateway file for connection destinations.
- The setting of Communicate directly with the higher system if the Internet Gateway is unavailable in the Internet gateway file for connection destinations is "1" (communicate).

To disable the Internet gateway connection destination settings in the Internet gateway file for connection destinations, perform one of the operations listed below:

Distribute an empty Internet gateway file for connection destinations to the agents.
Delete the Internet gateway file for connection destinations from installation-folder¥MASTER¥DB¥ on every agent.
Rename the Internet gateway file for connection destinations in installation-folder¥MASTER¥DB¥ on every agent to a name other than itdmigw.conf.

To Page Top

(2) Creating the Internet gateway file for connection destinations (itdmigw.conf)

The Internet gateway file for connection destinations is a text file named itdmigw.conf. The following describes how to create it.

Format of the Internet gateway file for connection destinations

In the Internet gateway file for connection destinations, define the IP address ranges of managed computers and the corresponding connection Internet gateway destinations. You can define one combination per line. Separate items by using commas (,). A line beginning with a semicolon (;) is handled as a comment. Note that the last line cannot end with a line break. In addition, use UTF-8 for the character code of the file.

The following shows the format of the Internet gateway file for connection destinations.

[IGW]
minimum-IP-address,maximum-IP-address,host-name-or-IP-address-of-the-internet-gateway,internet-gateway-port-number,port-number-#1-used-by-agent,port-number-#2-used-by-agent,communicate-directly-with-the-higher-system-if-the-internet-gateway-is-unavailable,authenticate-user,user-ID-of-internet-gateway-server,Password-of-internet-gateway-server,use-proxy-server,host-name-or-IP-address-of-proxy-server,port-number-of-proxy-server,user-ID-of-proxy-server,password-of-proxy-server,ignore-certificate-errors,file-split-size
minimum-IP-address,maximum-IP-address,host-name-or-IP-address-of-the-internet-gateway,internet-gateway-port-number,port-number-#1-used-by-agent,port-number-#2-used-by-agent,communicate-directly-with-the-higher-system-if-the-internet-gateway-is-unavailable,authenticate-user,user-ID-of-internet-gateway-server,Password-of-internet-gateway-server,use-proxy-server,host-name-or-IP-address-of-proxy-server,port-number-of-proxy-server,user-ID-of-proxy-server,password-of-proxy-server,ignore-certificate-errors,file-split-size
    :

The following table lists and describes the items in the Internet gateway file for connection destinations.

Section	Item	Description	Value that can be entered	Required?
IGW	Specify the Internet gateway server to which the agent is connected.			Required
	Minimum IP address	Specify the minimum IP address in the range of the IP addresses of managed computers.	Single-byte numbers in `xxx.xxx.xxx.xxx` format	Required
	Maximum IP address	Specify the maximum IP address in the range of the IP addresses of managed computers.	Single-byte numbers in `xxx.xxx.xxx.xxx` format	Required
	Host name or IP address of the Internet gateway	Specify host name or IP address of the Internet gateway.	For a host name, a maximum of 255 single-byte alphanumeric characters For an IP address, single-byte numbers in `xxx.xxx.xxx.xxx` format	Required
	Internet gateway port number	Specify port number of the Internet gateway.	Single-byte numeric value in the range 1 to 65535	Required
	Port number #1 used by agent^#	Specify the first of the two port numbers to be used in agent.	Single-byte numeric value in the range 1 to 65535	Required
	Port number #2 used by agent^#	Specify the second of the two port numbers to be used in agent.	Single-byte numeric value in the range 1 to 65535	Required
	Communicate directly with the higher system if the Internet Gateway is unavailable	Specify whether to communicate directly with the higher system if the Internet gateway is unavailable.	Specify one of the following as a single-byte numeric value: 1: Communicate 0: Do not communicate	Required
	Authenticate user	Specify whether to authenticate users when they connect to the Internet gateway.	Specify one of the following as a single-byte numeric value: 1: Authenticate 0: Do not authenticate	Required
	User ID of the Internet gateway server	Specify user ID for authenticating the Internet gateway.	Up to 276 ASCII characters other than ASCII control	Required when "Authenticate user" is set to 1. If 0, the value is ignored.
	Password of the Internet gateway server	Specify password for authenticating the Internet gateway.	Up to 48 ASCII characters other than ASCII control	Required when "Authenticate user" is set to 1. If 0, the value is ignored.
	Use proxy server	Specify whether to use a proxy server.	Specify one of the following as a single-byte numeric value: 1: Use proxy server 0: Do not use proxy server	Required
	Host name or IP address of the proxy server	Specify host name or IP address of the proxy server when using a proxy server to communicate with the Internet gateway.	For a host name, a maximum of 249 single-byte alphanumeric characters For an IP address, single-byte numbers in `xxx.xxx.xxx.xxx` format	Required when "Use proxy server" is set to 1. If 0, the value is ignored.
	Port number of the proxy server	Specify port number of the proxy server.	Single-byte numeric value in the range 5001 to 49151	Required when "Use proxy server" is set to 1. If 0, the value is ignored.
	User ID of the proxy server	Specify the user ID to authenticate users when connecting to the proxy server.	Up to 276 ASCII characters other than ASCII control	Optional If "Use proxy server" is set to 0, the value is ignored.
	Password of the proxy server	Specify the password to authenticate users when connecting to the proxy server.	Up to 48 ASCII characters other than ASCII control	Optional If "Use proxy server" is set to 0, the value is ignored.
	Ignore certificate errors	Specify whether the connection to the Internet gateway is an error when the server certificate expires.	Specify one of the following as a single-byte numeric value: 1: Handle as an error 0: Do not handle as an error	Required
	File split size	Specify the split size of the upload file in KB.	Single-byte numeric value in the range 10 to 102400	Required

#: If you have changed the port number used by agent, restart agent device.

Important: After creating the Internet gateway file for connection destinations, it is strongly recommended that you use checkitdmigw commands to check whether the file format is met, obfuscate the file, and then capture it to installation set or distribute it to the respective agent. For more information about checkitdmigw commands, see 8.14 checkitdmigw (checking the format of the Internet gateway file for connection destinations).

The following shows the notes for the Internet gateway file for connection destinations.

If an IP address of a managed computer is outside the defined range, its connection destination is not changed.
If the same range of IP addresses of managed computers is defined more than once, the line that is defined first takes effect.
If the same section is defined more than once, the section that is defined first takes effect.
If there are no sections, the defined lines are ignored.
The definition on a specified line is invalidated in the following cases:
- A required item is omitted.
- An invalid IP address is specified.
- The value specified for connection-destination exceeds the maximum number of characters that can be entered.
- A value other than netmdm or netmdmw is specified for connection-type.
- The line contains only a line break.
Any specification of an item other than the items that can be specified for a line is ignored.
Any text following a semicolon is handled as a comment, and is ignored during processing.
Single-byte spaces at the beginning or end of an item are ignored.

Sample Internet gateway file for connection destinations

The following is a sample Internet gateway file for connection destinations.

[IGW]
172.17.12.1, 172.17.12.250, igwserver01, 443, 31024, 31025,0, 1, igwuser01, igwpwd01,  1, proxyserver01, 8080, proxyuser01, proxypwd01, 0, 1024
172.17.13.1, 172.17.13.250, igwserver02, 443, 31024, 31025,1, 1, igwuser02, igwpwd02,  1, proxyserver02, 8080, proxyuser02, proxypwd02, 0, 1024
0.0.0.0, 255.255.255.254, igwserver03, 443 , 31024, 31025 ,0, 1, igwuser03, igwpwd03,  1, proxyserver03, 8080, proxyuser03, proxypwd03, 0, 1024

In this example, if the IP address of the managed computer is 172.17.13.6, the connection-destination Internet gateway server is a host whose name is igwserver02, and uses the user ID igwuser02 and password igwpwd02 when authenticating the Internet gateway. The proxy server proxyserver02 is used when the Internet gateway is connected, and the user ID proxyuser02 and password proxypwd02 are used when the proxy server is authenticated. In addition, if communication with the Internet gateway is not possible, do not communicate with the higher system directly.

In the file for connection destinations, you can define 0.0.0.0 to 255.255.255.254 (all IP addresses) on the last line of each section to indicate a connection destination that is to be used if no appropriate IP address is found. In this example, for computers with IP addresses outside the range from 172.17.12.1 to 172.17.12.250 and from 172.17.13.1 to 172.17.13.250, the connection-destination Internet gateway server is igwserver03.

Note after distribution of the Internet gateway file for connection destinations

When you change the IP address of connected Internet gateway after configured the Internet gateway by distributing the Internet gateway file for connection destinations to managed computers, you must redistribute the Internet gateway file for connection destinations with the new IP address to managed computers.

To Page Top