2 Replies Latest reply on Mar 25, 2009 9:52 AM by Heiko Rupp

    Jopr proxy agent?

    Jarkko Lietolahti Novice

      How would one implement a feature which would allow jopr agents use other jopr agents to connect to the jopr server?

      This scenario is very common. Let's say there are three hosts which are separated by firewalls, but where each hosts can communicate with at least one hosts.

      host1: agent1
      host2: agent2
      host3: jopr server

      host2 can communicate directly to host3 (the server).
      However host1 can only communicate to host2, but not to host3. So it would be convenient to proxy communication between host1(agent1) and host3(server) using host2 (agent2).

        • 1. Re: Jopr proxy agent?
          mazz Master

          Jopr has been specifically designed to avoid the need for agents to talk to other agents. This breaks that. Agents only ever talk to servers.

          What you can do is use Jopr's HA mode and affinity groups. You would need a second Jopr server in your environment and you would place affinity on an agent to a specific server:

          host1: agent1, jopr server1
          host2: agent2
          host3: jopr server2

          You would create an "affinity group" that would ensure agent1 tries to talk to server1 first. You would create a second affinity group that would ensure agent2 tries to talk to server2 first.


          There is one issue that remains, connectivity from the servers to the backend database. Jopr server1 and Jopr server2 both need connectivity to the backend database. Perhaps there is a database solution to this issue (i.e. you would need to ask this same "proxying" question to the database vendor to see how they solve the problem :)

          • 2. Re: Jopr proxy agent?
            Heiko Rupp Master

            Actually it can make sense if you have topology {agents 1,2,3}---wan--server. In this case you may want to a) consolidate/filter data before crossing the wan and b) limit the number of firewall holes. Here the proxy could come into play {agents 1,2,3}->proxy---wan--server.

            The proxy would need to accept registrations from the 3 agents and "keep connections open" for the agents on the server. In the other direction it would accept connections from the server and rely them to the agents.

            While being at this, one should think about making the communitcation
            between server and proxy perhaps one way server->proxy so that less holes in the firewall are needed.