IBM Endpoint Manager, Version 9.1

Setting up a proxy connection on the server

On IBM Endpoint Manager version 9.1 server, depending on which platform your sever is installed, you have the following behavior:

On Windows systems:

The BES components that access the internet run, by default, as SYSTEM account on the Windows server.

The proxy configuration is stored in the Windows registry.

Run the following command to create or modify the proxy configuration in the registry:

C:\Program Files\BigFix Enterprise\BES Server\BESAdmin.exe /setproxy /proxy:<proxy_host>[:<proxy_port>] 
[/user:<proxy_username> /pass:<proxy_password>] [/exceptionlist:<proxy_exceptionlist>]

On Linux systems:

The BES components that access the internet run, by default, as root on the Linux server.

The proxy configuration is defined in the [SOFTWARE\BigFix\Enterprise Server\Proxy] section of the besserver.config file using the keys:

Proxy = <proxy_host>[:<proxy_port>]
ProxyUser = <proxy_username>
ProxyPass = <proxy_password>
ProxyExceptionList = <proxy_exceptionlist>

If you want to set a proxy configuration you must edit the besserver.config file manually.

These are the values to specify when configuring the communication through a proxy:

proxy_host[:proxy_port]

It specifies the hostname or IP address and, optionally, the port number of the proxy machine. Specify either the <hostname> or the <IP_address> as <proxy_host>.

proxy_username

It is the username that is used to authenticate with the proxy if the proxy requires authentication.

If you installed your IBM Endpoint Manager server on a Windows system and your proxy requires Kerberos Authentication, use the format user@mydomain.com.

If you installed your IBM Endpoint Manager server on a Windows system and your proxy requires NTLM Authentication, specify the NTLM user.

If your proxy requires the domain/realm, the user might need to be specified as user@mydomain.com or as mydomain/user.

Note: On Windows the user that you specify must log in to the server and configure its Internet Options to use the proxy.

If you installed your IBM Endpoint Manager server on a Linux system and your proxy requires NTLM Authentication, specify the NTLM user.

On IBM Endpoint Manager on Linux the NTLM authentication does not work if FIPS is enabled.

proxy_password

It is the password that is used to authenticate with the proxy if the proxy requires authentication. The value that is assigned to the password is encrypted in the registry on Windows systems or obfuscated in the configuration file on Linux systems.

proxy_exceptionlist

This is an optional setting that you can use to specify computers, domains and subnetworks that must be reached without passing through the proxy. Specify its value using this format:

"hostname1, hostname2, IP_Addr_A, IP_Addr_B, domain_Z, domain_Y, ..."

Each name in this list is matched as either a domain, which contains the hostname, or the hostname itself. For example, mydomain.com would match mydomain.com, mydomain.com:80, and www.mydomain.com, but not www.notmydomain.com.

These are sample values that you can assign to <proxy_exceptionlist>:

example.com
example.com,8.168.117.0
"example.com, 8.168.117.0"

To prevent diverting internal communications towards the proxy agent, add localhost, 127.0.0.1 when specifying <proxy_exceptionlist>.

The proxy exception list was introduced in version 9.0.835.0 (Patch 5) for Windows and Linux systems. If you are using IBM Endpoint Manager version 9.0 and you have problems using content that downloads files from the local server, upgrade to IBM Endpoint Manager version 9.0.835.0.

On IBM Endpoint Manager version 8.1, 8.2, and 9.0 for builds earlier than 9.0.835.0, the proxy settings are picked up from the Internet Explorer proxy settings.

Important: Ensure that you restart the BESRootServer component on the server after you create or modify the settings to communicate through a proxy.

Examples:

This example uses a concatenated key notation to specify the proxy settings:

[Software\BigFix\Enterprise Server\Proxy]
  Proxy = [proxyuser:password@]{hostname|IP_address}[:port]

This example defines the communication through a non-authenticating proxy:
```
[Software\BigFix\Enterprise Server\Proxy]
  Proxy = hostname:port
```
This example shows how to exclude from the communication through the proxy:
- The IBM Endpoint Manager client that is installed on the system where you are defining the proxy connection.
- The host with IP address 8.168.117.0.
- The hosts that belong to the domain example.com.
```
[Software\BigFix\Enterprise Server\Proxy]
  Proxy = username:password@hostname
  ProxyExceptionList = "localhost, 127.0.0.1, 8.168.117.0, example.com"
```

For more information about proxy configuration, see Proxy Server Settings.

Feedback