Skip to main content
Version: 7.9

Proxy Connection

Introduction to RSProxy

Some Resolve Actions Pro customers have an internal network setup that uses a DMZ (De-militarized Zone) to control external access to their network. RSProxy is designed as a standalone component, installed and executed independently from Actions Pro, to broker TCP connections between an RSMQ instance in the internal network and external RSRemote instances through the DMZ. RSRemotes connect to RSProxy, which in turn connects to RSMQ. RSProxy is concerned only with connection brokering and data relay, and is data-agnostic and agnostic to the connecting systems or the higher-level protocols (as long as they are TCP based).

RSProxy Connections

By managing connections between an RSRemote and an RSMQ, RSProxy allows RSRemotes to be installed and run independently at one or more client sites and reach the RSMQ at the customer site. An RSRemote running on the client side can connect to RSProxy through a pre-configured address and port. A new connection from RSRemote to RSProxy will lead to a new connection from RSProxy to RSMQ, and both connections are persistent. When RSRemote terminates its connection to RSPRoxy, then RSProxy also terminates the corresponding connection to RSMQ. The proper connection information is available to view and modify in the configuration files.
RSProxy allows only the IP and port connections listed in its configuration, which provides an enhanced security control to allow only the trusted IPs to connect to RSProxy in a pre-determined way. Changes in the IP list are reflected in RSProxy every 5 seconds (but configurable by customers). Any existing connection that is no longer allowed is terminated immediately.

Multiple RSRemote instances can send and receive its messages to and from a single RSProxy instance. For each TCP connection from RSRemote, there is a dedicated TCP connection between RSProxy and RSMQ to keep data segregated.

Backup RSProxy

An RSProxy instance abstracts a single instance of RSMQ. If a second instance of RSMQ is set up for failover purposes, then another RSProxy instance should be installed to facilitate fast cutover. If only one RSProxy is available, then it is possible to configure RSProxy to connect to a secondary RSMQ, but doing so will lead to dropping all connections. It is the responsibility of the RSRemote to re-establish connection during a failover/switchover.

RSProxy Installation

RSProxy manages connections between RSRemote and RSMQ instances through a DMZ (De-Militarized Zone). It allows RSMQ running in the customer network to be reached by RSRemotes running at the customer's client sites.

Because RSProxy is installed at the client sites within the same network as their RSRemotes, RSProxy is installed independently without requiring other Actions Pro components. Also, the RSProxy installer is fully self-contained, including JVM, so that customer hosts that run RSProxy do not require additional dependencies. The flexibility of installation allows easier configuration of RSProxy.

Installing RSProxy

RSProxy is available only for Unix environments. To install RSProxy, perform the following steps:

  1. As the "resolve" user, unzip and extract the installation package to the installation directory (default: /opt/rsproxy) into the same network as RSRemote:
    tar –xzvf rsproxy-linux64-5.2.0-20150422.tar.gz
  2. Modify the extracted config.xml file for the necessary RSRemote and RSMQ IP addresses and ports.
  3. Edit the run.sh script to configure the desired memory size.
  4. Execute run.sh to deploy RSProxy.

The installation and deployment should take no more than 30 seconds. The RSProxy installer does not auto-clean after the install, so the tar file will need to be removed manually after installation.

Uninstalling RSProxy

To uninstall RSProxy, simply remove the /opt/rsproxy directory.

RSProxy Configuration

RSProxy brokers TCP connections between RSMQ and RSRemote instances through a DMZ (De-Militarized Zone), which provides greater control over network access. To configure RSProxy, edit the RSProxy configuration file located at:

<RSProxy\_INSTALL\_ROOT>/config/config.xml

The RSProxy configuration file controls logging metrics and the RSRemote and RSMQ locations.

The following figure shows a sample RSProxy configuration File with RSRemote Connections Highlighted.

RSProxy Configuration File

The portion of the RSProxy configuration file that sets the RSRemote and RSMQ locations look something like this:

<PROXY>  
<LISTENER LISTENER\_HOST="<RSProxy IP>" LISTENER\_PORT="<RSProxy Port 1>" REMOTE\_HOST="<Primary RSMQ IP>" REMOTE\_PORT="<Primary RSMQ Port"/>  
<LISTENER LISTENER\_HOST="<RSProxy IP>" LISTENER\_PORT="<RSProxy Port 2>" REMOTE\_HOST="<Secondary RSMQ IP>" REMOTE\_PORT="<Secondary RSMQ Port"/>  
...  
</PROXY>

Each "LISTENER" line lists the configuration details for RSProxy, including the assigned RSProxy port and RSMQ IP address and port. Any RSProxy port numbered less than 65000 can be used. The default RSMQ (for RabbitMQ) port is 4004. The IP address for the RSProxy itself should not change.

Allowable IP Addresses

The list of IP addresses that can use RSProxy is defined by the section in the RSProxy configuration file bounded by <WHITE_LIST> tags. If no IP addresses are entered in the section, then all IP addresses are allowed.

Metrics Logging

To enable troubleshooting, RSProxy can be configured to also log connection information and JVM memory usage in the following line in the RSProxy configuration file. The RSProxy log file can be found in the installed RSProxy directory (default /opt/rsproxy).

<GENERAL HOME="/opt" FILE\_CHECK\_INTERVAL="<File Check Interval>" METRICS="true" METRICS\_INTERVAL="<Logging Interval>" />

Where:

  • HOME is the home directory for RSProxy. Default: /opt.
  • FILE_CHECK_INTERVAL is a time interval, in milliseconds, between RSProxy checks of configuration file for changes. Default: 5000 (5 secs).
  • METRICS toggles on or off logging of metrics (number of active inbound and outbound connections and JVM memory usage). Default: true.
  • METRICS_INTERVAL is a time interval, in milliseconds, between RSProxy checks of connection metrics in log file. Default: 600000 (10 mins).

RSProxy regularly checks its configuration file for changes (time between checks determined by the FILE_CHECK_INTERVAL parameter), and configuration file changes are hot deployed. That is, configuration changes can be made and saved while RSProxy is running without needing to shut down and restart RSProxy.

note

Hot deployment is true only for RSProxy, as the other Actions Pro modules must be shut down and restarted if their configurations are changed.

RSRemote Configuration File

The RSRemote configuration file can be found at <Actions Pro home>/rsremote/config/config.xml.

The RSProxy information (or rather, the RSMQ brokered connections) is listed in the <ESB> section of the RSRemote configuration file. The "BROKERADDR" and "BROKERADDR2" parameters list the IP addresses and ports that RSProxy is listening to for the primary and secondary RSMQ, respectively.

The following figure shows a sample RSRemote configuration File, with ESB Parameters Highlighted.

RSProxy Memory Settings

The RSProxy execution script is located at <RSProxy\_INSTALL\_ROOT>/bin/run.sh.

The run.sh script can be edited to change the RSProxy memory settings. The max heap memory for RSProxy is 512 MB by default, but can be configured in the run.sh script using the "-Xmx" option. Similarly, the "-Xms" option defines the minimum memory size (default 64 MB).

RSProxy Troubleshooting

To troubleshoot RSProxy, refer to the RSProxy log file found in the installed /rsproxy directory. The log file can be configured to record connection and JVM metrics.

Improper Configuration

The most common source of error in operating RSProxy is not setting unique listener ports in the RSProxy configuration file. RSRemote connections cannot share the same RSProxy port.
If the configuration file is not found or accessible, then no connections are allowed. Malformed IPs are ignored with a warning log, but the IPs in good form will be allowed to connect.

Terminated Connections

RSProxy will terminate the TCP connection to an RSRemote if it cannot establish a corresponding connection to RSMQ. Either RSMQ or RSRemote can drop an established connection, causing the connection to terminate. When either connection is broken, the remaining connection is closed and data discarded.