DX SaaS URLs for Connecting On-Premise Components

book

Article ID: 193919

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

We need a complete list of URL and IPs for connecting on-prem deployed components to DX SaaS. Our network team is requiring that we configure the firewall rules to allow connection to specific DX SaaS IPs. Can this list be provided?

The URLs we had accounted for were wss://cloudgw.dxi-na1.saas.broadcom.com:443 and wss://acc-configserver.dxi-na1.saas.broadcom.com:443. We found that Cloud Proxies in one environment were trying to connect to pmgw.dxi-na1.saas.broadcom.com even though the configuration only has parameters for cloudgw & acc-configserver. When this happened the Cloud Proxy logs had filled with mostly "connection reset by peer" entries and the nproc limits (4096) had been reached for Cloud Proxy and APMIA agents . Do on-prem components get redirected to other URLs after connecting via cloudgw URL?


Environment

Release : 11.1.3

Component : APM Agents

Resolution

These are the only URLs that the Cloud Proxy will use.

cloudgw.dxi-na1.saas.broadcom.com
apmgw.dxi-na1.saas.broadcom.com
acc-configserver.dxi-na1.saas.broadcom.com

In this situation, it was how the firewall resolved the IP that caused the issue, as all the URLs resolve to the same IP.  Please ensure that you have added all three to the firewall rules.