This Article documents necessary proxy configuration exceptions when using local services like an HSM.

Symptoms:
Attempts to configure a cluster's imagine in vSphere Lifecycle Manager "vLCM" / "manage by image" fail when trying to communicate with a Hardware Support Manager [HSM].

VMware vCenter Server 7.0.x

Configuring a proxy without creating an exception for a local HSM will prevent vLCM from being able to communicate with the HSM.

Some network environments only permit access to external sites through a local proxy server and vCenter can be configured to use a proxy for its internet traffic. Configuring a proxy for use is done through the appliance administrative interface on port 5480 of the vCenter server [see image 1]

vCenter also communicates with Hardware Support Management (HSM) appliances using REST APIs over HTTPS but since that's typically a local network interaction, the use of an HTTPS proxy is unnecessary and in configurations where use of a proxy requiring a password with special characters (such as such as "#", "!", etc) may even fail due to a technical issue.

To enable communications between vCenter and HSM in those conditions vCenter should *NOT* inadvertently use a proxy in this communication path. The HSM should therefore be configured as an exception to the proxy rules [see image 2]

Note: Proper vCenter proxy configuration requires ensuring that the proxy will not be used when vCenter needs to communicate with an HSM.

Workaround:
Assigning the HSM a local (10.x.x.x) address will also prevent use of a configured proxy.

Instead of configuring an exception for proxy use, assigning the HSM appliance a 10.x.x.x IP address will also automatically avoid the use of any configured proxy, as those IP addresses are recognized as local, internal network addresses.