Accessing Maximo behind a firewall
Automated management of secure tunnels for accessing Maximo instances on private networks with the help of testgrinder Agents.
Last updated
Automated management of secure tunnels for accessing Maximo instances on private networks with the help of testgrinder Agents.
Last updated
If you need to use testgrinder with a Maximo instance that is not accessible directly via the internet, you have the option of using a testgrinder Agent to manage secure tunnels to Maximo instances on your network. The setup involves installing a testgrinder Agent on a Windows computer from which your Maximo instance is accessible. Once installed, the agent will run as a Windows service and wait for instructions from testgrinder to open secure tunnels for the duration of runs that you will launch.
What can access the tunnels opened by the agent? Only testgrinder and its tgBots will have access to the tunnels.
Will the communication via the tunnels be secure? Yes. All traffic going through the tunnels will be encrypted with often-changed encryption keys.
What systems on the private network will testgrinder have access to? As part of the agent configuration you can specify a list of hostname / port masks that restrict services on the private network that testgrinder can have access to.
Will the tunnel be open all the time? No. testgrinder will instruct the agent to open the tunnels when a run is launched and close the tunnels once the run completes.
Will the tunnel work with any firewall? The minimal requirement for the agent to work is to be able to open outgoing TCP connections to api.testgrinder.com and io.testgrinder.com on port 443 (https).
Will it work if I have to access Maximo via https? Yes. The tunnel will allow both http and https access to your Maximo.
Are any changes needed to Maximo for this to work? No. No changes to Maximo will be required for the tunnels to work.
We have several Maximo instances running on different servers. Will I need a separate agent for each? No. In general you only need one Agent per network. However, you may choose to use several agents with different allowed target hosts, for example, to have more precise access control to different Maximo instances.
Who can setup and use an agent? Only the owner or an administrator for your testgrinder account can setup an agent. Furthermore, only the account owner, an administrator, or a user with such privilege granted by the owner or an administrator, can link a target system with the agent.
In testgrinder, click your name in the top right page corner, choose Account, then click on the Agents tab.
Once on the Agents tab, click the Download button to download the agent installer, then click the Add Agent button.
Give the agent a name and choose communication path the agent should use when opening secure tunnels through testgrinder gateways to your Maximo. The fastest and most scalable path is direct. If used, the agent will open connections with the gateways directly. For the direct path to work, your network needs to allow the agent to open TCP connections to any host on the internet on port 22 (ssh). If your network is restrictive and you need to allow the agent to communicate with only a specific host, then choose the mediated path and pick either port 22 (ssh) or 443 (https). If mediated path is chosen, the agent will open the tunnels via io.testgrinder.com, which will then redirect the tunnels to the appropriate gateways. Regardless of the chosen path, the agent also needs to be able to open TCP connections to api.testgrinder.com on port 443 (https). Through this connection the agent will receive instructions from testgrinder to open tunnels when you kick off a run.
If necessary, make changes to the allowed endpoints on the Endpoints tab. By default the *:* entry is there, which allows the agent to open tunnels to any server/port combination on the private network. If you'd like to restrict the agent only to specific servers/ports, edit this entry and/or add entries for other server/port combinations if needed. You may use an asterisk (*) in place for any hostname or port.
Click the Add button to add the agent.
You should see the agent you just added on the list in an offline state; click its View button.
Note the hidden Key value. Click the eye icon next to it to reveal the key. You will need to enter this key during the agent installation.
Now that you've added the agent in testgrinder and testgrinder assigned the agent a key, switch to a suitable Windows computer on the private network, run the downloaded agent installer and enter the agent key when prompted. The testgrinder agent Windows service will automatically start when the installation completes.
Optionally, you may install the agent using the same agent key on other Windows computers for redundancy. Only one agent will be active at a time, but if it becomes unavailable for some reason; for example if its host machine is shut down, a standby agent instance will automatically take over.
Go back to the agents page in testgrinder. After less than a minute you should see the agent entry appears in a green and online state. It will also show the hostname of the machine on which the agent is installed and report the agent version. If you installed redundant agents, they will also be listed there in a standby state.
Locate and edit the target system in testgrinder.
On the Connection tab, choose Agent as the Access Method. A field for agent selection will appear.
Choose the agent from the list. If the agent is not on the list, you may not have the right to use it - contact the testgrinder account owner or an administrator to assign this right to you.
Save the target system.
Go back to viewing the target system and note the Tunnels table will appear on the Connection tab. This table will show you the tunnels that the agent will maintain for the target system when a run is active for the target system and its current state.
You don't need to do anything special to launch a run for a target system configured to use the agent access method. testgrinder, with the agent's help, will establish the necessary tunnels and shut them down when the run is finished. When you launch a run, its state, at first, will show Tunneling. It indicates that the agent has been requested to create the required tunnels. Once the tunnels are established, the state will change to Ready and then tgBots will start executing the scenarios. During tunneling, you may visit the target system page and observe the Tunnels table on the Connection tab to monitor the progress of establishing the tunnels.
We hope you find agents easy to use for managing secure connections to your Maximo. We are eager to hear from you about testgrinder. Please do not hesitate to contact us with any feedback you may have.