OMS Testing

OMS – OMS Gateway Chaining

domino

I had an interesting question few weeks ago, which I could not answer for sure. I was asked, if it is possible to chain OMS gateways. I would have said yes in the first place, because they are just proxies. But so far I haven’t tested it. So, I decided to build this scenario in my lab.

There are three servers OMS00, OMS01 and OMS02. OMS02 has the OMS agent and the OMS gateway installed and has internet access. OMS01 has also the OMS agent and OMS gateway installed. OMS00 has just the OMS agent installed and tries to communicate via OMS proxy OMS01 and OMS02 to the OMS workspace. This means OMS02 has no proxy configured, OMS01 has the OMS02 server as proxy configured and OMS00 has OMS01 as proxy configured.

In the end it looks like this…

OMS_Gateways

If everything is configured properly, OMS00 should be able to send data to the configured OMS workspace via OMS01/OMS02. We can simply tell by looking at the agent status…

image

But how can we be 100% sure that OMS00 REALLY communicates all the chain up? Well, let’s do a simple trick.

The OMS agent uses HTTP/HTTPS to send data to OMS. If we just block all outgoing traffic on OMS02 for TCP port 80 and 443, then the agent on OMS00 should fail. Therefore I created an outbound firewall rule on OMS02 doing exactly this…

image

…and the agent fails immediately on OMS00…

image

So we have proof that OMS00 is talking to OMS01 and OMS01 is talking to OMS02.

We are able to chain OMS Gateways. I haven’t found a documented limitation, but from a networking understanding it should be possible to chain as many gateways we need.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.