Configuring the communications protocol for server agents

Edit online

Either the HTTP or HTTPS protocol is used to communicate between the Cloud APM server and the server agents. The Cloud APM server allows connections from server agents that authenticate themselves with a valid certificate. If you change the communication protocol that is used by the server to communicate with monitoring agents, you must change the protocol used by the server agents.

About this task

Server agents are components of the Cloud APM server. The server agents provide the following functions:
  • The Transactions Event agent provides services for transaction tracking.
  • The Synthetic Events agent provides services for synthetic transactions.
  • The Bluemix® Integration agent integrates the Cloud APM server with your IBM® Cloud environment.

The server agents are installed and started automatically when you install the Cloud APM, Advanced offering. If you have the Cloud APM, Base offering, no server agents are used and you do not need to configure communications protocols for server agents.

Default certificates are generated during the Cloud APM server installation. The server agents might use the default certificates or they might use self-signed or custom certificates to connect to the Cloud APM server.

Complete the following steps to configure the communication protocol between the server agents and the Cloud APM server:

Procedure

  • If you want to change from HTTPS communication to HTTP communication between the Cloud APM server and server agents, complete the following steps:
    1. On the Cloud APM server, open a command window and change to the install_dir/serveragents/bin directory.
      For example: 
      cd /opt/ibm/apm/serveragents/bin
    2. Run the following commands to stop the server agents. 
      apm stop biagent
apm stop soagent
apm stop txagent
    3. Run the following command to configure HTTP communication between the Cloud APM server and the server agents: 
      ./agent2server.sh -p HTTP
    4. Restart the server agents by running the following commands: 
      apm start biagent
apm start soagent
apm start txagent
  • If you want to use HTTPS communication and default certificates between the Cloud APM server and server agents, complete the following steps:
    1. On the Cloud APM server, open a command window and change to the install_dir/serveragents/bin directory.
      For example: 
      cd /opt/ibm/apm/serveragents/bin
    2. Run the following commands to stop the server agents. 
      apm stop biagent
apm stop soagent
apm stop txagent
    3. Run the following command to configure HTTPS communication between the Cloud APM server and the server agents: 
      ./agent2server.sh -p HTTPS
    4. Restart the server agents by running the following commands: 
      apm start biagent
apm start soagent
apm start txagent
  • If you want to use HTTPS and either self-signed certificates or certificates that are signed by a third-party certificate authority for communication between the Cloud APM server and server agents, complete the following steps:
    1. On the Cloud APM server, open a command window and stop the server agents by entering the following commands: 
      apm stop biagent
apm stop soagent
apm stop txagent
    2. Copy the contents of the install_dir/ccm/keyfiles/serverhostname.agent/keyfiles directory to the install_dir/serveragents/keyfiles directory, where install_dir is the installation directory of the Cloud APM server and serverhostname is the Cloud APM server hostname.
      Note: If you are using the default certificates that are created by the Cloud APM server installation, specify default.agent in place of serverhostname.agent.
    3. Modify the install_dir/serveragents/config/global.environment file to specify which certificate is used by the server agents. Add or edit the following variable: 
       KDEBE_KEY_LABEL="APM_Agent_Certificate"
      Important: If you used a label other than APM_Agent_Certificate when you created the certificates, you must specify that label instead of APM_Agent_Certificate.
    4. If your third-party CA provides only an RSA signature, change the KDEBE_FIPS_MODE_ENABLED=SuiteB-128 variable to KDEBE_FIPS_MODE_ENABLED=NO in the install_dir/serveragents/config/global.environment file.
    5. Change to the install_dir/serveragents/bin directory.
      For example:
      cd /opt/ibm/apm/serveragents/bin
    6. Run the following command to configure HTTPS communication between the Cloud APM server and the server agents: 
      ./agent2server.sh -p HTTPS
    7. Restart the server agents by running the following commands: 
      apm start biagent
apm start soagent
apm start txagent

Results

The communication protocol that is used to connect the server agents to the Cloud APM server is changed.