Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member

The ANGEL connection is a TCP connection used for the Agentry platform.  The network connection setup, especially when users will be establishing a connection from outside the network firewall, can prove problematic for users.  Please note, these instructions apply to standalone Agentry 4.4.2 through 6.0 and SMP 2.3.  Agentry versions prior to 4.4.2 do not use the ANGEL protocol, and as of SMP 3.0 Agentry uses HTTPs with Websockets for Client to server connections.  A load balancer can be used at any point between the Agentry Clients and Agentry Server to direct the different connections to the Agentry Server should one be needed.

In the images below I have listed a Load Balancer in cause there are multiple Agentry Servers.  As the Agentry Server doesn’t load balance client connects between themselves, a third party load balancer would need to be used. The load balance can be a hardware or software version, but this is optional and isn’t required if only one Agentry Server is being used.   If not load balance is being used the Agentry Client can just connect directly to the Agentry Server or to a Reverse Proxy.  If a load balancer is used it needs to be configured as TCP Pass-through to allow connections to reach the Agentry Server.

More information for ANGEL connection can be found here: https://service.sap.com/sap/support/notes/1816645

Some common questions are:

Should the Agentry Server be in the DMZ?

Can a proxy or load balancer be used for client connections?

Do users have to have a VPN?

What Firewall ports are need to be opened?

Most network landscapes for Agentry connections fall into one of the following 4:

1)  Agentry Server within an Internal Network and a Reverse Proxy is used within a DMZ

Pros:

  • - Only one port is need to be opened from the DMZ through the Internal firewall to let client connections come in from the DMZ
  • - The Reverse Proxy can change the Incoming client port and send it out on the port the Agentry Server is listening on.

Cons:

  • - The port that needs to be opened in the firewall is a TCP connection

2) Agentry Server within the DMZ

Pros:

  • - A TCP Connection doesn’t have to be opened for clients to connect to the Agentry Server within the internal network

Cons:

  • - If the Agentry Server needs to open all the ports needed for each backend system (different backends have different connections)
  • - If there are any users are connecting from the internal network the ANGEL port will also need to be opened

3) Devices us a VPN Connection to the Internal Network

Pros:

  • - No ports are needed to be opened Externally

Cons:

  • - VPN software may have added costs
  • - The device has to connect by VPN before they are able to connect to the Agentry Server

4) No External User Access permitted

Pros:

  • - No ports are needed to be opened Externally

Cons:

  • - Users have to be in an internal network covered area to be able to transmit to server

There is no “one solution” that is considered recommended or ideal.  Every company has different network setups and business needs, they should choose the network environment that is right them.

For more information on what ports the Agentry Server uses to connect to backend servers see:

Agentry SAP Applications: https://service.sap.com/sap/support/notes/1998514

Agentry Maximo Applications: coming soon

Other Agentry connections: coming soon

7 Comments
Labels in this area