6 Replies Latest reply on Apr 10, 2018 10:11 AM by wynnb

    Change URL for software license monitoring

    wynnb Specialist

      Is it possible to modify the default URL used for the "Software license monitoring" tool in the IEM 2017.3.2 console? I need ours to use the FQDN rather than just the server name.

        • 1. Re: Change URL for software license monitoring
          wynnb Specialist

          This question also applies to the Security Workspace and Workspaces URLs

          • 2. Re: Change URL for software license monitoring
            wynnb Specialist

            Hmmm... crickets.

             

            Isn't anyone out there using standard recommended security settings with their IEM system? An Ivanti Tech Support agent told me most people just use HTTP, but there's got to be someone else that requires a secure configuration. There doesn't seem to be a global setting to configure the system to use only SSL and FQDN for all the Web links, but there must be a way, right?

            • 3. Re: Change URL for software license monitoring
              phoffmann SupportEmployee

              Interesting - not so much "crickets" as "didn't see this thread" for some reason. I try to keep on top of things. But ... at least I see it now (might've been just pushed down via churn ) .

               

              So ... "modifying the URL" (properly) would be a bad idea ... but by that I mean changing it from the usual location to something like http://MyServer/SomeOtherLocation/MyNewSLM.

               

              ... the Core expects things to exist in certain places, after all . But that's not what you're doing.

               

              If you're JUST after using the FQDN rather than the short name, that should be pretty simple.

               

              <For the below examples, my 2017 Core's FQDN is "Atreyu.Fantasia.Org".>

               

              Couple of things:

              • On the Core's (and consoles) own login-screen (where you select the Core name), use the FQDN of the Core. There's a bunch of places in the console that use "what you connect to the Core as" ... so if you use the NETBIOS name there, then those things will use a NETBIOS name as well. Using the FQDN consistently is good.

                So that "core name" is not just for looks! That part is quite important!
              • The second thing to get right is to make sure you use the FQDN in the agent setting "Client Connectivity". That's the "one stop shop" for clients to know how they address th Core server. If you update your existing agent setting, clients will pull the updated info the next time they run vulscan (it checks for updates to agent settings every time it starts).

               

              Let's  begin with that .

              • 4. Re: Change URL for software license monitoring
                wynnb Specialist

                Thanks!

                 

                Yes, we are doing those things, but there are many items that still use http and/or the short name. Executive reports, Barcode form groups, etc. What I need to accomplish is to have any URL that this system generates, be formatted to begin with: “https://serverFQDN/...”.

                • 5. Re: Change URL for software license monitoring
                  wynnb Specialist

                  Well, I don't have all the details, but we seem to have found an answer. We had to update the URL Rewrite in IIS to v.2 (download from Microsoft), then create an inbound rule on the Default Web Site, using a regex to identify and redirect to HTTPS with the FQDN. This causes the redirect to apply to everything under that Default site. Ivanti said they would submit the ability to manage this as an enhancement request.

                  • 6. Re: Change URL for software license monitoring
                    wynnb Specialist

                    ...however. It appears that the IEM tool is simply not built to run with all communications secure. We found that setting the URL rewrite at the Default site level causes some functions to break, and we've had to disable that rule on specific sites, such as ApmService and InventoryConnector.