Can CA-SCM users connect on their agents in order to execute the checkin/checkout using Harweb on the Internet ?

Share URL
 
harvest999's picture
harvest999 asked on November 8, 2011 - 11:12am | Replies (3).

The developers works on the customers' systems (out of the office). We have installed Harweb on the server connected on the internet network (with the public ip) which work fine.

We have problem with agent connection.

Any suggestions are appreciated.

Cesare

Tags: 
configuration management

3 Answers

rhthornburrow's picture

Harweb relies on having an Agent installed on the machine you wish to check-out to. The Harweb server needs to open a connection to this server on whatever port number you have configured it to run on. This is likely to be rejected by a firewall somewhere.

What do you want to do here? Do you want to allow the user to check-out code to their machine so that they can work on it remotely, or do you want to allow users to check-out code onto a server within the office?

If it is the former, then you are probably better to use Workbench and setup an SSH server which can then be used to tunnel connections. This is a technique we use regularly and works well. You need to forward quite a number of ports (namely 5101 and the entire range that you have defined for direct connections). With decent authentication on the SSH server, this is reasonably secure.

If you want to do the latter, then you might consider using the Remote Transport Option. This allows you to check-out/in over standard internet protocols (FTP, FTPS and SSH/SFTP). It also has the benefit that all connections come from the CASCM server and not from the client. This is much easier to handle in terms of firewalls. There is no integration with Harweb as it is driven from Workbench, but you can get rid of the Agents.

Cheers R.

harvest999's picture
harvest999 replied on November 22, 2011 - 1:03pm.

Thanks for answer:

The my scenario is very simple:

To allow the user to check-out code to their machine so that they can work on it remotely:
EXAMPLE

The CaScm Server (R12) is locate in a city, for example to Rome.

The developer when to go to the customers, locate for example in Milane or Turin want
to exctract the one or more item in order to modifier/archive them.

Obviously, the developer cant use the Workbench because there are 2 different networks.

Then ......

The develper can use the harweb, example: Rome:1977/harweb

Harweb does work fine.

The problem is the start of the agent on the developer pc, in order to execute checkout/checkin.

The message displayed on agent start, is:

connect: Impossibile stabilire la connessione. Risposta non corretta della parte connessa dopo l'intervallo di tempo oppure mancata risposta all'host collegato (In Italian Language).

The content of the agent log is

HAgent | 20111122 13:45:14 | ERROR: Connection to Rome may already be established or rtserver may not be running
HAgent | 20111122 13:45:14 | ERROR: Initialization fails
HAgent | 20111122 13:45:14 | ---- stopped ----

where Rome is the broker.

Cesare.

rhthornburrow's picture

The agent is trying to register itself with the rtserver and cannot contact it across the internet - most likely being blocked by a firewall.

Workbench can run across more than one network and you can either sort the routing yourself so that it can find the broker directly or if you are feeling brave, you can run a local rtserver that knows how to find the other rtserver. However this is unlikely to be the arrangement you will want across the internet.

What works satisfactorily for us is to run an SSH server which is visible to the outside world (preferably running on a non-default port and using key based authentication) and then create an SSH-tunnel which forwards ports to the real CA SCM server. An entry in the hosts file of the local machine is enough to fool Workbench into thinking it is directly connected to the remote CA SCM server and you can do everything as you would do if you were on the office network.

What version of CA SCM are you using? If you are not yet on 12.1, then you might want to take a look as it uses a different protocol for the agents and might mean you can do things more the way you are currently thinking. I still prefer the SSH server though.

Cheers R.

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.