Configuring Inventory Beacons for Connection to the Application Server
| • | Operator authentication |
| • | Operator redirection on successful authentication |
| • | Normal operation for beacon policy and third-party inventory |
| • | Normal operation for FlexNet inventory |
| • | Certificate checking for https:// communication. |
This page addresses only these outbound URLs from the inventory beacon to the application server. There are many other kinds of connections possible for inventory beacons. For more details about all URLs and ports used in the system, see Ports and URLs for Inventory Beacons.
If you wish to set up security firewall rules for your inventory beacons, configure the appropriate five of the following URLs.
Tip:There are several cloud instances, including:
| • | Multiple North American production instances (accessed through a common set of URLs as shown below) |
| • | A North American User Acceptance Testing (UAT) instance |
| • | A European production instance |
| • | A European Acceptance Testing (UAT) instance |
| • | An APAC production instance |
| • | An APAC Acceptance Testing (UAT) instance |
Each inventory beacon accesses exactly one of the cloud instances. The addresses (including ports) are all symmetrical, and vary only by the domain. Either a North American, European, or APAC production instance was assigned to you as part of your order acknowledgment.
For Configuration
When you first install the inventory beacon (see Downloading and Installing the FlexNet Beacon Software) and register it (see Creating and Registering an IT Asset Management Inventory Beacon), you need to log in to the central application server in the cloud.
|
Instance |
Operator Authentication |
Post-Authentication Redirection |
|
US Production |
https://app.flexera.com/login |
https://app.flexera.com |
|
US UAT |
https://app.flexera.com/login |
https://app.flexera.com |
|
European Production |
https://app.flexera.eu/login |
https://app.flexera.eu |
|
European UAT |
https://app.flexera.eu/login |
https://app.flexera.eu |
|
APAC Production |
https://app.flexera.au/login |
https://app.flexera.au |
|
APAC UAT |
https://app.flexera.au/login |
https://app.flexera.au |
Note:For performance and reliability monitoring, browser access to the North American, European, or APAC web application servers also triggers access to the following URLs:
https://js-agent.newrelic.com
https://bam.nr-data.net
Accessing these URLs may also trigger certificate revocation checks. See the table below for a list of security certificate check URLs.
For Operations
In operation, the inventory beacon communicates to the following URLs:
Note:Security certificate check URLs are issued by Amazon, DigiCert or Let's Encrypt and can be changed at any time. URLs issued by Amazon (not applicable to URLs issued by DigiCert or Let's Encrypt) can be verified from a browser, using the certificate viewer available on https://app.flexera.com/login.
|
Instance |
Normal Operation |
Security Certificate Check URLs for Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) |
|
US Production |
https://beacon.flexnetmanager.com (port 443) https://data.flexnetmanager.com (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
|
US UAT |
https://beacon.uat.flexnetmanager.com (port 443) https://data.uat.flexnetmanager.com (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
|
European Production |
https://beacon.flexnetmanager.eu (port 443) https://data.flexnetmanager.eu (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
|
European UAT |
https://beacon.uat.flexnetmanager.eu (port 443) https://data.uat.flexnetmanager.eu (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
|
APAC Production |
https://beacon.flexnetmanager.au (port 443) https://data.flexnetmanager.au (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
|
APAC UAT |
https://beacon.uat.flexnetmanager.au (port 443) https://data.uat.flexnetmanager.au (port 443) |
Any of the following (port 80): http://*.amazontrust.com http://*.digicert.com http://*.lencr.org |
Note:The security certificate check is for uploads of inventory collected by Inventory Agent. It is possible (but not recommended) to disable the security certificate check by setting the string value CheckCertificateRevocation to False in the following registry location:
| • | On a 64-bit version of Windows: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp\ ManageSoft\Common |
| • | On a 32-bit version of Windows: HKEY_LOCAL_MACHINE\SOFTWARE\ManageSoft Corp\ManageSoft\ Common |
Document Revocation URLs for Signed Self-Extracting EXE Packages
Document revocation URLs will assist you in configuring your proxy or gateway, ensuring that the beacon can successfully validate the signatures of self-extracting packages.
The certificate authority used to sign self-extracting EXE packages will use the following URL for revocation checks:
| • | http://*.digicert.com |
Network IP Range Settings When Not Using DNS hostname
It is recommended you use DNS hostnames for network configuration of firewalls between your inventory beacon and IT Asset Management , as IP addresses can change without notice or with only limited notice. If you require the actual IP address range for your firewall or proxy server settings, please refer to the FlexNet Manager Suite Cloud IP Address Settings Knowledge Base article
Note:Access to the Knowledge Base requires a login to the Flexera Customer Community.