Network considerations
FlexxAgent, in its regular operation, requires a series of network requirements to connect to cloud orchestration services and support proxies, as well as complex network ecosystems.
Before deploying FlexxAgent on the devices, it is recommended to validate that at the network level these can access the defined destinations in URLs and ports.
Bandwidth usage
FlexxAgent process
When FlexxAgent starts, it collects and sends an initial report of approximately 75 KB; from that moment, it sends differential reports of approximately 3-4 KB. This process is responsible for executing on-demand or automatic actions on the device. At those moments, the network traffic could increase.
FlexxAgent Analyzer process
FlexxAgent Analyzer collects user session information every 15 seconds, such as application consumption, resource usage, and more. And it adds this information into files of approximately 35-50 KB, which are sent to the consoles every 5 minutes, although the time could change in specific functionalities.
In multi-user systems, a single instance of FlexxAgent will run and as many instances of FlexxAgent Analyzer as user sessions the system has.
Required URLs and Ports
In terms of communications, FlexxAgent must be able to contact the orchestration layer of the service hosted on the Internet, which includes:
| URL | Ambit | Port | Region | Product |
|---|---|---|---|---|
| queue***.servicebus.windows.net | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| flxiothub***.azure-devices.net | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| https://west-eu.agent-api.analyzer.flexxible.com | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| https://flexxibleglobal.blob.core.windows.net | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| https://api.ipify.org | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| ras.flexxible.com | Agent – Remote Assistance | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| https://update.workspaces.flexxible.com/ | Agent | 443 | West Europe | FXXOne, FlexxClient & FlexxDesktop |
| https://agents-weu.one.flexxible.net | Agent | 443 | West Europe | FXXOne |
| https://agents-weu.flexxible.net | Agent | 443 | West Europe | FlexxClient & FlexxDesktop |
*** unique identifier provided by Flexxible.
Security
For security solutions like Deep SSL Inspection (Deep SSL Inspection) or Trend Micro, the following instructions should be taken into account, in favor of the optimal functioning of FlexxAgent.
Deep SSL Inspection
Deep SSL Inspection should be disabled for the following URLs on those devices that have it as a security solution:
- https://flxsbname\*\*\*.servicebus.windows.net
- https://flxiothub\*\*\*.azure-devices.net
- https://agents-weu.flexxible.net
- https://ras.flexxible.com
PowerShell process restriction
Some security solutions do not allow FlexxAgent installation and/or auto-update to be performed efficiently, such as Trend Micro.
During the process, the installer may return the message:
The process was terminated with errors. A corrupted installation was detected due to external processes. This is usually caused by antivirus activity. Please check your antivirus settings.
To fix it, Flexxible recommends excluding the following files from the device:
C:\Windows\Temp\FlexxibleIT
C:\Windows\Temp\UpdateFlexxAgent.ps1
Wake on LAN (WoL)
Wake on LAN allows devices to be powered on by sending a Magic Packet that gives the network card the order to enable. The following is required in order to use this functionality:
- Compatible network card
- Activate WoL in BIOS/UEFI
- Configure WoL in the operating system
- A
Bridgedevice on the same network as the device you want to turn on, with FlexxAgent installed and reporting
Normally, Wake on LAN works within a local network, being able to jump between subnets as long as no firewall or network device blocks the Magic Packet from being sent. If so, in environments segmented into subnets, a network-level exception should be configured to allow Magic Packet addressing between subnets.
Remote assistance through proxy
For remote assistance, FlexxAgent will use a proxy when it is configured and accessible.
In case it is configured with a proxy but it is not accessible at that moment, remote support will be launched with the “auto detect” option which will use the internet exit configuration set by the end user.