Hi all,
I have an internal desktop management application hosted on an EC2 instance that I'm trying to put behind an internal ALB. Everything looks fine when I access the web interface of the app, however, when I try to use any of the remote access functionality of the tool (used for remote management such as screensharing, file management, software deployment, etc), these features all time out. I've also tried enabling the X-Forwarded-For header as it appeared to be a problem with how the console sees the administrator who connects to the instance and how to send that traffic back to requester's (the admin initiating the connection) IP address, however, this doesn't appear to have made a difference. There are some threads that seem to indicate some additional configuration required on the application side with regards to Tomcat to be able to capture the X-Forwarded-For header but I've not had any luck yet, I'm also still waiting to hear back from the vendor's support but wanted to make sure I'm not missing any obvious configurations within AWS.
Is this an application that can work behind an ALB? If so, what other configurations would I need to account for?
This is Manage Engine's Endpoint Central application and the following link shows the required ports when configuring this normally.
https://www.manageengine.com/products/desktop-central/desktop-central-lan-architecture.html#dcports
For example:
Port | Purpose | Type | Connection |
---|
8383 | For communication between the agent or distribution server or the ME MDM app and the Endpoint Central server. | HTTPS | Inbound to server |
8444 | For Sharing remote desktops, System Manager, Chat | HTTP | Inbound to server |
8444 | For transferring files | HTTP | Inbound to server |
8443 | For Sharing Remote Desktops, System Manager, Chat | HTTPS/UDP (voice & video chat) | Inbound to server |
Hi Riku_Kobayashi, I created a support ticket with AWS and they did have me create listeners for the other ports but did not see any change in the application's behavior.
Still troubleshooting this one, unfortunately. I'll have to look into the NLB but the primary reason for using the ALB was to address an issue with SSL certificates. Using the ALB + ACM allows us to resolve those issues.