By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Difficulty with an desktop management application on EC2 behind an internal Application Load Balancer

0

Hi all, I have an internal desktop management application hosted on an EC2 instance that I'm trying to put behind an internal ALB. Everything looks fine when I access the web interface of the app, however, when I try to use any of the remote access functionality of the tool (used for remote management such as screensharing, file management, software deployment, etc), these features all time out. I've also tried enabling the X-Forwarded-For header as it appeared to be a problem with how the console sees the administrator who connects to the instance and how to send that traffic back to requester's (the admin initiating the connection) IP address, however, this doesn't appear to have made a difference. There are some threads that seem to indicate some additional configuration required on the application side with regards to Tomcat to be able to capture the X-Forwarded-For header but I've not had any luck yet, I'm also still waiting to hear back from the vendor's support but wanted to make sure I'm not missing any obvious configurations within AWS.

Is this an application that can work behind an ALB? If so, what other configurations would I need to account for?

This is Manage Engine's Endpoint Central application and the following link shows the required ports when configuring this normally. https://www.manageengine.com/products/desktop-central/desktop-central-lan-architecture.html#dcports

For example:

PortPurposeTypeConnection
8383For communication between the agent or distribution server or the ME MDM app and the Endpoint Central server.HTTPSInbound to server
8444For Sharing remote desktops, System Manager, ChatHTTPInbound to server
8444For transferring filesHTTPInbound to server
8443For Sharing Remote Desktops, System Manager, ChatHTTPS/UDP (voice & video chat)Inbound to server
1 Answer
1

Hello.

Since ALB is an application load balancer that operates on layer 7 (HTTP and HTTPS), I thought that it might not be possible to communicate using UDP.
If you are using UDP or TCP, you may want to consider using an NLB that runs on layer 4.

HTTPS/UDP (voice & video chat)

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html

By the way, are you creating listeners for each port number in ALB?

profile picture
EXPERT
answered 7 months ago
  • Hi Riku_Kobayashi, I created a support ticket with AWS and they did have me create listeners for the other ports but did not see any change in the application's behavior.

    Still troubleshooting this one, unfortunately. I'll have to look into the NLB but the primary reason for using the ALB was to address an issue with SSL certificates. Using the ALB + ACM allows us to resolve those issues.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions