Configure the Socket proxy server for off-load Main server and proxy with DMZ

Document ID:  TEC1843915
Last Modified Date:  08/24/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA Service Desk Manager


  • CA Service Desk Manager:Release:14.1



Allowing direct socket access to the application servers that run Support Automation can be considered a security risk.

Improve performance by "Offload encryption and decryption of the incoming and outgoing data for all analysts or clients"


Manage Support Automation Connectivity with "Socket proxy server"

Implement the SA connectivity per the documentation in this link
Manage Connnectivity
1/ How to Overcome Server Load
In large deployments, high server load can degrade the application performance. For this reason, you can off-load some of the processing to one or more Socket Proxy servers as follows:
Offload encryption and decryption of the incoming and outgoing data for all analysts or clients. The clients must connect either through Direct Socket or through HTTP.
Offload the processing of HTTP traffic from and to those clients connecting through HTTP to the Socket Proxy.

2/ Use Socket Proxy Within DMZ
In some network environments, allowing direct socket access to the application servers that run Support Automation can be considered a security risk. In such environments, you can use Socket Proxy within the DMZ. Using Socket Proxy in this scenario offloads some of the processing from the main server. The Socket Proxy works as follows:
1. On the configured external port, the Socket Proxy listens for incoming connections from analysts or end users.
2. The Socket Proxy establishes a peer connection to the main server on the configured internal port for every connection. These two connections are named the end-user connection and the server connection, respectively.
3. The end-user connections are encrypted and the Socket Proxy encrypts or decrypts data coming in or going out. The server connection is not encrypted.
4. For each incoming data-packet, the protocol structure is verified and a checksum value is validated. This happens before the data is passed on to the main server through the server connection.
5. The main server off-loads the encryption and decryption processing.
6. The Socket Proxy closes the matching peer connection once the end user or server connection closes.

Windows 2008 Windows 2012 Service Desk 12.9 Service Desk 14.1 Environment of this tecdoc SA Main server SRVA : SA socket proxy server SRVD : Analyst on Employee

As we have the primary server named SRVA and the secondary server named SRVD, we have this list of server.


Create the configuration for pdm_configure. In this example it is named conf1



1/ Configure SRVD to start the process for "Socket proxy server"

Edit the configuration conf1, select "additional process" tab


Choose add process


define SRVD to run "SA socket proxy server"


Save and verify we have this list of process



2/ Execute pdm_configure on SRVA and SRVD

pdm_configure on SRVA


pdm_configure on SRVD



3/ Restart Service Desk

- on SRVA, stop "CA Service Desk Manager Server" service

- on SRVD, stop "CA Service Desk Manager Remote Proctor" service

- on SRVD, start "CA Service Desk Manager Remote Proctor" service

- on SRVA, start "CA Service Desk Manager Server" service


4/ Verification

We used wireshark to examine the communication and ports used. Analyst do remote control on Employee workstation


Employee --> -->

Analyst --> -->

SA_employee_to_sa_main port 8070.jpg

SA_employee_to_sa_proxy port 10443.jpg


SA_employee_to_sa_main port 10443 not used.jpg



Communication to listening port



Per this configuration, there is no communication to socket port 10443 on SRVA running "SA main server", this allow to not open the socket port 10443 on the server running Service  Desk application server to external users.


Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >