Collector proxy support

Contents

Collector proxy support

Cloud The following content applies exclusively to the Nexthink Cloud offering.

Overview

The devices in a corporate network typically connect to the Internet through a proxy server instead of using a direct connection. A proxy server or proxy forwards the requests of client applications that run on the corporate devices to the servers that run on the Internet, as if the proxy itself initiated the requests. Then the proxy sends the responses from the servers back to the clients. By acting as intermediary, a proxy server can provide varied functionality such as content filtering (for improved security) or content caching (for better performance).

ProxySettings.png

Thus, in a Nexthink Cloud setup, Collectors inside a corporate network that is equipped with a proxy server are usually required to send their traffic through the proxy to reach the Nexthink Cloud. In this article, learn about the different types of proxies and configurations supported by the Collector.

Applies to platforms: PlatformWindows.png

Supported types of proxies

The Collector supports the following types of proxies:

  • HTTP (web) proxy
  • SOCKS5 proxy

Collector should work out of the box with transparent proxies as well. Transparent proxies automatically intercept network traffic that goes from the corporate network to the Internet, so that clients are not aware that their traffic is traversing a proxy.

Supported proxy configurations

Proxy settings may appear at different levels:

System level
Settings apply to all users and applications on the device.
User level
Settings apply to all applications that a user runs.
Application level
Settings apply only to the application itself.

Because the Collector runs as a Windows service, it can read the proxy settings specified both at the application level (its own custom configuration) and at the system level, but not at the user level. Therefore, the Collector supports the methods described below to configure its proxy settings.

Microsoft Windows HTTP Services (WinHTTP)

The WinHTTP interface is meant to be used by server applications and system services such as the Collector. It provides proxy settings at the system level and its configuration is stored in the Windows Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Value: WinHttpSettings
Type: Binary


To read the proxy settings on a device, type in from the comand prompt:

netsh winhttp show proxy

To configure the proxy settings on a device, use the set proxy command. Type in the following to display usage and options:

netsh winhttp set proxy /?

Windows Collector V6.24 already supported WinHTTP services to get the proxy settings. If you are migrating from V6.24, proxy settings will remain unchanged on V6.25 and later.

Microsoft Windows Internet (WinINet) API

The WinINet API was designed to give interactive desktop applications access to standard Internet protocols such as HTTP or FTP. Applications such as Internet Explorer get their proxy configuration via WinINet. This configuration is visible from the Internet Properties dialog of the Control Panel:

  1. Press the WinKey.
  2. Type in Internet Options and press Enter. The Internet Properties dialog shows up.
  3. Select the Connections tab.
  4. Under the section Local Area Network (LAN) settings, click the button LAN settings
    LANSettings.png
  5. Choose how WinINet should configure the LAN settings (which include the proxy settings), tick either:
    • Automatically detect settings, to use Web Proxy Auto-Discovery (WPAD) protocol.
    • Use automatic configuration script, to get a PAC file from the specified URL in Address. A proxy-auto-config (PAC) file is a JavaScript file with a single function that determines which proxy should be used for each client connection.
    • Use a proxy server for your LAN..., to manually configure the proxy settings.

By default, WinINet provides proxy settings at the user level; therefore, the Collector cannot read them. To make them readable by the Collector, promote the WinINet proxy settings to system level by setting the ProxySettingsPerUser value to 0 in the Windows Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value: ProxySettingsPerUser
Type: Binary
Data: 0


Or by setting the following GPO:

Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\
Make proxy settings per-machine (rather than per user)

Web Proxy Auto-Discovery (WPAD)

The Web Proxy Auto-Discovery (WPAD) protocol is a method to set the proxy settings automatically by leveraging the DHCP and DNS protocols. WPAD uses discovery methods in DHCP and DNS to find out the URL of a PAC file, in much the same way as WinINet gets its LAN settings when automatic detection is enabled.

Collector custom configuration

To specify the proxy settings of the Collector at the application level, set the following values in the Windows Registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Proxy
Value Type Description
hostname REG_SZ Name or FQDN of the proxy server
port REG_DWORD Port number where the proxy is wating for connections.
type REG_SZ

Type of server. Supported data values:

  • http
  • socks
user REG_SZ Username for proxy authentication. Leave blank for no authentication.
password REG_SZ Password for proxy authentication. Leave blank for no authentication.

Because this procedure overrides the system settings, we recommend to use it only for troubleshooting and not in production. It is however the only option that supports authentication of users in the proxy for the moment (Basic authentication, as specified in the HTTP protocol).

Collector logic to choose proxy settings

The Windows Collector selects one of the methods to get its proxy settings on a trial and error basis. The Collector tests the validity of each method in sequence: the first method that yields a set of proxy settings which let the Collector connect to the Nexthink Cloud is retained. Methods are tried in the following order until one of them is successful:

  1. Collector custom configuration
  2. Direct connection without proxy
  3. Microsoft Windows HTTP Services (WinHTTP)
  4. Microsoft Windows Internet (WinINet) API
    • Only if settings are valid at the system level (per device)
      1. Manual configuration.
      2. PAC file referenced by URL (automatic configuration script).
  5. Web Proxy Auto-Discovery (WPAD).