Network and Security Manager

You can use the Network and Security Manager command line tool, lr_agent_settings, to update and configure agent-related settings on local and remote machines.

Using a single command, you can update and configure agent ports, agent settings, and authentication, as well as configure the LoadRunner Data Hub connection.

You can also use this tool to automate your test and run it through the command line.

Launch the Network and Security Manager tool

To launch the tool, open a command line window and run the following:

Windows

For LoadRunner Professional, load generator, MI Listener, and monitor over firewall:

<LoadRunner Professional root>\bin\lr_agent_settings.exe

Note: You must have write permissions to the LoadRunner Professional installation folder.

Linux

For a load generator:

<LG path>\bin\lr_agent_settings

 

Guidelines for Linux machines:

  • You must have administrator privileges to run this on a Linux machine.
  • In Amazon cloud environments (AWS), you need to set the M_LROOT environment variable, as shown in the following example:

    ~$ sudo M_LROOT=/opt/OT/OT_LoadGenerator /opt/OT/OT_LoadGenerator/bin/lr_agent_settings -check_client_cert 0

Back to top

Command line arguments for the Network and Security Manager tool

The following command line arguments are supported by this tool:

Note:  

  • To retrieve the list of available arguments, on the LoadRunner Professional machine type lr_agent_settings.exe -usage or lr_agent_settings with no arguments.
  • LoadRunner Professional currently supports basic and NTLM proxy authentication.

  • You can update the certificates on a remote machine only if:

    • A secure connection was established using TLS (SSL) authentication.
    • The client (the machine the tool is running on) was authenticated by the CA certificate on the remote load generator.
    • Both of the above items were achieved by using certificates other than the defaults.
Option Arguments Description
Remote update options
-remote_host
remote host name or IP

The names of the hosts to update with the new settings.

To access the local machine, specify localhost or 127.0.0.1.

For multiple machines, repeat the command: For example,

-remote_host host1 - remote_host host2.

-remote_hosts_file
file name

The name of a file containing the host names or IP addresses. Separate multiple host names with a line break. For hosts over a firewall, specify a port. For example,

myserver1

myserver2:my_ofw_unix

myserver2:my_ofw_1

Agent port options
-m_agent_port
port

The load generator m_agent listening port.

Default: 54345

-al_agent_port
port

The load generator al_agent listening port.

Default: 54245

-mil_port_controller
port

MIL listening port from Controller. This option is not available on Linux.

Default: 50500

-mil_port_lg
port

MIL listening port from load generator over firewall.

If you change this port value, you should also change the port for the load generator over firewall machine using -mil_port. This option is not available on Linux.

Default: 443

Load generator over firewall options
-is_ofw
0 | 1

Indicates whether to communicate over a firewall.

-mil_name
Host name or IP address

Changes the MI listener name or IP address from the side of the load generator over a firewall.

-mil_port
port number

Changes the port for the MI Listener from the side of the load generator over a firewall.

Default: 443

-local_machine_key
Local machine key

Changes the host symbol (or local machine key) for load generator over a firewall, to establish a unique connection from behind the firewall.

-mil_string
MILname:local machine key

Changes the MI Listener name and the local machine key in one string separated by a colon, ":".

-mil_username, -mil_passwd, -mil_domain
username, password, domain

Changes the user name and password with which to connect to the MI Listener machine, and the domain for the MI Listener machine (required only if NTLM is used).

-sampling_interval
sampling interval in seconds

Changes the sampling interval in seconds—the time the agent waits before retrying to connect to the MI Listener machine.

The over-firewall load generator machine polls the MI Listener regularly to see if any Controller needs to use it for a test run. If no request is found, it closes the connection and waits this specified timeout period, before polling it again.

-channel_type
TCP | HTTP

Changes the connection type: HTTP or TCP.

-proxy_name, -proxy_port
hostname, port

Changes the name and port of proxy server when using HTTP connection.

-proxy_string
proxy name:proxy port

Changes the proxy name and port in one string separated by a colon, ":",

-proxy_username, -proxy_passwd, -proxy_domain
username, password, domain

Changes the user name and password with which to connect to the proxy server.

-use_ssl
0 | 1

Changes the flag to connect using the TLS (formally SSL) protocol.

-private_key_pwd
username, password, domain
Changes the password that is optionally required during TLS (SSL) certificate authentication.
-use_ipv6
0 | 1 Changes the flag to connect using the IPv6 address.
Certificate authentication options

 

-check_client_cert
0 | 1

Use 0 to allow both TLS (SSL) and non-TLS connections.

Use 1 to enforce TLS (SSL) connections only and check if the client certificate is trusted by the CA installed on the agent machine.

Note: When monitoring over firewall, set this flag to 1 on the server machine. For guidelines on determining which machine is considered the server, see Two-way TLS (SSL) authentication.

-check_server_cert
None | Medium | High

Indicates how to authenticate TLS (SSL) certificates that are sent by the server.

None. Does not authenticate the certificate.

Medium. Verifies that the server certificate is signed by a trusted Certification Authority.

High. Verifies that the sender IP matches the certificate information.

-CA_cert_file_name
CA certificate file name

Installs a CA certificate locally. It overwrites the dat\cert\verify\cacert.cer file, but does not affect any configuration file.

Note: You need to generate a CA certificate before installing it. To generate the CA certificate, run gen_ca_cert -common_name <your_selected_common_name, e.g. LoadRunner > from the bin folder.

Two files, cacert.cer and capvk.cer. are generated in the current directory, for the CA certificate and private key.

Store capvk.cer securely in a designated folder.

Install cacert.cer as a CA certificate on all of your LR/LoadRunner Enterprise installations.

-CA_private_key_file CA certificate private key file name

Indicates the private key file for the CA certificate.

If you do not specify a private key, you cannot generate new TLS (SSL) certificates using this CA certificate.

-CA_private_key_pwd Password of the encrypted CA private key file This option is required if the private key file specified in -CA_private_key_file is encrypted.
-cert_file_name
full path of certificate file

Installs authentication certificate locally. It overwrites the dat\cert\verify\cacert.cer file, but does not affect any configuration file.

Note: This step assumes you already generated a TLS certificate ahead of time. To generate a TLS certificate, run the following from the bin folder:

gen_cert -common_name <your_selected_common_name, e.g. LoadRunner> -CA_cert_file_name <CA_cert_file_full_path> -CA_pk_file_name <CA_private_key_file_full_path>.

-generate_new_cert_file

-CA_private_key_file
_name

CA private key file full path

Generates a new authentication certificate and installs it in dat\cert\cert.cer.

Note: A CA private key is mandatory to generate a self-signed certificate. The CA certificate will be read from dat\cert\verify\cacert.cer from the current machine.

-private_key_file_name
Private key file name

Sets the matching private key of the TLS (SSL) certificate you installed with gen_ca_cert -common_name (see above). If you generate a TLS certificate using gen_cert or using the -generate_new_cert_file option in this tool, you can skip this step. You only need to do this step if you use a certificate which does not include a private key in the certificate file, such as the openssl tool.

-private_key_pwd Private key password This option is required if the private key file specified in -private_key_file_name is encrypted.
Restart agent options
-restart_agent
 

Restarts the magent or alagent. It automatically detects whether it is running as a service or process.

Note: If the agent is running as a process and you want to use the command line to restart it as a service, first use the Agent Configuration Settings dialog box to change between the Process and Service mode for the agent.

Read input parameters
-prm
parameter file

Retrieves the value of input parameters listed in a file. The prm file should have the following format:

-mil_name MyHost1 -local_machine_key my_ofw_win -channel_type HTTP -proxy_name www.acme.com -proxy_port 8080.

Note:

  • When using the -prm argument in the command line, all other arguments are ignored.
  • The parameter file should only contain arguments for changing settings. It should not contain the Remote Update arguments, -remote_host and -remote_file, which are ignored.
Data Hub configuration
-is_datahub 0 | 1 Indicates whether to communicate using the LoadRunner Data Hub. For details, see LoadRunner Data Hub and Web Connector setup.
-datahub_addr Server name and domain:port number The Data Hub machine name, domain, and port number.
-lg_name Load generator name

The name of the load generator. This name is used to connect to Controller through the Data Hub channel.

Default value: Machine name of the load generator machine.

-is_use_web_connector 0 | 1 Indicates whether to connect to the Data Hub Web Connector.
-web_connector_addr Web Connector name and domain:port number The Data Hub Web Connector machine name, domain, and port number.
-web_connector_proxyname Proxy name and domain The machine name and domain of the proxy (if relevant).
-web_connector_proxyport Proxy port The port number to use for the proxy connection (if relevant).
-web_connector_proxyuse Proxy username The username used to connect to the proxy (if relevant).
-web_connector_proxypass Proxy password The password used to connect to the proxy (if relevant).
Shared key options
-shared_key

New shared key value.

Enter the value default to restore the original shared key.

Changes the shared key included with the LoadRunner Professional installation. This key is used for encryption and decryption of passwords and other data required for authentication in certain protocols.

The key must be between 12–64 alphanumeric characters.

Back to top

Common command examples

Below are some examples for using the Network and Security Manager command line tool to change settings including agent ports, load generator over firewall settings, host security settings, and certificate authentication.

Note: To use this utility on Linux load generators on an Amazon cloud environment (AWS), you need to set the M_LROOT environment variable as shown in the following example:

~$ sudo M_LROOT=/opt/OT/OT_LoadGenerator /opt/OT/OT_LoadGenerator/bin/lr_agent_settings -check_client_cert 0

Set the agent proxy and port, and the MI Listener over a firewall

lr_agent_settings.exe -proxy_name www.apache.com -proxy_port 8080

lr_agent_settings.exe -m_agent_port 54888

lr_agent_settings.exe -proxy_string web-proxy.sgp.proxy-server.com:8080 (The string before ":" is proxy name, the string after ":" is proxy port)

lr_agent_settings.exe -mil_string MyServer2:my_ofw_unix (The string before ":" is MIL name, the string after ":" is the local machine key)

Read parameters from a file

lr_agent_settings.exe -prm C:\my_settings.prm

where the parameter file is a text file with the parameters you want to use to change the settings, for example:

-mil_name MyServer3 -local_machine_key my_ofw_win -channel_type HTTP -proxy_name www.apache.com -proxy_port 8080

Remote updates

lr_agent_settings.exe -remote_host MyServer1 -proxy_string www.apache.com:8080

lr_agent_settings.exe -remote_host MyServer1 -prm C:\my_settings.prm

lr_agent_settings.exe -remote_host MyServer2:my_ofw_unix -prm C:\my_settings.prm (MyServer2:my_fow_unix says the remote host is OFW, the name before ":" is MIL name, the string after ":" is local machine key)

lr_agent_settings.exe -remote_host localhost/127.0.0.1 -proxy_string www.apache.com:8080 (Updates local host)

Remote updates - multiple

lr_agent_settings.exe -remote_host MyServer1 -remote_host vmlrrnd192 -use_ssl 1

lr_agent_settings.exe -remote_host localhost -remote_host vmlrrnd192 -use_ssl 1

lr_agent_settings.exe -remote_host MyServer1 -remote_host MyServer2:my_ofw_unix -prm C:\my_settings.prm

Remote updates - multiple from file

lr_agent_settings.exe -remote_file C:\remote_hosts.txt -proxy_string www.apache.com:8088

lr_agent_settings.exe -remote_file C:\remote_hosts.txt -prm C:\my_settings.prm

The file contains the hosts separated by line breaks:

myserver1
myserver2:my_ofw_unix
myserver2:my_ofw_1

Restarting the agent

lr_agent_settings.exe -restart_agent

lr_agent_settings.exe -is_ofw 1 -mil_string MyServer2:my_ofw_win -restart_agent

lr_agent_settings.exe -remote_host MyServer1 -remote_host MyServer2:my_ofw_unix -restart_agent

Note: If you encounter Access Denied warnings when restarting the service, see Agent Configuration dialog box for details.

Back to top