Skip to main content

Using proxy with on-prem clients

The proxy configuration allows the OPC to route all outbound traffic through a single, controlled gateway. This is typically set up during the initial installation phase within the On-prem Client Management Tool, ensuring that the agent can successfully reach the cloud environment even when direct internet access is restricted.

There are three primary reasons why this setup is standard in enterprise environments:

  • Security and compliance: Most corporate networks forbid servers from connecting directly to the internet. A proxy allows security teams to monitor, filter, and log all data leaving the network to ensure it only travels to authorized Celonis endpoints.

  • Network segmentation: If your source system (like an SAP ERP) resides in a high-security internal zone, a proxy provides a "bridge" that allows the OPC to communicate with the outside world without exposing the internal server's IP address.

  • Traffic control: Proxies can help manage bandwidth and provide a single point for authentication, ensuring that only verified services are transmitting data to your Celonis team.

Before you begin

Before you begin the configuration, ensure you have the following:

  • Proxy server details: You need the host address (URL or IP) and the port number used by your organization.

  • Authentication credentials: If your proxy requires it, ensure you have the username and password ready.

  • Network access: The server hosting the on-prem client must be able to reach the proxy server over the local network.

  • Administrator rights: You must have permissions to run the on-prem client management tool on the host machine.

Configuring the proxy settings

To configure the proxy settings:

  1. Launch the management tool: Open the on-prem client management tool on your windows server.

  2. Access the proxy settings: During the initial setup wizard (or by navigating to the settings tab), locate the proxy configuration section.

  3. Enter connection details:

    • Input the proxy host and port.

    • Select the protocol (typically HTTP or HTTPS).

  4. Configure authentication (optional): If your proxy is not transparent, toggle the use authentication switch and enter your service account credentials.

  5. Test the connection: Click the test connection button to ensure the on-prem client can reach the Celonis platform through the proxy.

  6. Save and restart: Save your changes. The services will restart automatically to apply the new network routing.

Related topics