Performing initial configuration on Windows
During the initial configuration, you create a BigFix Inventory database and the application administrator. You also set up a connection to the BigFix server and database. As an option, you can configure a connection to the Web Reports database to give the Web Reports users access to BigFix Inventory.
Before you begin
- Ensure that you have SQL Server database user for BigFix Inventory database as defined on Installation accounts page.
Creation of the BigFix Inventory database
- To create a new database during initial configuration in BigFix Inventory, the user
must have the
sysadmin
role in MS SQL Server.- If you chose local system account as the service owner during the
installation, provide the
sysadmin
role to theNT AUTHORITY\SYSTEM
user in MS SQL server.
- If you chose local system account as the service owner during the
installation, provide the
- Alternately manually create an MS SQL before the configuration. Make sure
that:
- the database is empty
- use the
SQL_Latin1_General_CP1_CS_AS
collation. You must have thedb_owner
role in MS SQL Server to perform this action. - Snapshot isolation is allowed in the database. To allow snapshot
isolation, use
ALTER DATABASE DatabaseName
andSET ALLOW_SNAPSHOT_ISOLATION ON
queries.
- If you want to use Windows authentication to connect to the databases, the
following requirements must be fulfilled:
- BigFix and BigFix Inventory must be installed on Windows.
- To use a local user for authentication, BigFix and BigFix Inventory must be installed on the same instance of Windows. The applications can run on different hosts if the user is a domain user.
- The owner of the BigFix Inventory service must also be able to access this database.
Procedure
-
Create the BigFix Inventory database.
-
Create the administrator of BigFix Inventory.
Tip: Avoid using admin, administrator, root or a similar name for the administrative account. Such an account might be prone to hacker attacks and locked out if an attacker exceeds the specified number of failed login attempts. For more information, about the account lockout, see: Configuring user account lockout.
- Optional:
To automatically enable scans that collect data from
the computers in your infrastructure, select Enable default scan schedule for this data
source.
If you enable the default scan schedule, actions that are needed to collect data from the computers in your infrastructure are automatically started on the BigFix server. This option is advised for environments with up to a few thousand computers. For larger environments, finish the installation, divide the computers into groups, and then manually set up scan schedule for each group to avoid performance issues. For more information about the default and manual scan schedule, see: Setting up scans to discover software and hardware inventory.
-
Configure the connection to the BigFix
database. The database stores information about the computers, and data that was discovered on these
computers. Specify the host, port, database name, and credentials of the user that can access the
BigFix database.
-
Configure the connection to the BigFix
server. The host name or IP address, and the API port number are automatically retrieved from the
database. Specify only the administrative user that you created during the installation of BigFix.
Note: If you do not want to provide the Master Operator, you can create a dedicated BigFix user that fulfills the following requirements:- Is assigned the BigFix Inventory site
- Is assigned computers that you are going to monitor, and the computer where the BigFix server is installed
- Has the following permissions: Can use REST API, Can use Console, Custom Content, Can Create Actions
- Optional: If the BigFix and BigFix Inventory servers are in separated networks, the automatic address lookup might return incorrect address. To disable the lookup, select Disable automatic address lookup, and specify the address manually. Then, configure additional environment variables on the BigFix Inventory server. For more information, see Configuring servers in separate networks.
- Optional:
Configure the connection to the Web Reports database. Specify the database type, host name,
database name, and credentials of the Web Reports database user.
98/
-
To create connections to the databases, click Create.
When the connections are created and configured, a new page opens and a message about the data import is displayed.
- Optional: If your environment consists of more than 50 000 endpoints, complete steps to enhance the application performance before you run the import.
-
To run the initial import, click Import Now.
The import might take a few hours, depending on your hardware capacity.
What to do next
If you did not enable the default scan schedule, manually configure scans to collect data that is later on displayed on the reports. For more information, see Setting up scans to discover software and hardware inventory.