Performing initial configuration on Windows

During the initial configuration, you create a BigFix Inventory database and the application administrator. You also set up a connection to the BigFix server and database. As an option, you can configure a connection to the Web Reports database to give the Web Reports users access to BigFix Inventory.

Before you begin

  • Ensure that you have SQL Server database user for BigFix Inventory database as defined on Installation accounts page.

Creation of the BigFix Inventory database

  • To create a new database during initial configuration in BigFix Inventory, the user must have the sysadmin role in MS SQL Server.
    • If you chose local system account as the service owner during the installation, provide the sysadmin role to the NT AUTHORITY\SYSTEM user in MS SQL server.
  • Alternately manually create an MS SQL before the configuration. Make sure that:
    • the database is empty
    • use the SQL_Latin1_General_CP1_CS_AS collation. You must have the db_owner role in MS SQL Server to perform this action.
    • Snapshot isolation is allowed in the database. To allow snapshot isolation, use ALTER DATABASE DatabaseName and SET ALLOW_SNAPSHOT_ISOLATION ON queries.
Other considerations
  • If you want to use Windows authentication to connect to the databases, the following requirements must be fulfilled:
    • BigFix and BigFix Inventory must be installed on Windows.
    • To use a local user for authentication, BigFix and BigFix Inventory must be installed on the same instance of Windows. The applications can run on different hosts if the user is a domain user.
    • The owner of the BigFix Inventory service must also be able to access this database.

Procedure

  1. Create the BigFix Inventory database.
    1. Enter the host name of the database server.
      If you want to configure a named database instance or specify a non-default port, provide the host name in the following format:
      • hostname\instance_name, for example localhost\MyInstance
      • hostname:port_number, for example localhost:1444
    2. Enter the name of the application database.
    3. Select the authentication mode.
      • Select Windows Authentication, to authenticate with a Windows user that you specified as the service owner during the installation of BigFix Inventory.
        Restriction: If the MS SQL Server is installed on the same computer as BigFix Inventory, enter the database host name without its domain name (FQDN) or use localhost instead. The host name can be specified as NC1985110 or localhost, but not as NC1985110.domain.com or 198.50.100.
      • Select SQL Server Authentication to authenticate with an MS SQL Server user. This authentication mode must be enabled in MS SQL Server. For more information, see: Enabling the SQL Server Authentication mode.
    4. To create the database instance, click Create.
  2. Create the administrator of BigFix Inventory.
    Tip: Avoid using admin, administrator, root or a similar name for the administrative account. Such an account might be prone to hacker attacks and locked out if an attacker exceeds the specified number of failed login attempts. For more information, about the account lockout, see: Configuring user account lockout.

    Panel for creating the account of BigFix Inventory administrator.
  3. Optional: To automatically enable scans that collect data from the computers in your infrastructure, select Enable default scan schedule for this data source.

    If you enable the default scan schedule, actions that are needed to collect data from the computers in your infrastructure are automatically started on the BigFix server. This option is advised for environments with up to a few thousand computers. For larger environments, finish the installation, divide the computers into groups, and then manually set up scan schedule for each group to avoid performance issues. For more information about the default and manual scan schedule, see: Setting up scans to discover software and hardware inventory.

  4. Configure the connection to the BigFix database. The database stores information about the computers, and data that was discovered on these computers. Specify the host, port, database name, and credentials of the user that can access the BigFix database.

    Panel for configuring the connection to the BigFix database
  5. Configure the connection to the BigFix server. The host name or IP address, and the API port number are automatically retrieved from the database. Specify only the administrative user that you created during the installation of BigFix.

    Panel for configuring the BigFix server user.
    Note: If you do not want to provide the Master Operator, you can create a dedicated BigFix user that fulfills the following requirements:
    • Is assigned the BigFix Inventory site
    • Is assigned computers that you are going to monitor, and the computer where the BigFix server is installed
    • Has the following permissions: Can use REST API, Can use Console, Custom Content, Can Create Actions
    The option is supported starting from BigFix 9.5.
  6. Optional: If the BigFix and BigFix Inventory servers are in separated networks, the automatic address lookup might return incorrect address. To disable the lookup, select Disable automatic address lookup, and specify the address manually. Then, configure additional environment variables on the BigFix Inventory server. For more information, see Configuring servers in separate networks.
  7. Optional: Configure the connection to the Web Reports database. Specify the database type, host name, database name, and credentials of the Web Reports database user.
    98/
    Web Reports connection for Microsoft SQL Server
  8. To create connections to the databases, click Create.
    When the connections are created and configured, a new page opens and a message about the data import is displayed.
  9. Optional: If your environment consists of more than 50 000 endpoints, complete steps to enhance the application performance before you run the import.
  10. To run the initial import, click Import Now.
    The import might take a few hours, depending on your hardware capacity.

What to do next

If you enabled the default scan schedule, the collected data might not be displayed in BigFix Inventory after the initial import. Some time is required to finish scans that were initiated during the installation, and to upload scan results to the server. If the reports in BigFix Inventory do not contain any data, wait about an hour until the scans are completed. Then, start another import.

If you did not enable the default scan schedule, manually configure scans to collect data that is later on displayed on the reports. For more information, see Setting up scans to discover software and hardware inventory.