Home
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Remote Control Installation Guide
By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
Configure LDAP
Migrating from LDAP to Microsoft Entra ID

Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
- Release notes
  A summary of changed or new features and enhancements included in BigFix Remote Control.
- Remote Control Installation Guide
  By using Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
  - Audience
  - Versions
  - Terms used in this guide
  - Overview of the Remote Control system
  - Get started
    Now that you understand the terms and components available in Remote Control, you can identify which components you need to install:
  - Install the Remote Control components
    The Remote Control components can be installed in two ways. If you have access to the BigFix® console, use a deployment fixlet to install the components.
  - Utility for extracting the component installation files
    Remote Control provides a utility that you can use to extract the installation files that are required for each component.
  - Enable secure target registration
    To prevent unauthorized targets from registering with the Remote Control server, you can enable the secure registration feature and use tokens to authenticate the target.
  - Install the driver for smart card authentication
    The BigFix® Remote Control Target provides an installation option to install a virtual smart card reader driver. You can also install the driver by running a fixlet in the BigFix console.
  - Manage the component services
    After you install the Remote Control components, if you change their configuration, you can stop, start, or restart the component services.
  - Enabling email
  - Configure LDAP
    - Setting up LDAP synchronization
      To enable LDAP authentication, synchronization with the LDAP server must also be enabled. Edit values in the common.properties file and the ldap.properties file to enable synchronization.
    - Verifying connection information
    - Configuring connection credentials
    - Setting connection security
    - Setting user authentication properties
    - Importing Active Directory Groups
    - Testing the Connection
    - Verifying that the groups are imported
    - Verifying that the groups are imported
    - Testing the Connection
    - Importing Active Directory Groups
    - Setting user authentication properties
    - Setting connection security
    - Configuring connection credentials
    - Verifying connection information
    - Setting up LDAP synchronization
      To enable LDAP authentication, synchronization with the LDAP server must also be enabled. Edit values in the common.properties file and the ldap.properties file to enable synchronization.
    - Importing Groups
    - Testing the Connection
    - Verifying that the groups are imported
    - Migrating from LDAP to Microsoft Entra ID
    - Sample Microsoft Entra ID Configuration File
  - Configure Microsoft Entra ID
  - Configure TLSv1.3
  - Federal information processing standard (FIPS) compliance in Remote Control
    The US Federal information processing standard 140-2 (FIPS 140-2) is a cryptographic function validation program that defines security standards for cryptographic modules that are used in IT software.
  - NIST SP800-131A compliance in Remote Control
    Remote Control version 10.0.0 components can be configured for NIST SP800-131A compliance.
  - Verifying the server installation
  - Recover from installation errors
  - Uninstall the components
  - Upgrade from previous versions
  - Maintaining the target installation
  - Properties that can be set in the target configuration
    You can configure target properties either during or after installation. The operating system on the target system determines which properties can be configured. The target properties determine the actions that can be carried out during a peer-to-peer session. If you set a server URL and set the Managed property to Yes, the actions are determined by the policies that are set on the Remote Control server.
- Remote Control Administrators Guide
  This guide is for users who want to administer Remote Control.
- Remote Control Console User Guide
- BigFix Remote Control Controller Users Guide
- Remote Control Target Users Guide
- Remote Control On-demand Target Guide
  Use Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.
- Remote Control V10 Readme

Migrating from LDAP to Microsoft Entra ID

About this task

In order to migrate to Microsoft Entra ID all the existing LDAP users and groups that are used with the Remote Control Server please consider the following steps:

Procedure

Create the same group hierarchy and users on Microsoft Entra ID.

Note: In order to retain the existing permissions, it is recommended to create the new groups on Microsoft Entra ID with the same names of the ones that were available with LDAP.
Use the Admin > Microsoft Entra ID Configuration Utility in order to test the connection and to apply the required configuration for groups and users.
Disable the LDAP authentication and synchronization and enable the Microsoft Entra ID synchronization by setting the following properties in the common.properties file:
- authentication.LDAP=false
- sync.LDAP=false
- sync.entraID=true
Note: It is recommended to perform a database backup.
Enable the SAML 2.0 Single sign-on (SSO) on the Remote Control Server with Microsoft Entra ID as the Identity Provider (IdP). For more information please see Chapter 4. Configure SAML 2.0 authentication on the server.
Restart the Remote Control Server service.
Microsoft Entra ID users can login to the Remote Control Server by using SAML 2.0 Single sign-on (SSO).
Note: After enabling SAML 2.0 Single sign-on (SSO), the Microsoft Entra ID users can login with their userPrincipalName (for instance, user@contoso.onmicrosoft.com). For more information, visit https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/plan-connect-userprincipalname#upn-in-microsoft-entra-id
For this reason it is recommended to check the value of the following parameter into the identity_providers.properties file:
- entraID.userID=userPrincipalName
Check that the old group hierarchy has been successfully restored after the first Microsoft Entra ID synchronization. To check, go to User groups > All User Groups.

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.