Server Backup

How to back up the BigFix Server on Linux.

Consider backing up to a remote system to allow for higher fault tolerance. Perform the following steps:

Stop all the BigFix processes, including running plug-ins if any. To do so, you can use the following commands:

systemctl stop beswebui
systemctl stop beswebreports
systemctl stop besclient
systemctl stop besgatherdb
systemctl stop besfilldb
systemctl stop besserver

Up to BigFix Version 11.0.1, for backwards compatibility, you may instead run the commands:

/etc/init.d/beswebui stop
/etc/init.d/beswebreports stop
/etc/init.d/besclient stop
/etc/init.d/besgatherdb stop
/etc/init.d/besfilldb stop
/etc/init.d/besserver stop

If you have remote processes that may access the BigFix databases, like a remote BigFix WebUI, stop them as well.
Connect to the database instance hosting the BigFix databases and back them up.
The BigFix Server database is named
- BFENT if you are using DB2
- BFEnterprise if you are using SQL Server
The Web Reports database is named
- BESREPOR if you are using DB2
- BESReporting if you are using SQL Server
Your databases might have different names if you customized them at installation time (not recommended).

If you are using DB2, you can use the DB2 Client to back up your databases. For example:
```
su - db2inst1
db2 force application all
db2 deactivate database BFENT
db2 deactivate database BESREPOR
db2 backup db BFENT to /Absolute/Path/Of/ExistingFolder
db2 backup db BESREPOR to /Absolute/Path/Of/ExistingFolder
```
If you are using SQL Server, you can use the sqlcmd. For example:
```
sqlcmd -U sa -S localhost,1433
BACKUP DATABASE BFEnterprise
TO DISK = '/Absolute/Path/Of/ExistingFolder/BFEnterprise.bak';
GO
BACKUP DATABASE BESReporting
TO DISK = '/Absolute/Path/Of/ExistingFolder/BESReporting.bak';
GO
```

Manually back up the following folders:

/var/opt/BESClient
/var/opt/BESCommon
/var/opt/BESServer
/var/opt/BESWebReportsServer
/var/opt/BESWebUI

Back up your license key, license certificate, and masthead file.
The license.pvk and license.crt files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered.

The masthead (afxm) file is an important file that contains information about the BigFix Server configuration. To back it up, you can copy the /etc/opt/BESServer/actionsite.afxm file and rename it to masthead.afxm.
Analyze the BigFix Server database tables named DBINFO and REPLICATION_SERVERS.
If you are using DB2, you can use the DB2 Client. For example:
```
su - db2inst1
db2 connect to BFENT user db2inst1 using *****
db2 "SELECT * FROM dbo.DBINFO"
db2 "SELECT * FROM dbo.REPLICATION_SERVERS"
```
If you are using SQL Server, you can use the sqlcmd. For example:
```
sqlcmd -U sa -S localhost,1433
SELECT * FROM [BFEnterprise].[dbo].[DBINFO];
GO
SELECT * FROM [BFEnterprise].[dbo].[REPLICATION_SERVERS];
GO
```
Record all the rows in those tables for verification purposes.

If DNS aliases are being leveraged for the servers, the field values of those tables should remain the same after a restore procedure. If they contain hostnames, and the hostnames are changing, those fields may need manual modification after the restore. If you want to update the CN on the BigFix internal certificates, see How to change the Common Name (CN) on BigFix internal certificates.
To avoid the duplication of the BigFix Server computer entry on the BigFix Console, run the steps described in the Client data backup section in Avoiding duplicates when a Client is restored.