Server Backup

How to back up the BigFix Server.

Perform the following steps:

  1. Stop all the BigFix processes, including running plug-ins if any, using the following commands:
    systemctl stop beswebui
systemctl stop besclient
systemctl stop beswebreports
systemctl stop besgatherdb
systemctl stop besfilldb
systemctl stop besserver

    Up to BigFix Version 11.0.1, for backward compatibility reasons, you can also run the commands:

    /etc/init.d/beswebui stop
/etc/init.d/besclient stop
/etc/init.d/beswebreports stop
/etc/init.d/besgatherdb stop
/etc/init.d/besfilldb stop
/etc/init.d/besserver stop
  2. Back up the BFENT and BESREPOR databases using the following commands:
    su - db2inst1
db2 backup db BFENT
db2 backup db BESREPOR
    Optionally add an absolute path with the commands: 
    su - db2inst1
db2 backup db BFENT to /Absolute/Path/Of/ExistingFolder
db2 backup db BESREPOR to /Absolute/Path/Of/ExistingFolder
    These databases might have different names if, at installation time, one of these commands has been used: -opt BES_DB_NAME=<SERVER_DB_NAME> or -opt WR_DB_NAME=<WEBREPORTS_DB_NAME>.
  3. Manually back up the following folders: 
    /var/opt/BESClient
/var/opt/BESCommon
/var/opt/BESServer
/var/opt/BESWebReportsServer
/var/opt/BESWebUI
  4. Back up site credentials, license certificates and masthead files.

    The license.pvk and license.crt files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered.

    The masthead file is an important file that must be used for recovery. It contains the information about the BigFix server configuration. To back it up, either copy the /etc/opt/BESServer/actionsite.afxm file renaming it masthead.afxm, or open the masthead file from a browser, http://hostname:52311/masthead/masthead.afxm, and then save it locally.

  5. Use the DB client to connect to the BFENT database and examine the DBINFO and REPLICATION_SERVERS tables:

    Record all column values for verification purposes.

    If DNS aliases are being leveraged for the servers, this should not change. If they are using hostnames, and the hostnames are changing, these column values may need manual modification after the restore; if you want to update the CN on the BigFix internal certificates, see How to change the Common Name (CN) on BigFix internal certificates.

  6. To avoid the duplication of the server computer entry on the BES Console, run the steps described in the Client data backup section in Avoiding duplicates when a Client is restored.