Correlated devices

BigFix 11 has the capability of correlating multiple representations of the same computer, allowing operators to manage them as a single entity (also referred to as correlated device throughout this documentation) as well as to operate on a specific representation as needed.

For instance, if the Microsoft Azure cloud plugin discovers a VM created on Microsoft Azure, and at the same time the discovered VM runs the BigFix Agent, then two separate representations of the same computer is reported to the BigFix Server. In this case, BigFix 11 correlates the two representations, and the BigFix Console shows them in a grouped, expandable format.

In this documentation, the term proxied refers to computer representations discovered by cloud plugins, and the term native refers to computer representations associated to BigFix Agents.
Note: The correlated device requires BigFix Agent version 10 or higher.
Note: Up to BigFix Platform Version 10.0.8, the data required for the correlation in Amazon Web Services are retrieved by the BigFix Agent using Amazon IMDSv1 protocol. Starting from BigFix Platform Version 10.0.9, these data are retrieved using Amazon IMDSv2 protocol.

Enabling device correlation for a cloud plugin

When a cloud plugin is installed, the correlation feature for devices discovered by that plugin is automatically activated.

Displaying correlated devices

The correlated device is a logical entity, and the BigFix Console shows it as an expandable object in the Computers view. The root element of the object represents the correlated device itself, and has an own Computer ID. The ID of the correlated device is created at correlation time, and typically falls in a range higher than the IDs of the single representations. Correlated representations are shown slightly indented when expanding the correlated device.

In the blue boxes examples of expanded correlated devices, in the orange boxes examples of collapsed correlation computers

The correlated device inherits the properties from all the devices it correlates. In case the devices report different values for the same property, the correlated device inherits the value from the native one as it is the most accurate and meaningful source of data.

Note:
  • When one of the correlated representations has not been checking in for the amount of time specified in the BigFix Console preferences, besides appearing itself as offline, it makes the correlated device appear offline as well.
  • The Agent Version associated with proxied computers corresponds to the version of the Plugin Portal that is managing them.
  • The Computer Name of proxied computers discovered by the AWS plugin corresponds to the name of the host taken from the Private DNS Name.

Administering correlated devices

Correlated devices are visible to Master Operators and to Non-Master Operators who administer two or more correlated representations. Operators can administer the correlated representations independently of one another. No inheritance mechanisms propagate administration rights from a correlated representation to another one.

Performing operations on correlated devices

Operators can target correlated devices, and depending on the type of operation, the BigFix Server takes care of dispatching it to the proper correlated representations. Following are a few examples:

  • As shown in the following figure, an Operator takes a custom action, and in the Target tab, clicks Select devices and selects a correlated device:

    In this case, the BigFix Server dispatches the action to one of the correlated representations based on the parsing of the actionscript commands. If only one of the correlated representations can run all the commands of the actionscript, then the BigFix Server dispatches the action to that representation. If the whole actionscript is applicable to more than one representation, then the BigFix Server always chooses to dispatch the action to the native computer.

    Note:
    • If the Operator wants to target a specific computer representation, it is enough to expand the correlated device in the Target tab, and select the desired representation. In this case, the BigFix Server sends the action to that representation directly.
    • If the action is taken from a Fixlet that is applicable to only one of the representations (in this scenario, you can verify it by expanding the correlated device in the Target tab), then the action is sent to that representation.
  • Operator runs a BigFix query and targets a correlated device. In this case, the BigFix query is always sent to the native computer because the BigFix Agent is the only component that can execute a BigFix query.
  • In the Computers view, an operator selects a correlated device and adds it to a manual computer group. In this case, all the correlated representations are added to the manual computer group.
  • In the Computers view, an operator selects a correlated device and opts for Remove From Database.... In this case, all the correlated representations are set to deleted, and stop being displayed by the BigFix Console both as correlated and standalone computers.
  • In the Computers view, an operator selects a correlated device and runs a Send Refresh. In this case, the refresh notification is sent to all the correlated representations.
Note: Any client relevance expressions referring to the IDs of correlated device are not matched by any native or proxied computers, because those IDs represent logical entities that are only known to the BigFix Server. For instance, referring to the IDs of correlated devices for defining an automatic computer group or for subscribing computers to a site does not cause any computers to be included in the computer group or be subscribed to the site.

Using REST APIs with correlated devices

While remaining compatible with the XML schema definition of previous BigFix releases, REST APIs in BigFix 11 can handle correlated devices supporting them with methods and applicable resources.

For instance, the ID of a correlated device may be used as target of an action, and in this case the BigFix Server takes care of dispatching the action to the proper target based on the operator permissions and on the commands contained in the actionscript.

Similarly, the ID of a correlated device may be used to retrieve information from the BigFix Server. For instance, if an operator wants to retrieve the settings of a correlated device, the REST API returns an XML made up of a main section with the settings of the native computer, and a subsection named ManagementExtension that contains the settings of the proxied computer. For further details, see Computer REST APIs.

Using Session Relevance with correlated devices

When using session relevance, the inspectors bes computers and bes computers set, in case of correlated devices, will return only the BES Computer object related to the CorrelationID. Asking for the value of Properties or applicability of Fixlets on a BES Computer representing a Correlated device will be the same as querying its representations (Native and Azure for example) in order of priority and returning the first available.

Two new session relevance inspectors were introduced, bes computers with extensions and bes computers with extensions set, where the set of computers returned will include both the BES Computer representing the correlated device and its representations.

To check if a BES Computer object represents a correlated device or a representation of a correlated device, two new properties were added to the BES Computer object:
  • correlation flag of <bes_computer> : boolean returns true for a BES Computer object representing a correlated device.
  • extension flag of <bes_computer> : boolean returns true for a BES Computer object representing an extension of a correlated device.
Two properties were also added to query an extension for its correlated representation:
  • correlation of <bes_computer> : bes_computer to return a BES Computer object of the correlation device from an extension.
  • correlation id of <bes_computer> : integer to return only the Computer ID of the correlation device from an extension.
For example a relevance such as:
(name of it, agent type of it, correlation id of it) of bes computer with extensions 
whose (extension flag of it)
returns for all devices that partecipate in a correlated device, their name, their agent type and the ID of the correlated device.
With a deployment like the one in the screenshot of the Displaying correlated devices section described above, it would return the following tuples:
ip-172-31-16-130.eu-west-3.compute.internal, Native, 2154271525
ip-172-31-16-130, Proxy - Amazon Web Services, 2154271525
NC926057, Native, 2154568203
NC926057-Win10, Proxy - VMware, 2154568203
nc926163.prod.hclpnp.com, Native, 2691200772
NC926163-RHEL8, Proxy - VMware, 2691200772
azure-sles-system, Native, 2692268216
azure-sles-system, Proxy - Microsoft Azure, 2692268216
NC926171, Native, 2699955519
nc926171-Win2019-Srv, Proxy - VMware, 2699955519

For further details, see Computer Inspectors.

Deleting a correlated representation

If, for instance, a correlated device correlates a native and a proxied representation, and at some point one of the two representations is set to deleted (either manually through the BigFix Console, by the BigFix Computer Remover tool, or through the BigFix WebUI or automatically by the BigFix Server, when a resource is no longer discovered by the Cloud Plugin, for details see Discovering cloud resources), the correlated device is set to deleted as well, and is no longer displayed by the BigFix Console. The remaining representation goes back to being displayed as a standalone computer.

When the BigFix Computer Remover tool removes the deleted representation from the database, the correlated device is removed as well.