IBM BigFix Remote Control
The IBM® BigFix® Remote Control system includes the following main components:
- IBM BigFix Remote Control Target
- The target is installed on every computer that you want to control remotely with IBM BigFix Remote Control. It listens for connection requests that come from the controller. You can also start a remote control session over the internet with a target, by using a broker. The IBM BigFix Remote Control target can run in Windows™, Linux™, and Solaris operating systems.
- IBM BigFix Remote Control Controller
- Can be installed by using the Fixlet, or by using the installer that is provided for use in peer to peer sessions. It can also be launched in context from the remote control server or the IBM BigFix Remote Control console. In all instances, the controller can be used to allow the user to control a remote computer on which the remote control target is installed. The controller delivers an interface to several actions, available to the controller user, like remote control, guidance, chat, file transfer, collaboration, and many more.
- IBM BigFix Remote Control Server
- A web application that manages all the deployed targets that are
configured for managed mode and to point to the IBM BigFix Remote Control Server
's URL. The server is a web application that you can deploy on an
existing WebSphere® server,
or install through the installer package along with an embedded version
of WebSphere. The server
listens for HTTP or HTTPS connections by default. When it is installed
with the embedded WebSphere option,
it listens on ports 80 and 443. When it is deployed on top of an existing WebSphere server, the IBM BigFix Remote Control server
listens on ports 9080 and 9443. The server requires a database server:
embedded Derby, only for proof of concept deployments, DB2®, SQL Server, and Oracle are the supported
options. Additionally, it can also be configured to synchronize and
authenticate user and group data from an LDAPv3 server, like Active
Directory or Tivoli® Directory
Server. This deployment scenario has the same networking characteristics
as peer to peer. Therefore, direct TCP connectivity is required between
all the controllers and all the targets. However, the IBM BigFix Remote Control server
provides a method of centralized, and finer, policy control, where
targets can have different policies that are determined by the user
who is trying to start the remote control session. The Server also
provides for centralized audit and storage of full session automatic
recordings. In this scenario, the controller is not a stand-alone
application, but is started as a Java™ Web
Start application from the IBM BigFix Remote Control server's
web interface to start the remote control session. Note: Peer to peer and managed are not exclusive modes. The IBM BigFix Remote Control target can be configured in the following ways.
- Configured to be strictly managed.
- Configured to fail back to peer-to-peer mode when the server is not reachable.
- Configured to accept both peer to peer and managed remote control sessions.
The following components can be used only in managed mode:
- IBM BigFix Remote Control CLI tools
- Are always installed as part of the target component but it is
also possible to install them separately. The CLI provides command-line
tools for the following tasks:
- Script or integrate the launch of managed remote control sessions.
- Run remote commands on computers with the managed target installed.
- IBM BigFix Remote Control Gateway
- A service that is installed in computers in secure network boundaries, where there is strict control of traffic flows between the secure networks. For example, the firewall at the boundary allows only traffic between a pair of specific IP address and ports. In these scenarios, a network of gateways can be deployed. The gateway routes and tunnels the remote control traffic from the controller, that is sitting in a particular network zone, to the target that is in a different network zone. The gateway is a native service that can be installed on a computer that has a Windows or Linux operating system installed. It does not have a default port for listening, although 8881 is a usual choice, and can be configured for multiple incoming listening ports and outgoing connections.
- IBM BigFix Remote Control Broker
- A service that is installed in computers typically in a DMZ so that computers out of the enterprise network, in an Internet cafe or at home, can reach it. The IBM BigFix Remote Control broker receives inbound connections from the controller and the target and tunnels the remote control session data between the two components. The broker is a native service that can be installed on a Windows or a Linux computer. It does not have a default port for listening, but 443 is a recommended option because usually this port is open for outbound connections and has fewer issues with content filtering than, for example, 80 would have.