Server Backup

  1. Using SQL Server Enterprise Manager, establish a maintenance plan for nightly backups for the BFEnterprise and BESReporting databases. Multiple backup copies allow for greater recovery flexibility. Consider backing up to a remote system to allow for higher fault tolerance.
  2. Back up the following files and folders used by the BigFix Server:
    • [IEM Server folder]\UploadManagerData.
    • [IEM Server folder]\BESReportsData\<rootserverhostname>\masthead.afxm.
    • [IEM Server folder]\BESReportsServer\wwwroot\ReportFiles -- Support files for custom Web Reports.
    • [IEM Server folder]\Encryption Keys -- Private encryption keys (if using Message Level Encryption).
    • [IEM Server folder]\wwwrootbes\Uploads -- Contains custom packages that were uploaded to the system for distribution to clients.
  3. If any of the following files and folders, used by the BigFix Server, can be rebuilt automatically by the server if a failure occurs, back them up for faster recovery.
    • [IEM Server folder]\Mirror Server\Inbox\bfemapfile.xml. Information necessary for IBM Endpoint Manager Agents to get actions and Fixlets.
    • [IEM Server folder]\wwwrootbes\bfsites. Information necessary for BigFix Agents to get actions and Fixlets.
    • [IEM Server folder]\wwwrootbes\bfmirror\bfsites. Information necessary for BigFix Agents to get actions and Fixlets.
    • [IEM Server folder]\wwwrootbes\bfmirror\downloads. Contains the download cache.
  4. Securely back up site credentials, license certificates, and publisher credentials, and the masthead file.

    The license.pvk and license.crt files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered.

    The masthead file is an important file that must be used for recovery. It contains the information about the BigFix server configuration. This file can be exported via the Masthead Management tab of the Administration tool.
  5. Complete the following steps to decrypt the encrypted server signing key ([IEM Server folder]\EncryptedServerSigningKey):
    1. Copy the EncryptedServerSigningKey to a backup folder.
    2. Change directory to the backup folder and go to the following link ServerKeyTool.zip to download the ServerKeyTool.
    3. Run the following command to decrypt the server signing key:
      ServerKeyTool.exe decrypt UnencryptedServerSigningKey
    4. Securely back up the UnencryptedServerSigningKey.