Step 2 - Installing the Server
Before running the installation, to ensure you have all the prerequisites,
see Server requirements.
Note: The
installation program installs all prerequisites using Yum. For information
about how to configure Yum and Yum repositories see Configuring Yum and Yum Repositories.
To install the BigFix Server in your production environment, perform the following steps:
- From the shell where you extract the server package, move to the
installation directory,
ServerInstaller_9.2.6.xxx-rhe6.x86_64
and enter the following command:./install.sh
- To install the Production, enter
2
:Select the type of installation [1] Evaluation: Request a free evaluation license from IBM Corp. This license allows you to install a fully functional copy of the IBM BigFix on up to 30 clients, for a period of 30 days. [2] Production: Install using a production license or an authorization for a production license. Choose one of the options above or press <Enter> to accept the default value: [1]
Note: If you enter1
to run the evaluation installation, consider that this type of installation does not support the enhanced security option. For more information about this feature see Security Configuration Scenarios. - After reading the License Agreement, enter
1
to accept it and continue. - Select
1
if you want to install all the components:Select the IBM BigFix features that you want to install: [1] All components (server, client, and WebReports) [2] Server and client only [3] WebReports only Choose one of the options above or press <Enter> to accept the default value: [1]
- Enter
1
to create a Master database for later replication or single database if you need only one database in your deployment.
If you enterSelect the database replication: [1] Single or master database [2] Replicated database Choose one of the options above or press <Enter> to accept the default: [1]
2
, you create a replica of an existing master. For additional information, see Using multiple servers (DSA). - To use a local database, enter
1
:
The local database name of BigFix server isSelect the database: [1] Use a local database [2] Use a remote database Choose one of the options above or press <Enter> to accept the default: [1]
BFENT
. The local database name of Web Reports isBESREPOR
.Note: To use an external database for BigFix, you must perform the following steps:- Install the DB2® server on the remote workstation.
- Install a DB2 client on the workstation from where you run the BigFix Server installation
- Connect the DB2 server to the DB2 client installed on the workstation from where you run the installation, that is, the port of the DB2 database (default 50000) must be reachable by the workstation where the installation is running.
- Provide the following information in the installation procedure:
- the remote DB2 node
- the DB2 port number
- the user name of the local DB2 instance owner
- Enter the location where the downloaded files for the Clients
are stored:
Choose the web server's root folder: Specify the location for the web server's root folder or press <Enter> to accept the default: /var/opt/BESServer
- Enter the location where the WebReports Server stores its files:
Choose the WebReports server's root folder: Specify the location for the WebReports server's root folder or press <Enter> to accept the default: /var/opt/BESWebReportsServer
- Enter the WebReports server's port number:
The default is 80.Choose the WebReports server's port number: Specify the port number or press <Enter> to accept the default: 80
Note: If you are installing BigFix Version 9.2.5, the default value is8080
. If you are upgrading to BigFix Version 9.2.5, the default value remains80
. - If you are installing BigFix V9.2.5,
you can specify a name of the DB2 instance name used by BigFix different
from the name of the DB2 user.
Specify the name of the DB2 instance that you want to use or press <Enter> to accept the default value: db2inst1
- Enter the user name for the local DB2 Administrative
user. The default is
db2inst1
. - Enter the DB2 Local Administrative user password.
- Enter the DB2 instance configuration.
- Enter the user ID and the password to define the BigFix administrative user.
- If the local firewall is running, the installation program asks
to enter the
Local firewall configuration
. - To run the installation using a BES license authorization file,
enter
1
.Choose the setup type that best suits your needs: [1] I want to install with a BES license authorization file [2] I want to install with a production license that I already have [3] I want to install with an existing masthead
Note: If you already ran a first installation, or part of it, you can specify option2
or3
, with an existing production license (license.crt, license.pvk
) or an existing masthead (masthead.afxm
) and perform only some of the installation steps. - Specify if a proxy must be used to communicate over the internet to external content sites or to BigFix subnetworks.
- If your environment needs to use a proxy, specify the proxy hostname or IP Address and, optionally, the port number.
- The installation procedure shows you the default configuration
settings:
Proxy user: none Proxy password:none Proxy tunneling capability: let proxy decide Authentication method: all methods allowed by the proxy Proxy exception list: localhost,127.0.0.1 Use the proxy for downstream notification: false
- You can accept the default settings or, alternatively, you can assign different
values. These are thee settings that you can specify:
See Setting a proxy connection on the server for details about supported values and their usage.#################### Server port number Specify the server port or press <Enter> to accept the default: 52311 #################### Enable the use of FIPS 140-2 compliant cryptography [1] Use of FIPS enabled [2] Use of FIPS disabled Choose one of the options above or press <Enter> to accept the default value: [2] #################### Gathering interval Specify the time interval that you want to use. The default value is suitable for most of the IBM BigFix deployments. [1] Fifteen minutes [2] Half an hour [3] One hour [4] Eight hours [5] Half day [6] One day [7] Two days [8] One week [9] Two weeks [10] One month [11] Two months Choose one of the options above or press <Enter> to accept the default value: [6] #################### Initial action lock [1] Locked [2] Lock duration [3] Unlocked Choose one of the options above or press <Enter> to accept the default value: [3] #################### Action lock controller [1] Console [2] Client [3] Nobody Choose one of the options above or press <Enter> to accept the default value: [1] #################### Enable lock exemptions [1] Lock exemption enabled (fairly unusual) [2] Lock exemption disabled Choose one of the options above or press <Enter> to accept the default value: [2] #################### Enable the use of Unicode filenames in archives [1] The use of Unicode filenames in archives is enabled. [2] The use of Unicode filenames in archives is disabled. Choose one of the options above or press <Enter> to accept the default value: [1]
Note: If you want to enable FIPS mode, ensure that the proxy configuration is set up to use an authentication method other than digest, negotiate or ntlm.Note: If you specify to use the negotiate authentication method on a server or relay, a different authentication method might be used.Note: The proxy configuration specified at installation time is saved in the server configuration fileBESServer.config
and it is used also at runtime. - Optionally you can test if the connection to the
proxy can be successfully established. In particular you can select
to:
[1] Test the connection [2] Test the connection using FIPS [3] Do not test the connection
- If selected option 1 in the step 15, specify where the generated
license authorization file is located:
License Authorization Location Enter the location of the license authorization file that you received from IBM or press <Enter> to accept the default: ./license/LicenseAuthorization.BESLicenseAuthorization
- Specify the DNS name or ip address of the machine on which to install the server. This name is saved in your license and will be used by clients to identify the BigFix server. It cannot be changed after a license is created.
- Specify the related Site Admin Private Key Password.
- Specify the size in bits of the key used to encrypt the credentials:
Key Size Level Provide the key size that you want to use: [1] 'Min' Level (2048 bits) [2] 'Max' Level (4096 bits) Choose one of the options above or press <Enter> to accept the default: [2]
- Enter the License folder where the installation generates and
saves
license.crt
,license.pvk
andmasthead.afxm
.Choose License Folder: Specify a folder for your private key (license.pvk), license certificate (license.crt), and site masthead (masthead.afxm) or press <Enter> to accept the default: ./license
- After you specify where to save the files
to be generated, you can submit the request to IBM for getting the
license certificate by choosing one of the following options depending
on if your machine is connected to Internet:
If you choose 1, you can continue with the next installation step.[1] Submit request from this machine over the Internet. The request will be redeemed for a license certificate (license.crt) and saved in your credential folder. [2] Save request to a file and send it to IBM at the URL: 'http://support.bigfix.com/bes/forms/BESLicenseRequestHandler.html'. This method might be necessary if your deployment is isolated from the public Internet.
If you choose 2, therequest.BESLicenseRequest
request is generated. You can continue the installation by importing the certificate specifying the location of the license certificate (such as:./license/license.crt
) or exit from the installation and rerun it at a later time as described in the installation procedure:
If you exit the installation, you can rerunInfo: The following License Request file was successfully generated: ./license/request.BESLicenseRequest #################### Import License Certificate [1] Continue with the installation importing the certificate (license.crt). [2] Exit from the installation, I will import the certificate at a later time.
./install.sh
later and repeat all the steps specifying that you want to use the generated license with option 2:Choose the setup type that best suits your needs: [1] I want to install with a BES license authorization file [2] I want to install with a Production license that I already have [3] I want to install with an existing masthead
To import the files, you need to specify the license certificate file (./license/license.crt
) and the Site Admin Private Key (./license/license.pvk
) to administer the database:License Certificate Location Enter the location of the license certificate file or press <Enter> to accept the default: ./license/license.crt Site Admin Private Key: Specify the site Level Signing Key file (license.pvk) for the database you want to administer or press <Enter> to accept the default: ./license/license.pvk
- Accept the default masthead values:
or change them by enteringServer port number: 52311 Use of FIPS 140-2 compliant cryptography: Disabled Gather interval: One Day Initial action lock: Unlocked Action lock controller: Console Action lock exemptions: Disabled Unicode filenames in archives: Enabled
2
:
You can change the following masthead parameters:[1] Use default values [2] Use custom values
- Server port number
- Specify the number of the server port. The default value is: 52311. Note: Do not use port number 52314 for the network communication between the BigFix components because it is reserved for proxy agents.
- Enable use of FIPS 140-2 compliant cryptography
- Use this setting to specify whether or not to be compliant with
the Federal Information Processing Standard in your network. Enter
1 to enable it, 2 to disable it. The default value is 2.Note: Enabling FIPS mode prevents the use of some authentication methods when connecting to a proxy. If you selected to use a proxy to access the Internet or to communicate with subcomponents, ensure that you selected an authentication method other than digest, negotiate or ntlm.
- Gathering interval
- This option determines how long the clients wait without hearing
from the server before they check whether new content is available.
Specify the interval time to use by entering one of the following
values:
The default value is: 6 (one day).[1] Fifteen minutes [2] Half an hour [3] One hour [4] Eight hours [5] Half day [6] One day [7] Two days [8] One week [9] Two weeks [10] One month [11] Two months
- Initial action lock
- You can specify the initial lock state of all clients, if you
want to lock a client automatically after installation. Locked clients
report which Fixlet messages are relevant for them, but do not apply
any actions. The default is to leave them unlocked and to lock specific
clients later on. You can select one of the following values:
The default value is: 3 (unlocked).[1] Locked [2] Lock duration [3] Unlocked
- Action lock controller
- This parameter determines who can change the action lock state.
You can select one of the following values:
[1] Client [2] Console [3] Nobody
- Enable lock exemptions
- In rare cases, you might need to exempt a specific URL from any
locking actions. This setting allows you to disable or disable this
function. You can select one of the following values:
The default value is[1] Lock exemption enabled (fairly unusual) [2] Lock exemption disabled
2
(disable lock exemption). - Enable the use of Unicode filenames in archives
- This setting specifies the codepage used to write filenames in
the BigFix archives.
You can select one of the following values:
[1] The use of Unicode filenames in archives is enabled. [2] The use of Unicode filenames in archives is disabled.
1
in the previous step, you have now created the license files (license.pvk
andlicense.crt
files). After this step, themasthead.afxm
file is created with the specified parameters. - Enter the port number for the DB2 connection to create the DB2
instance:
#################### DB2 Connection: Specify the DB2 Port Number or press <Enter> to accept the default: 50000
- The installation program checks if a DB2 instance is already
installed. If it is already installed, skip to step 5.If the database is not detected, enter
1
to specify the DB2 download package and install it:#################### DB2 Installation check The installer does not detect DB2 as installed on the system. Determine which of the options corresponds to your installation: [1] DB2 is not installed, install it [2] DB2 is installed, use the installed instance [3] Exit from the installation Choose one of the options above or press <Enter> to accept the default: [1] If the user chooses the option1 then the user will be prompted with the following question with details of the settings that will be used.
- Enter
1
to accept the DB2 default settings:#################### DB2 Installation DB2 will be installed using the following settings: DB2 Instance owner: db2inst1 DB2 Fenced user: db2fenc1 DB2 Administration Server user: dasusr1 DB2 communication port: 50000 DB2 Installation directory: /opt/ibm/db2/V10.5 If you need to use settings different from those proposed above, you can specify them in the installation response file. Refer to the product documentation for further details. [1] Proceed installing also DB2 [2] Exit from the installation Choose one of the options above or press <Enter> to accept the default: [1]
The BigFix Server installation is now complete. You can now install the BigFix Console on a Windows™ System and log on with the account you created during the installation of the server.
You can see installation errors in the BESinstall.log
and
the BESAdmin
command line traces in the BESAdminDebugOut.txt
files
under the /var/log
directory.