Broker troubleshooting and FAQs
This section provides some answers to questions that might arise when you are installing or using the broker functions.
- Why should I install broker support in my environment?
- If a target is situated outside of your enterprise network and
it requires support, you must install broker support so that remote
control connections can be made across the internet to the target. Note: It should be noted that the targets should be managed by a remote control server.
- What method can I use to install broker support?
- If you have access to the BigFix® console you can
use the deployment node to deploy the broker support relevant to your operating system. For more
details about deploying from the console, see the BigFix® Remote Control Console User's
Guide.
You can also use the BigFix® Remote Control Console User's Guide installation files to install broker support. For more details, see the BigFix® Remote Control Installation Guide.
- After I install broker support, what do I do next?
- After you install the broker support, you must complete the following steps.
- Create a broker configuration. For more information about configuring brokers, see Broker configuration.
- Register your brokers in the BigFix® Remote Control server. For more information about broker registration, see Registering a broker on the server.
- Obtain the required certificates for your broker. For more information about certificates, see Certificate Authority signed certificates. You can create self-signed certificates for each broker that you install. For more information about self-signed certificates, see Using strict verification with self signed certificates.
- Add the certificates to the broker. For more information about adding the certificates, see Configuring the keystore on the broker
- Upload the certificates to the server truststore. For more information about uploading the certificates, see Truststore configuration.
- Is only one broker allowed?
- No, you can install multiple brokers in your environment to suit your specific requirements. For example, a possible motivation would be to provide service failover so that new sessions can continue to be serviced while one of the brokers goes down. When you have installed the brokers, you must configure them. Add the relevant connection parameters that are required to allow connections to be made between your brokers and controllers and targets. For more information about configuring endpoint connections, see Allowing endpoints to connect to a broker. For details about connections between a broker and other brokers, see Support for multiple brokers.
- How do I select a target and connect to a broker?
- When you start broker remote control session, do not select a target. You must use the Start a Broker session option in the BigFix® Remote Control server GUI to initiate the session and connect to a broker. Pass the connection code to the target user. The target user can start a broker remote control session and use the connection code to make the correct connection. For more information about starting a broker session, see the BigFix® Remote Control Controller User's Guide.
- If there are multiple brokers installed which broker do I connect to?
- You do not connect to a specific broker. When multiple brokers
are registered in the remote control server, the list of brokers is
known as the brokerlist. When you start a broker remote control session,
the controller system tries to connect to each broker in the list until
it makes a successful connection to one. The target system also does
the same when it is connecting to a broker. If the controller and
target connect to different brokers, the controller disconnects and
connects to the same broker as the target. To make the connection,
the controller uses the host name that is defined in the broker property PublicBrokerURL,
on the broker that the target is connected to.Note: The host name that is defined in PublicBrokerURL must match the host name that is defined in the certificate for the broker. It must also match the host name that you use to register the broker in the remote control server.For more information about broker properties, see Configuring the broker properties.
- What session modes are available for remote control sessions that connect through a broker?
- When you start a remote control session through a broker, an Active session is initiated by default. However, if Active mode is not enabled in the session policies that are defined for the session, the next available session mode is used. The following order of precedence applies, Guidance, Monitor, Chat, File transfer. In addition, if user acceptance is enabled for the session, the target user can select a different session mode to start from the acceptance window. For more details about starting a broker session, see the BigFix® Remote Control Controller User's Guide.
- How do I create a certificate?
- If you are using a Certificate Authority (CA) certificate, you must consult their documentation to see how the root certificate and any relevant intermediate certificates can be obtained. For self-signed certificates, you can use the key management tool iKeyman. This tool is included with BigFix® Remote Control and is also available through IBM WebSphere Application Server. For more information about creating certificates, see Creating a self signed certificate.
- What do I do if my certificate is about to expire?
- You can add a certificate to the broker and to the truststore on the server. However, to allow the target to start a session through the broker it must continue to use the old certificate. The reason for this is that the target does not yet trust the new certificate, therefore it would be unable to start a session. For more information about changing to a new certificate, see Migrating to a new certificate.