Installing by using the server installer
The BigFix® Remote Control server installer can be used on Windows™ operating systems, Red Hat Linux™ operating systems, and SUSE Linux™ operating systems. A fully functional self-contained server with either of the following component setup is installed.
About this task
- BigFix® Remote Control server with WebSphere® Application Server Liberty Profile version and a Derby database.
-
BigFix® Remote Control server with WebSphere® Application Server Liberty Profile version and one of the following databases:
- IBM DB2 10.x, 11.x Workgroup(WSE) and Enterprise Edition(ESE).
- Oracle 11g and 12c.
When you use an Oracle database, if you are using the Oracle 11g drivers, set oracle.increment.keys.off=1 in the trc.properties file. Restart the server service.
- Microsoft SQL server 2008, 2012, 2014, and 2016.
You must use a JDBC driver whose version is bigger than 6.3. Older versions do not support TLS1.2 or JRE8.
When you use an MS SQL database, Windows™ authentication is not supported. You cannot log on with a domain user. You must use mixed mode authentication and create an SQL user to connect to the database.
Approximate installation time
- Specifying options in the installer: 5 - 10 minutes.
- Installation of the software: 5 minutes.
- A minimum screen resolution of 1024 by 768 pixels is recommended when you are using the installer.
- On a Linux™ operating system, you must install libstdc++.so.5 when you are installing and configuring the operating system. If this package is not installed, you can install package compat-libstdc++-33, which contains libstdc++.so.5.
[INSTALLDIR]/trcserver.bak.
The current server installation in [INSTALLDIR]/wlp/usr/servers/trcserver is then renamed or moved to [INSTALLDIR]/trcserver.bak.
You can access the backup directory to restore or recover anything from the previous installation.
To install the BigFix® Remote Control server application, complete the following steps:
Procedure
- Run the server installation file relevant to your operating
system.
- Windows™ systems
- trc_server_setup.exe
- Linux™ systems
- trc_server_setup.bin
- Choose the language and click OK.
- At the Introduction window click Next.
- Click to accept both the IBM® and non-IBM® terms, click Next.
- Accept the default location or click Choose to
define a location for the installation files, click Next.
Note: WebSphere® Application Server cannot be installed in a directory with a name that contains non-English-language characters. This installation installs an embedded version of WebSphere® Application Server. Therefore, you must choose a destination for the installation files that do not contain any non-English-language characters.
- Select the database, click Next.
Note: Derby is embedded in the application and is installed locally when you select Derby. To use DB2® or Oracle, you must install them and create a database instance before you install BigFix® Remote Control.
- Enter the options for your selected database and click Next.
- Derby
- Specify a name for the database, click Next.
For example,
TRCDB
.Note: If you are using an existing database, you can choose to drop the database.
- Specify a name for the database, click Next.
For example,
- DB2®
- Database server
-
The IP address or host name of your database server.Note: 127.0.0.1 can be used when DB2® is installed locally. If you install DB2® on a remote system, type the IP address of the remote system.
- Port
- Port on which DB2® is installed.Note:
- On Windows™® systems, the default port is 50000. On Linux™ systems, the default port is 50001.
- A remote DB2® installation is limited to type four connections. A local installation can use type two or four. For type two connections, set the port value to 0.
- Administrator Userid
Specify the Administrator user ID that is used for logging on to the database. The user ID must have admin access to the database.
If you select create database, the user ID must have administrator access for DB2®.- Administrator password
-
Specify the Administrator password for connecting to the database.
- Database Name
- Specify a name for the database. For example,
TRCDB
.Note: If you are using a remote database, type the name of the database that was created on the remote system. - Directory path to db2jcc.jar file
-
Specify the path to the DB2® JAR files, db2jcc.jar, and db2jcc_license.jar
Note: If you are using a remote database share the drive, on the remote system, that the DB2® JAR files are in. Enter the shared drive location. - Create database
- If DB2® is installed locally
(127.0.0.1), you can select to create a blank database during the installation. You can also select
to drop an existing local database and create a new database. Note: Do not select create database or drop database if you are using a remote database.
- Path for database install
- Specify the path where the database can be installed. If the installation is
local and you select to create the database, the admin user who is specified must have the
appropriate authority. On a Windows™ system, use the
db2admin user, and on a Linux™ system, the user must be a
member of the group db2grp1. Note:
- Linux™ systems
- Specify a directory that the admin User ID has read and write permissions for.
- Windows™ systems
- Specify a drive letter.
- Oracle
- Database server
- The IP address or host name of your database server. 127.0.0.1 can be used when Oracle is installed locally. If you install Oracle on a remote system, type in the IP address of the remote system.
- Port
- Port on which Oracle is installed.
- Administrator Userid
- Specify the administrator user ID that is used for logging on to the database. The
user ID must have admin access to the database. Note: For an Oracle installation, a user that is called asset must exist. This user ID can be used here or use an existing or new user.
- Administrator password
- Specify the administrator password for connecting to the database.
- Database Name
- Specify a name for the database. The name is the SID name on the server, not
the one in tnsnames.ora. For example,
TRCDB
. - Directory path to the oracle Java JDBC library
- Specify the path to the oracle Java™ JDBC library. The location can be obtained from the Oracle server installation or downloaded from the Oracle website. For example, c:\oracle\ora92\jdbc\lib\ojdbc14.jar
- MSSQL
- Database server
- The IP address or host name of your database server. Note: 127.0.0.1 can be used when MS SQL is installed locally on a Windows™ system only.
- Port
- Port on which MS SQL is installed.
- Administrator Userid
- Specify the administrator user ID that is used for logging on to the database. The user ID requires admin access to the database.
- Administrator password
- Specify the administrator password for connecting to the database.
- Database Name
- Specify a name for the database. For example,
TRCDB
. - Directory path to the MS JDBC Java files
- Specify the path to the MS JDBC Java files. The
mssql-jdbc-X.X.X.jre8.jar
file must be used depending on the version of MS SQL database that you are using. - If installed on the same server, select to create database
- If MS SQL is installed locally, you can select to create the database.
- Drop the database if installed locally
- Select if you already have an existing database with the name that is entered for Database Name that you do not want to use.
- If local, select path where to create the database
- Specify the database installation path. If the installation is local and you
select to create the database the Admin user must have appropriate authority to do so.
- Linux™ systems.
- Specify a directory that the admin User ID has read and write permissions for.
- Windows™ systems.
- Specify an existing directory.
- Specify the web server parameters then
click Next.
- Force targets to use HTTPS
- Select this option for the target software to communicate with the server by using the HTTPS URL. The enforce.secure.endpoint.callhome and enforce.secure.endpoint.upload properties in the trc.properties file are also set to true. The check box is selected by default on a new installation.
- Use secure registration tokens to register targets
- Select this option to enable the secure target registration feature. This feature prevents unauthorized targets from registering with the BigFix® Remote Control server. The check box is selected by default on a new installation. Ensure that the Force targets to use HTTPS option is also selected. For more information about secure registration, see Enable secure target registration.
- Upload data to server
- The fully qualified name for the BigFix® Remote
Control server.
For example,
trcserver.example.com
Note: You must make sure that you enter the fully qualified name. The name is used for creating the URL in the trc.properties file that is passed to the target after it contacts the server for the first time. If the fully qualified name is incorrect, the target might not be able to contact the server successfully when it is next due to contact it. - Web path of URL
- Specify the web path for the server URL. For example,
/trc
. - Server port on Webserver (default 80)
- Specify a port for the server.
- SSL Port (default 443)
- Specify a port for SSL.
- Administrator email
- Specify an administrator email address. For example,
admin@company.com
.Note: To use the email function, you must install a mail server. Edit the trc.properties file after you install the BigFix® Remote Control server. For more information about editing the properties files, see the BigFix® Remote Control Administrator's Guide - Enable FIPS
- Select this option to enable FIPS compliance on the server. For more information about enabling FIPS compliance, see Federal information processing standard (FIPS 140-2) compliance in BigFix Remote Control .
- Enable NIST SP800-131A Compliance (Enables FIPS)
- Select this option to enable NIST SP800-131A compliance on the server. For more information about enabling NIST SP800-131A compliance, see NIST SP800-131A compliance in BigFix Remote Control.
- Select options for your SSL
certificate and click Next. The certificate
configuration is stored in the ssl.xml file.
- Use an auto generated certificate store
- Select this option to use a self-signed certificate that is generated
by the installer. Note: If the following options are not enabled, click Use an auto generated certificate store to enable them.
- Overwrite an existing certificate store.
- If a self-signed certificate store is already saved, the new certificate overwrites the saved certificate store. This option is the default option.
- Password for a new or a previously generated certificate store.
- Type a new password for the self-signed certificate. If you do not select to overwrite, type the password for your existing auto generated certificate store. If left blank, the default password TrCWebAS is saved as the password. The password must have a minimum of 6 characters.
- Select an existing certificate store
- Select this option to use an existing certificate store that is
already saved.
- Select existing certificate store location.
- Click Choose to browse to the relevant certificate store. Select the
certificate store. The file extension can be .jks or .p12.
When you use an existing certificate store, it is not copied to the installation directory during installation. The server software instance points to the location of the certificate store that you provide. Therefore, you must make sure that you save the certificate store to an adequate location on the server before you start the server installation. The certificate store must be stored in a location that does not get deleted. Therefore, do not save the file in the [installdir]\wlp directory or any of its subdirectories. Do not delete the certificate store at the end of the installation.
If you select a previously saved auto-generated certificate store from the server installation directory, a warning is displayed. Choose Copy file to copy the file to a location that is not deleted during the installation. If the file is not copied successfully, you must manually copy the certificate store file to another location. Click Choose and select the new location of the file.Click Restore Default to reset the field value to its original value.
- Enter the certificate store password.
- Type a password for the certificate store.
-
Select options to configure Single-Sign-On (SSO) and click Next. The SSO
configuration is stored in the sso.xml file.
- Enable SSO
- Select this option to enable Single-Sign-On (SSO). To continue with the configuration, you must get the SAML metadata XML file from the Identity Provider (IdP) and which hash algorithm they are using: SHA-1 or SHA-256.
- Metadata XML file
- Click Choose and select the SAML metadata XML file that you obtained from the IdP.
- Algorithm used to sign SAML messages
- Select the signature algorithm (SHA-1 or SHA-256) to use to sign messages in communications between the Identity Provider (IdP) and this Service Provider (SP) which is the BigFix® Remote Control Server.
- Advanced parameters (optional)
- Type in further configuration options, by adding attribute names in a space-separated list, in the following format: [keyword]="[keyword-value]". Where [keyword] is the attribute name and [keyword-value] is the attribute value. For more information about further configuration parameters, see SAML Web SSO 2.0 Authentication (samlWebSso20)
- Force regeneration of SAML data. (you must re-register with the IdP)
- The first time that you enable SSO, a new default SAML certificate keystore is created. For future upgrades, you can select the regeneration option to create a new default certificate keystore. The current keystore is deleted and the new one is saved. When you select this option, you must reestablish the connection between the SP and the IdP after the server restarts.
- Select a location for the product icons to be displayed.
If you select Other, click Choose to specify a location.Note: Product icons do not work when you are using Linux™.
- In the Summary pane, click Install.
- If you selected to enable SSO, a pane that is labeled as Important is displayed. Take note of the URL and information and click Next.
- Click DONE to complete the installation.
Results
- It is important to make sure that the URL property in the trc.properties file contains the correct URL for the BigFix® Remote Control server. This property is used when targets contact the server and for determining the server during a remote target installation. If the URL property value is not correct, the remote targets are not able to contact the server successfully. Therefore, you might have problems when you start remote control sessions with the targets.
- If the IP address of the server changes at any time, make sure that you update the URL property in trc.properties. Restart the server service because the targets try to contact to the old IP address until the change to the property is made.