Enable secure target registration.
To prevent unauthorized targets from registering with the BigFix® Remote Control server, you can enable the secure registration feature and use tokens to authenticate the target.
After you install the server, create a registration token on the server and distribute it when you install the target. The token is used to restrict new target registrations, or restrict updates to existing target details when you reinstall a target. After the target registers, the server sends an endpoint token to the target to replace the token that was used when it registered. The target uses the endpoint token to authenticate with the server each time it contacts the server.
- New Installation scenario
- The following scenario covers a new installation of server and targets.
- Create a server installer task and select Use secure registration tokens to register targets. Ensure that HTTPS as Default for Target URL is also selected. Run the task. For more information about creating a server installer task, see Creating BigFix Remote Control server installation tasks.
- Create a secure registration token in the server UI.
- Click .
- Supply the following information for the token. The default time period starts from the current
date and time until 23:59 on the next day.
- Description for token. Enter a description for the token.
- Starting on. Click the calendar pull-down and select a date that the token is valid from. Enter a start time or keep the default time.
- Ending on. Click the calendar pull-down and select a date that the token is valid to. Enter an end time or keep the default time.
- Click Submit. Before you leave the page, you must copy the registration token. Keep the token secure and confidential.
- Run the relevant target deployment task and enter the registration token. For more information, see Deploying the Windows target or Deploying the Linux target.
- Upgrade scenario
- The following scenario covers an upgrade of the server and targets.
- Create a server configuration task. Do not select Use secure registration tokens to register targets. Select Migrate values from the existing properties files. Run the task. For more information about creating a server installer task, see Creating BigFix Remote Control server installation tasks.
- Create a secure registration token in the server UI.
- Click .
- Supply the following information for the token. The default time period starts from the current
date and time until 23:59 on the next day.
- Description for token. Enter a description for the token.
- Starting on. Click the calendar pull-down and select a date that the token is valid from. Enter a start time or keep the default time.
- Ending on. Click the calendar pull-down and select a date that the token is valid to. Enter an end time or keep the default time.
- Click Submit. Before you leave the page, you must copy the registration token. Keep the token secure and confidential.
- To upgrade the target, run the update task that is relevant to your operating system. For more information, see Updating the Windows target or Updating the Linux target.
- Run the Set Secure Registration Token for Remote Control Targets task and enter the registration token. For more information, see Distributing a secure registration token to targets.
- Enable the secure registration feature in the server UI.
- In the server UI select .
- Select trc.properties from the list.
- Set rc.enforce.secure.registration to true. Ensure that the enforce.secure.endpoint.callhome and enforce.secure.endpoint.upload properties are also set to true.
- Click Submit.
- Click