Home
Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
Installing on Linux systems
After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
DSA on Linux
Authenticating Additional Servers (DSA)
Multiple servers can provide a higher level of service for your BigFix installation.

Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
- Introduction
  BigFix aims to solve the increasingly complex problem of keeping your critical systems updated, compatible, and free of security issues. It uses patented Fixlet technology to identify vulnerable computers in your enterprise. With just a few mouse-clicks you can remediate them across your entire network from a central console.
- BigFix Platform Unicode Support Overview
  BigFix Platform V9.5 gathers data from BigFix clients deployed with different code pages and languages, encode the data into UTF-8 format, and report it back to the BigFix server.
- Sample deployment scenarios
  The following deployment scenarios illustrate some basic configurations taken from actual case studies. Your organization might look similar to one of the examples below, depending on the size of your network, the various bandwidth restrictions between clusters and the number of relays and servers. The main constraint is not CPU power, but bandwidth.
- Requirements and assumptions
  BigFix runs efficiently using minimal server, network, and client resources.
- Types of installation
  Before you install the product, decide if you want to do an evaluation or production installation.
- Managing licenses
  You must obtain a license key before you can install and use BigFix.
- Before installing
  Before running the installation make sure that you read the following topics and run the requested activities if needed.
- Installing on Windows systems
  Now that you understand the terms and the administrative roles, you are ready to get authorized and install the programs.
- Installing on Linux systems
  After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
  - Installing and configuring DB2
    Depending on which version of DB2 you want to install, you install DB2 either before installing the BigFix server or at the same time:
  - Downloading BigFix
    Download BigFix from HCL License & Delivery Portal (Flexnet).
  - Performing an evaluation installation on Linux
    To install a BigFix server with an evaluation license on Linux, perform the following steps:
  - Installation Command Options
    You can run the Production or Evaluation installation in interactive or silent mode.
  - Installing the components
  - Installation Folder Structure
    After the BigFix installation, you can see the following folder structure:
  - Configuration, Masthead, and Log Files
    At the end of the installation you can find the following BigFix files containing the settings of the installed components and the installation messages:
  - Managing the BigFix Services
    You can start, stop, restart, or query the status of Linux BigFix services using the following commands:
  - Changing the database password
    After you install the database of the BigFix server, you can change its password by running the following command:
  - Changing the DB2 port
  - Removing the Product Components on Linux systems
    You can have one or more BigFix components installed on a local system and you can decide to remove one or all of them at the same time.
  - DSA on Linux
    - Installing Additional Linux Servers (DSA)
      For each additional server that you want to add to your deployment, ensure that they are communicating with each other, and then follow these steps:
    - Authenticating Additional Servers (DSA)
      Multiple servers can provide a higher level of service for your BigFix installation.
    - Uninstalling a Linux replication server
      To uninstall a replication server, call the database-stored procedure delete_replication_server, which removes the specified ID from the replication set.
- Installing the clients
  Install the BigFix client on every computer in your network that you want to administer, including the computer that is running the console.
- BigFix Administration Tool
  The BigFix Administration Tool, also called BESAdmin, is the tool we use to perform configuration changes and maintenance operations.
- Post-installation configuration steps
  After having run the installation, make sure that you read the following topics and run the requested activities if needed.
- Managing relays
  Relays can significantly improve the performance of your installation.
- Introduction to Tiny Core Linux - BigFix Virtual Relay
  Follow the step-by-step sequence of operations needed to build the virtual machine, from the downloading of the ISO image to the complete setup and configuration of the BigFix Virtual Relay.
- Setting up a proxy connection
  If your enterprise uses a proxy to access the Internet, your BigFix environment can use that communication path to gather content from sites.
- Running backup and restore
  You can schedule periodic backups (typically nightly) of the BigFix server and database files, to reduce the risk of losing productivity or data when a problem occurs by restoring the latest backup.
- Upgrading on Windows systems
- Upgrading on Linux systems
- Known limitations and workarounds
  This section describes the known limitations and possible workarounds.
- Logging
  This section describes the log files associated with the BigFix components.
- Uninstalling the BigFix client

Authenticating Additional Servers (DSA)

Multiple servers can provide a higher level of service for your BigFix installation.

If you choose to add Disaster Server Architecture (DSA) to your installation, you will be able to recover from network and systems failures automatically while continuing to provide local service. To take advantage of this function, you must have one or more additional servers with a capability at least equal to your primary server. Because of the extra expense and installation involved, you should carefully think through your needs before committing to using DSA.

Your servers can communicate with each other using the DB2 inter-server authentication option.

Before installing the additional Linux Servers, install the DB2 server on each machine that you want to add to your deployment. The version of the DB2 server must be the same as the DB2 server installed on the Master Server.

Using DB2 Authentication

With this technique, each Server is given a login name and password, and is configured to accept the login names and passwords of all other Servers in the deployment.

The password for this account typed in clear text is obfuscated in the configuration file on each server, after the restart of the FillDB service. To authenticate your servers using DB2 Authentication, follow these steps:

Choose a single login name (for example, db2inst1), and a single password to be used by all servers in your deployment for inter-server authentication.
On the Master Server, open the /var/opt/BESServer/besserver.config file.

Add or modify the following keywords in the

[Software\BigFix\Enterprise
                     Server\FillDB]

section:

ReplicationUser = <login name>
ReplicationPassword = <password>
ReplicationPort = <DB2_port>
ReplicationDatabase = BFENT

Restart the FillDB service.

Note:

This choice must be made on a deployment-wide basis; you cannot mix domain-authenticated servers with DB2-authenticated servers.
ReplicationUser, ReplicationPassword, and ReplicationPort must be uniquely defined in all the server configuration files of your DSA environment.
All BigFix servers in your deployment must be running the same version of DB2 server.