Installing the Server

Before running the installation, to ensure you have all the prerequisites, see Server requirements.

Note: The installation program installs all prerequisites using Yum. For information about how to configure Yum and Yum repositories see Configuring Yum and Yum Repositories.

To install the BigFix Server in your production environment, perform the following steps:

  1. From the shell where you extract the server package, move to the installation directory, ServerInstaller_9.5.xxx-rhe6.x86_64 and enter the following command:
    ./install.sh 
    If you want to generate a response file for future unattended installations, add the -g option followed by the path where to store the response file, as follows:
    ./install.sh -g response.txt
  2. To install the Production, enter 2:
    Select the type of installation
    [1]  Evaluation: Request a free evaluation license from HCL. 
    This license allows you to install a fully functional copy of the BigFix on up to 1000 clients, 
    for a period of 30 days.
    [2]  Production: Install using a production license or an authorization for a production license.
    Choose one of the options above or press <Enter> to accept the default value: [1]
    Note: If you enter 1 to run the evaluation installation, consider that this type of installation does not support the enhanced security option. For more information about this feature, see Security Configuration Scenarios.
  3. After reading the License Agreement, enter 1 to accept it and continue.
  4. Select 1 if you want to install all the components:
    Select the BigFix features that you want to install:
    [1]  All components (server, client, Web Reports and WebUI)
    [2]  Server and client only 
    [3]  Web Reports only 
    [4]  WebUI and client only 
    [5]  Server, WebUI and client only 
    [6]  Web Reports, WebUI and client only 
    [7]  Server, Web Reports and client only 
    Choose one of the options above or press <Enter> to accept the default value: [1]
  5. Enter 1 to create a single database or a Master database for later replication. Enter 2 if you want to create a replica of an existing master database. For additional information, see Using multiple servers (DSA).
    Select the database replication:
    [1]  Single or master database
    [2]  Replicated database
    Choose one of the options above or press  <Enter>  to accept the default value: [1]
  6. To use a local database, enter 1:
    Select the database:
    [1]  Use a local database
    [2]  Use a remote database
    Choose one of the options above or press  <Enter>  to accept the default value: [1]
    The local database name of BigFix server is BFENT. The local database name of Web Reports is BESREPOR.
    Note: To use a remote DB2 client node for BigFix, see Installing and configuring DB2.
  7. Enter the location where the downloaded files for the Clients are stored:
    Choose the server's root folder:
    Specify the location for the server's root folder or 
    press <Enter> to accept the default value: /var/opt/BESServer
  8. Enter the location where Web Reports stores its files:
    Choose the Web Reports server's root folder:
    Specify the location for the Web Reports server's root folder or 
    press <Enter> to accept the default value: /var/opt/BESWebReportsServer
  9. Enter the Web Reports HTTPS port number:
    Choose the Web Reports server's port number:
    Specify the port number or press <Enter> to accept the default value: 8083

    If you are installing BigFix Version 9.5, the default value is 8083. If you are upgrading to BigFix Version 9.5, the default value is 80.

  10. Enter the WebUI HTTPS port number:
    Specify the port number or press <Enter> to accept the default value: 443
    
  11. Enter the WebUI HTTP redirect port number:
    Specify the port number or press <Enter> to accept the default value: 80
    
  12. Specify the name of the local DB2 instance used by BigFix, or accept the default name:
    Local DB2 instance name
    The DB2 instance used by the BigFix requires specific configuration for performance optimization.
    It is therefore suggested that you use a dedicated DB2 instance. 
    Specify the name of the local DB2 instance that you want to use or press <Enter>
    to accept the default value: db2inst1
    
    Note: The DB2 instance to be used is always the instance local to the system where you are installing the server. If you are performing an installation with a remote database, you must use the DB2 instance specified on the DB2 client and not the one specified on the remote DB2 server.
  13. Enter the user name for the DB2 local administrative user. The default is db2inst1.
    DB2 local administrative user
    Specify the user name of the local DB2 instance owner that you want to use or press <Enter>
    to accept the default value: db2inst1
    
  14. Enter the DB2 local administrative user password.
    DB2 local administrative user password:
    Specify the password of the local DB2 administrative user:
    
  15. Enter 1 to apply an optimized configuration to the DB2 instance or 2 to skip the configuration.
    DB2 instance configuration
    The specified DB2 instance can be configured to optimize the BigFix performance.
    Be aware that the configuration settings will be applied to all databases that belong to the selected DB2 instance.
    [1]  Configure the specified DB2 instance.
    [2]  Skip the DB2 instance configuration.
    Choose one of the options above or press <Enter> to accept the default value: [1]
    
  16. Enter the name of the BigFix administrative user.
    Create the initial administrative user:
    Specify the Username for the new user or press <Enter> to accept the default value: IEMAdmin
    
  17. Enter the password of the BigFix administrative user.
    Create the initial administrative user:
    Specify the password for the new user:
    
  18. If the local firewall is running, the installation program allows you to configure it automatically.
    Firewall configuration
    The firewall of the operating system is active on the local server. 
    To enable the communication using the specified ports you can:
    [1]  Configure the firewall now
    [2]  Configure the firewall later
    Choose one of the options above or press <Enter> to accept the default value: [2]
    
    Note: If you run the installation on a RHEL 7 system, you might be using firewalld instead of iptables for managing the firewall. In this case you have to configure the firewall rules manually as a post-installation step.
  19. To run the installation using a BES license authorization file, enter 1.
    Choose the setup type that best suits your needs:
    [1]  I want to install with a BES license authorization file
    [2]  I want to install with a production license that I already have
    [3]  I want to install with an existing masthead
    Choose one of the options above or press <Enter> to accept the default value: [1]
    
    Note: If you already ran a first installation, or part of it, you can specify option 2 or 3, to install with an existing production license (license.crt, license.pvk) or an existing masthead (masthead.afxm).
  20. Specify if you want to connect to the internet through a proxy.
    Proxy usage
    [1]  Use the proxy to access the internet
    [2]  Do not use the proxy
    Choose one of the options above or press <Enter> to accept the default value: [2]
    
    Note: If you chose to use a proxy, before moving to the next step, perform the steps described in Configuring the proxy.
  21. If you chose to install with a BES license authorization file, specify its location:
    License Authorization Location
    Enter the location of the license authorization file that you received 
    from HCL or press <Enter> to accept the default: 
    ./license/LicenseAuthorization.BESLicenseAuthorization
  22. Specify the DNS name or IP address of the computer where you are installing the server. This name is saved in your license and will be used by clients to identify the BigFix server. It cannot be changed after a license is created.
    This name is recorded into your license and will be used by Clients to identify the HCL BigFix Server. 
    It cannot be changed after a license is created. Enter the DNS name of your HCL BigFix server or press <Enter> 
    to accept the default value: 'HOSTNAME'
    
  23. If you chose to install with a BES license authorization file, specify the password to be used to encrypt the Site Admin Private Key file that will be generated.
    Site admin private key password:
    Specify the related site admin private key password:
    
  24. Specify the size in bits of the key to be used to encrypt the HTTPS traffic.
    Key Size Level
    Provide the key size that you want to use:
    [1]  'Min' Level (2048 bits)
    [2]  'Max' Level (4096 bits)
    Choose one of the options above or press <Enter> to accept the default: [2]
  25. Choose the folder where the installation will save the generated files: license.crt, license.pvk and masthead.afxm.
    Choose License Folder:
    Specify a folder for your private key (license.pvk), license certificate 
    (license.crt), and site masthead (masthead.afxm) or press  <Enter>  to accept 
    the default: ./license
  26. Decide how to send your activation request to HCL. If your computer is connected to the Internet, you can submit it now by entering 1.
    Request license
    Your request is now ready for submission to HCl.
    [1]  Submit the request from this machine over the Internet. The request is redeemed for a license certificate 
    (license.crt) and then saved in your credential folder.
    [2]  Save request to a file and send it to HCL at the URL: 
    'http://support.bigfix.com/bes/forms/BESLicenseRequestHandler.html'. 
    This method might be necessary if your deployment is isolated from the public Internet.
    Choose one of the options above or press <Enter> to accept the default value: [1]
    
    If you choose 1, move to the next installation step.

    If you choose 2, see Submitting the license request.

  27. If you chose to install with a production license that you already had, specify the following:
    1. The location of the license certificate file.
    2. The location of the Site Admin Private Key file.
    3. The Site Admin Private Key password.
  28. Specify the encoding used to store the content:
    Specify the value of the encoding that will be used for the content (FXF Encoding)
    [1]   Thai                                               - [874]
    [2]   Japanese                                           - [932]
    [3]   Chinese (simplified)                               - [936]
    [4]   Korean                                             - [949]
    [5]   Chinese (traditional)                              - [950]
    [6]   Central European languages ( Latin 2 )             - [1250]
    [7]   Cyrillic                                           - [1251]
    [8]   Western European languages ( Latin 1 )             - [1252]
    [9]   Greek                                              - [1253]
    [10]  Turkish                                            - [1254]
    [11]  Hebrew                                             - [1255]
    [12]  Arabic                                             - [1256]
    [13]  Baltic                                             - [1257]
    [14]  Vietnamese                                         - [1258]
    Choose one of the options above or press <Enter> to accept the default value: [8]
    
  29. Choose 1 to accept the default masthead values or 2 to customize them:
    Advanced masthead parameters
    The masthead will be created using the following defaults:
    	Server port number: 52311
    	Use of FIPS 140-2 compliant cryptography: Disabled
    	Gather interval: One Day
    	Initial action lock: Unlocked
    	Action lock controller: Console
    	Action lock exemptions: Disabled
    	Unicode filenames in archives: Enabled
    The above default values are suitable for most of BigFix deployments.
    [1]  Use default values
    [2]  Use custom values
    Choose one of the options above or press <Enter> to accept the default value: [1]
    

    If you decide to use custom values, see Customizing the masthead parameters.

  30. Case 1: If you chose to install using a BES license authorization file, the following messages confirm that your license request was successfully processed:
    Info: The license authorization file was successfully processed.
    Info: The license authorization file can be used only once. 
    It was renamed to ./license/LicenseAuthorization.BESLicenseAuthorization.used_20180801 
    to indicate that it has already been used.
    Info: If you want to run the installation again, start from the just-generated 
    ./license/license.crt and ./license/license.pvk
    Case 2 If you chose to install with a production license that you already had, specify the folder where the license files will be saved.
    Choose the license folder:
    Specify a folder for your site masthead (masthead.afxm) or press <Enter> to accept the default value:
    ./license
    Case 3 If you chose to install with an existing masthead file, specify the following:
    1. The location of the Site Admin Private Key file.
    2. The Site Admin Private Key password.
    3. The location of the deployment masthead file.

  31. Specify whether the Web Reports service will be run by the root user or not.
    Use root user for Web Reports
    If you specify true, Web Reports service will run with root privileges.
    [1]  True
    [2]  False
    Choose one of the options above or press <Enter> to accept the default value: [2]
    
  32. If you chose to run the Web Reports service with a user different from root, specify the name of an existing user.
    Web Reports non-root user name
    Specify the name of the non-root user for Web Reports (the user must already exists).
    
  33. Enter the port number for the DB2 connection to create the DB2 instance:
    DB2 Connection:
    Specify the DB2 Port Number or press <Enter>  to accept the default: 50000

The BigFix Server installation is now complete. You can now install the BigFix Console on a Windows system and log in with the account you created during the installation of the server. The default BigFix administrative user is IEMAdmin.

You can find the installation log BESinstall.log and the BESAdmin command line traces BESAdminDebugOut.txt in the /var/log folder.