WebUI and Distributed Server Architecture (DSA)

Understand how to work with WebUI in Distributed Server Architecture (DSA).

Set up the environment for a smooth switch

If the WebUI server is directly attached to the BigFix Server:

  • Set the DSA server as the Secondary Relay in WebUI computer client settings.

    When a failure on the primary BigFix server occurs and the WebUI client is unable to report, they use the secondary BigFix relay value during normal relay selection process to find and report to the secondary BigFix server.

  • Set _BESClient_RelaySelect_ResistFailureIntervalSeconds to a low value. The setting _BESClient_RelaySelect_ResistFailureIntervalSeconds specified on the client system can have an impact on failover timing. Its value can range from 0 seconds to 6 hours, and it defines how many seconds the client ignores reporting failures before attempting to find another parent relay. The default value is 10 minutes. In case of a failover configuration, ensure that if defined, _BESClient_RelaySelect_ResistFailureIntervalSeconds is set to a low value.

If the WebUI server is attached to a Relay, ensure your environment has been set up following the instruction at Configuring relay failover

WebUI and DSA

If you are using DSA to provide redundancy and you have your WebUI installed on the primary server, when it fails, you will have to use the secondary server to install a new instance of the WebUI that connects to the secondary server.

When you deploy the WebUI against a non-primary server, configure the client setting on the WebUI host machine to connect to the secondary server using the WebUI server setting _WebUIAppEnv_PLATFORM_HOST. This prevents the WebUI instance from defaulting to using the host name specified in the masthead.

If the WebUI is installed on a separate server, there is no need to uninstall and reinstall it. Run the Fixlet Switch WebUI in a Distributed Server Architecture (DSA) (ID 5435) on a Console connected to the new primary server to update the WebUI configuration.

When the failing DSA server will be back again, if you switched back the Root Server, then just run again the fixlet (always connect to the primary server) to revert back the WebUI as well. For the steps to switch the master server, see BigFix Platform documentation at Switching the master server on Windows systems and Switching the master server on Linux systems.

Note: Multiple instances of the WebUI are not currently supported. If you are reinstalling the WebUI service on a machine, uninstall the WebUI service first.

DSA and SAML

BigFix supports SAML authentication in a DSA environment. In the event of a primary server failure, you will need to separately configure each BigFix instance you want to enable in SAML. For example, in Microsoft Active Directory Federation Services (ADFS), define SAML Assertion Consumer Endpoints for:
  1. The primary WebUI server, the primary BES root server, and the primary Web Reports server (if you are using Web Reports).
  2. The secondary WebUI server, the secondary BES root server, and the secondary Web Reports server (if you are using Web Reports).