On-Prem Relay Deployment

Enable BigFix SaaS customers to deploy, configure, and manage on-premises Relays that report to the cloud-based Top-Level Relays (TLRs), improving network efficiency and endpoint management in hybrid environments.

Overview

BigFix SaaS supports the deployment of on-prem Relays, allowing customers to create a hybrid Relay infrastructure. These Relays report back to the SaaS-hosted Top-Level Relays (TLRs), enabling optimized bandwidth usage, custom Relay selection hierarchies, and better support for geographically distributed environments.

BigFix SaaS users with appropriate permissions can:
  • Deploy and configure on-prem Relays to report back to SaaS TLRs.
  • Define Relay hierarchies, including leaf/child Relays within on-prem infrastructure.
  • Configure Relay selection settings for endpoints using Relay Assignment settings.
  • Monitor Relay-related properties on endpoints via list view of the Device Explorer:
    • Relay installed
    • Relay selection
    • Distance to Relay
    • Relay

Relay Deployment Permissions

Action Who Can Perform
Install Relay Admin only
Uninstall Relay Admin only
View Relay Status All users
View Relay Hierarchy All users

Installing a Relay

  1. Open Device Explorer and click on a device that is not already set as a Relay.

  2. From the device document page of the selected device, click on the Install on-prem-relay icon icon to open the Install Relay wizard.
    Note: The Install Relay and Uninstall Relay buttons are visible only for admin users.

    On-Prem Relay

  3. In the Install Relay wizard, provide the required details:

    • Relay Name: Auto-suggested based on the client's host name (FQDN or IP), customizable by the user.
    • Install Location:
      • For Linux, it is set by default.
      • For Windows, users can configure the path during installation.
    • Relay Selection:
      • Choose the Primary Relay (default is the SaaS Cloud Relay).
      • Optionally, you can set another device as the Secondary Relay to act as a fallback if the Primary Relay becomes unavailable.
    • Authentication (for internet-facing Relays): Enables protection against unauthorized use.
  4. Click Install Relay.

The action is listed in the Deployment Manager after a few minutes.

Manage an Existing Relay

For devices where a Relay is already installed, the device details page displays the following changes:

  • The Install Relay button is hidden.
  • A Relay Management section is shown, which includes:
    • Relay name
    • Relay status
    • Distance to Relay
    • Number of endpoints reporting to it
  • Uninstall Relay button is shown.

Uninstalling a Relay

At any point in time, as an Admin, to uninstall a relay, complete the following.

  1. Open Device Explorer and click on the device which is a Relay.

  2. From the device document page of the selected device, under the Relay Management section, click Uninstall Relay.

The action is listed in the Deployment Manager after a few minutes.

Best Practices for Relay Management

  • Avoid circular hierarchies: Ensure each Relay has a single, clear parent Relay.

  • Monitor Relay load: Balance endpoint connections to prevent performance issues.

  • Use Distance to Relay to identify optimal Relay placement.

  • Deploy incrementally: Start with a single layer of child Relays and expand based on bandwidth needs and endpoint locations