Relay Health

1 like Updated 7/9/15, 4:38 AM by KarenKueTags: None

Relay Health

 
IBM BigFix Relays play an important function in your deployment and maintaining proper health will prevent unnecessary issues from occurring. BigFix Relays aggregate gathering and downloading of content as well as report posting. Carefully review this document to ensure you are properly configuring your deployment's Relays.

More information on BigFix Relays can be found in the BigFix Relays, the Installation Guide (IEM 9.2), Installation Guide (IEM 9.1), or Administrator's Guide (IEM 9.0).

Following are the best practices for maintaining the BigFix Relay health. These should be verified periodically in every deployment.

All BigFix Clients are using a BigFix Relay

Description

BigFix Clients must connect to either the BigFix Server or a BigFix Relay to gather the latest information about Fixlets and actions, download files, and post their information. In most deployments of BigFix, especially mid to large deployments, it is recommended that all the BigFix  Clients use a BigFix Relay instead of using the BigFix Server. This tends to lead to better performance because the BigFix Clients can get the latest actions and download files faster and as a result, you see the BigFix Client action status update quickly. If some BigFix Clients are using the BigFix Server instead of a BigFix Relay, it is not necessarily a problem, but it is recommended that as few BigFix Clients report directly to the BigFix Server as possible to free up the BigFix Server for other tasks.

How to Verify

The easiest way to verify which BigFix Clients are using BigFix Relays is to use the Relay column in the BigFix Console. Look in the BigFix Console under the "Computers" tab. On the left, expand the "By Retrieved Properties" section and expand the "By Relay" filter (if you don't see the "By Relay" filter, right-click on the column headings and make sure "Relay" is checked). This will show you the breakdown of where the BigFix Clients are currently reporting. A healthy deployment will have very few computers reporting to the DNS name of the BigFix Server (except the BigFix Relays).

Note: The Primary BigFix Relay and Secondary BigFix Relay show which BigFix Relays the BigFix Clients are supposed to choose if they are set to manual relay selection and the "Relay" column shows which BigFix Relay the BigFix Client currently has selected.

How to Troubleshoot Issues

There can be a number of reasons why the BigFix Clients are not currently reporting to a BigFix Relay:

  • The BigFix Clients are set to manual BigFix Relay selection and no BigFix Relay is currently set.
  • The BigFix Clients cannot resolve the BigFix Relay's DNS name.
  • The BigFix Clients cannot contact the BigFix Relay because of NATs or firewalls.
  • The BigFix Relay is not working properly.

Information on how to troubleshoot these issues and more are available at: http://www.ibm.com/support/docview.wss?uid=swg21505982.

BigFix Clients are using a nearby BigFix Relay

Description

One of the primary benefits of BigFix Relays is that they can server as "distribution points" for large files, such as patches or applications. This ability allows for greatly reduced network usage especially across slow WAN pipes (the files are distributed to the BigFix Relay across the WAN and distributed from the BigFix Relay to the BigFix Clients locally). However, BigFix Clients must be properly set up to use the local BigFix Relay, otherwise, you will use more WAN bandwidth than necessary. You can set BigFix Clients to either automatically find their closest BigFix Relay based on network hops or manually select a BigFix Relay for BigFix Clients. In general, automatic BigFix Relay selection is suggested because it simplifies administration.

How to Verify

There are two basic ways to verify that the BigFix Clients are using a nearby BigFix Relay:

  • The BigFix Clients will return the number of hops to the BigFix Relay that it is using (this will work only if the BigFix Client is using automatic relay selection). You can view these values in the BigFix Console or in a report to help determine if the BigFix Clients are choosing appropriate BigFix Relays. Look at the "Distance to BigFix Relay" retrieved property in your BigFix Console to view this information.
  • Use the Task: BES Client Setting Relay Selection Controls (ID #154) to manage ICMP settings used for automatic relay selection. See the following devworks document for more information.
  • Using the BigFix Console or a report, you can view which BigFix Relays the BigFix Clients are using in each subnet or in each location. (See http://www.ibm.com/support/docview.wss?uid=swg21505582 for more information about creating these properties). This will give you a good idea if any BigFix Clients are using the wrong BigFix Relays because the BigFix Clients in each location should usually all be using the same BigFix Relay(s). To view this information in the BigFix Console, filter "By Location" or "By Subnet" and then look at "By Relay" for each subnet/location to see the BigFix Relay distribution.

How to Troubleshoot Issues

  • If the BigFix Clients are not using a particular BigFix Relay, try the suggestions listed at http://www.ibm.com/support/docview.wss?uid=swg21505982.
  • If the BigFix Clients are using automatic selection and you believe they are incorrectly choosing the wrong BigFix Relay, you might was to do a "tracert" from the BigFix Client to the BigFix Relay because there might be additional network hops that you were not aware of.
  • If it appears that only a few BigFix Clients that are using automatic selection are choosing a non-optimal BigFix Relay, you can prompt them to immediately choose a new BigFix Relay (by default they will attempt to find a better BigFix Relay every 6 hours) by sending them a custom action with the action command relay select. See custom actions for more information.

 

There are fewer than 1000 BigFix Clients using any BigFix Relay

Description

One of the main benefits of BigFix Relays is that they act as distribution points for files so that the main BigFix Server does not have to provide the file to each BigFix Client, but if there are too many BigFix Clients pointing at any single BigFix Relay, the BigFix Relay will become swamped when an action is sent out (especially if the file is big). This will cause actions to take longer to deploy while the BigFix Clients are waiting to get the files from the BigFix Relays. In most deployments, an optimal number of BigFix Clients reporting to each BigFix Relay is between 500-1000. Most BigFix Relay computers can handle a larger number of BigFix Clients and BigFix will function properly if there are more than 1000 BigFix Clients per BigFix Relay, but the results will not be optimal. Note that a very powerful BigFix Relay computer can certainly handle more BigFix Clients than an older and less powerful computer, but since the BigFix  Relay is heavily constrained by bandwidth, the difference in performance between a more powerful and less powerful BigFix Relay computer is not extremely significant.

How to Verify

In the BigFix  Console, click on the Computers tab and expand the By Retrieved Properties > By Relay filter. This will list each BigFix Relay that is being used along with how many BigFix Clients are reporting to each BigFix Relay.

How to Troubleshoot Issues

If you are using manual relay selection and there are too many BigFix Clients using a BigFix Relay, then you should assign some of your BigFix Clients to a different BigFix Relay to reduce the load. If too many BigFix Clients are using a BigFix Relay and they are set to automatic relay selection, then you can add a BigFix Relay to the same subnet as the other BigFix  Relay and the BigFix Clients will automatically distribute themselves among all BigFix Relays the same distance apart. Alternately, you can set BigFix Clients to manually point to a specific BigFix Relay, if necessary.

The BigFix Relays all point to the BigFix Server or a top level relay

Description

In most deployments, especially smaller deployments, all BigFix Relays should be manually assigned to point directly back to the BigFix Server. Alternately, if there are many BigFix Relays, it is a good idea to have one BigFix Relay computer designated as a "top level" BigFix Relay and all the other BigFix Relays can point directly to the top level BigFix Relay. Note that unless there is a compelling network bandwidth limitation, it is generally better to have as few levels to the BigFix Relay as possible because each level introduces a little bit of latency for the BigFix Client reporting. BigFix Relays should not use automatic BigFix Relay selection.

How to Verify

In the BigFix Console, click on the Computers tab and expand the By Retrieved Properties > By Relay Installed > Yes > By Relay filter. This will list the BigFix Relays the each of the BigFix Relays are using.

How to Troubleshoot Issues

If the BigFix Relay hierarchy is not set properly, set the BigFix Relays to all manually point to a top level BigFix Relay or the main BigFix Server.

Redundant BigFix Relays are set up for slow WAN pipes

Description

Putting a BigFix Relay in each location with a slow WAN link is vital to save bandwidth; however, if the BigFix Relay computer is turned off, crashes, loses network connectivity, or for any reason is inaccessible, then the BigFix Clients will attempt to find their next closest BigFix Relay and if this occurs during an action push, you will potentially overwhelm the WAN pipe. One way to reduce the risk of this is to set up redundant BigFix Relays in each location that is connected over a slow WAN pipe. In this case, if one BigFix Relay goes down, the other local BigFix Relay will be used by the BigFix Clients.

How to Verify

In order to verify this, you will need a subnet property or location property setup that will allow you to get an idea of the location of the BigFix Relays. You will also need to know which subnets/location are connected through a slow pipe. With this information, you can open the BigFix Console, click on the Computers tab and expand the By Retrieved Properties > By Relay Installed > Yes > By Location/BySubnet filter. This will show how many BigFix Relays are in each location.

How to Troubleshoot Issues

You will need to add redundant BigFix Relays as necessary for each location. In the case of a very slow WAN connection, it is recommended to have at least one relay that is not shared by a user, and that would never be turned off.