Switch Actionsite Masthead using Relays
The BigFix Management domain in the Console application contains Tasks designed to switch the Actionsite masthead file on an endpoint from one IBM BigFix deployment to another. The problem/challenge here is that when the BigFix Client restarts and performs its internal reset, the Client expects to be able to communicate directly with the "new" BigFix Server using the "X-Fixlet-Site-Registration-URL" specified the new masthead file.
However, in many BigFix deployments this is not possible. In large, complex, and/or secure enterprises, BigFix communications are often controlled through strict firewall policies. When this type of environment is encountered, the standard Tasks that switch the Actionsite masthead file will not work. Instead, the BigFix Client needs to be tricked into thinking it is a new install that used a client settings file to assign a BigFix Relay at installation time. This allows the Client to perform its initial registration with the "new" BigFix Server through a Relay in that deployment.
We recently ran into this very problem in an environment where each of the remote offices, and even departments within an office, strictly control TCP/IP traffic between different network segments. To work around this problem, two Tasks were developed that install a new Actionsite masthead file and effectively reset the BigFix Client to a "just installed" state:
- "(IEM Migration) Switch BES Client Action Site Masthead - Windows.bes"
- "(IEM Migration) Switch BES Client Action Site Masthead - Linux.bes"
These two Tasks were developed and successfully tested in an environment where endpoints in an IBM Tivoli Endpoint Manager 8.2 deployment were migrated to an IBM Endpoint Manager 9.0 deployment.
Note: Further testing and development is required to support other migration scenarios.
It is also important to note that an endpoint needs simultaneous connectivity to both the old BigFix deployment and new BigFix deployment for this to succeed. This means that "migration" relays may need to be setup before attempting a masthead switch.
These Tasks are supplied as-is, with no warranty expressed or implied.
|2014-11-19||Updated the task for Windows to escape more REG_SZ values and correct the handling of the StoragePath value.|
|2015-11-02||Changed all referenced of Endpoint Manager to BigFix.|
Engaging IBM Professional Services
Instead of performing a BigFix deployment "switch" yourself, you may want to have our Professional Services organization scope out and take on your project for you.
Here is a list of Professional Services' pre-package offerings: http://www-01.ibm.com/software/tivoli/services/consulting/offers-provisioning.html#provisioning_tem
Contact IBM Professional Services for more information on your specific project needs.