IBM Endpoint Manager Service

The HCL BigFix is formally known as IBM® Endpoint Manager Service. It is a shared service that acts as a relay between an external IBM Endpoint Manager Server and Endpoint Manager clients.

These clients are integrated by default into your virtual application and virtual system deployments. IBM Endpoint Manager Version 9.0 and later is supported.
Important: IBM Cloud Pak System has removed the BigFix license entitlement. For continued usage, you need to procure HCL BigFix license from HCL. Existing clients are also not entitled for BigFix if they upgrade to IBM Cloud Pak System Version 2.3.3.7 or later. For more information about procuring and uploading to IBM Cloud Pak System, see BigFix procurement and Downloading HCL BigFix and uploading to IBM Cloud Pak System.

After you deploy the IBM Endpoint Manager Service in your cloud group, Endpoint Manager clients automatically connect to the shared service to receive operating system updates and install patches on the virtual machines.

Note: The IBM Endpoint Manager Service acts solely as a relay to receive updates and install patches on the clients. You must continue to use the Endpoint Manager console to deliver fixes and perform other administrative tasks on the IBM Endpoint Manager Server.

When you deploy the IBM Endpoint Manager Service in a cloud group, you configure the shared service by pointing to a masthead file. The masthead file contains connection information about the IBM Endpoint Manager Server, including the host name, security certificates, server configuration details, and more. In the deploy dialog for the IBM Endpoint Manager Service, select the HTTP/HTTPS tab and enter the URL for the Endpoint Manager server that you installed. For example, http://your-iem-server:52311/masthead/masthead.axfm.

In order for the IBM Endpoint Manager Service to deploy successfully, the system must have network visibility to the Endpoint Manager server and be able to resolve its host name.Note that the IBM Endpoint Manager Service does not support IPv6 deployments.

Optionally, you can upload a relay configuration file for Endpoint Manager clients. The relay configuration file contains information, such as the relay server URL, used by Endpoint Manager clients to connect to different relay servers. When you deploy the IBM Endpoint Manager Service, you can choose to upload a Linux/UNIX relay configuration file or a Windows relay configuration file. You are prompted for the following file names in the Configure and deploy a shared service window:
IBM Endpoint Manager Linux/UNIX relay configuration file
Enter besclient.config for the file name.
IBM Endpoint Manager Windows relay configuration file
Enter clientsettings.cfg for the file name.

Sample of the IBM Endpoint Manager Linux/UNIX relay configuration file

The following sample is an example of the besclient.config configuration file with the settings needed to assign a relay to your Linux/UNIX client.
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer1]
effective date = [Enter Current Date Time In Standard Format]
value = http://relay.domain.com:52311/bfmirror/downloads/

[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer2]
effective date = [Enter Current Date Time In Standard Format]
value = http://relay2.domain.com:52311/bfmirror/downloads/

[Software\BigFix\EnterpriseClient\Settings\Client\__RelaySelect_Automatic]
effective date = [Enter Current Date Time In Standard Format]
value = 0

Sample of the IBM Endpoint Manager Windows relay configuration file

The following sample is an example of the clientsettings.cfg relay configuration file.
IP:http://relay.domain.com:52311/bfmirror/downloads/
__RelayServer1=http://relay.domain.com:52311/bfmirror/downloads/
__RelayServer2=http://relay2.domain.com:52311/bfmirror/downloads/

For more information about the Linux/UNIX and Windows relay configuration files, see the IBM Support.

Once the IBM Endpoint Manager Service is deployed to a cloud group, it automatically applies the relay configuration file to all newly deployed Endpoint Manager clients in that cloud group.

If you have existing virtual application and virtual system deployments from a previous release that did not support the default Endpoint Manager client integration, you can manually create your own Endpoint Manager clients and configure them to use the relay service in that cloud group.