Preserving bundling when the BigFix client is reinstalled or reverted from a snapshot

When the BigFix® client is reinstalled or reverted from a snapshot, the next time it registers at the BigFix server, it receives a new Data Source Computer ID. The computer with the old Data Source Computer ID in BigFix becomes inactive because the BigFix client now reports report with the new Data Source Computer ID. As a result, the BigFix console shows duplicated entries for the same computer. Additionally, the affected computer loses bundling information for software that was discovered on this computer. To avoid this situation, store some registry keys data aside of the computer whose identity you want to preserve.

Before you begin

Starting from application update 9.2.23, you can enable computer reconciliation mode instead of performing this procedure. For more information, see: Computer reconciliation mode.

About this task

To preserve the identity of a computer on which the BigFix client is already installed, you need to prepare a gold image of this computer and store some registry keys data aside. The gold image is a simple VM template that can be deployed multiple times. This procedure is applicable in the following cases:
  • You revert the computer from a VM snapshot with registry keys data stored aside. In this case, the computer keeps its previous Data Source Computer ID.
  • You revert the computer from a VM snapshot without registry keys data stored aside. In this case, the BigFix client needs to register on the BigFix server to receive its unique Data Source Computer ID.

Procedure

  1. The BigFix server can match the data that is stored aside to the BigFix client that is reinstalled or reverted from a snapshot when the ClientIdentityMatch parameter of the BigFix server is set to 100. By default, the parameter is set to 0. To change the value of the parameter, go to the computer on which the BigFix server is installed and perform the following steps.
    • Windows Go to Start > BigFix Administrative Tool > Advanced Options and set the value of the ClientIdentityMatch parameter to 100.
    • Linux Run the following command.
      ./BESAdmin.sh -setadvancedoptions -sitePvkLocation=<site_pvk_location> 
      -sitePvkPassword=<site_pvk_password> -update clientIdentityMatch=100
      Where:
      <site_pvk_location>
      Is the path to the license.pvk file created by the BigFix license files generation process during installation.
      <site_pvk_password>
      Is the password set for the license.pvk file.

    Ensure that you complete this action before you install the BigFix client on the computer whose identity you want to preserve. For more information about the ClientIdentityMatch parameter, see: List of advanced options.

    Important: 9.2.33 Starting from application update 9.2.33, ClientIdentityMatch parameter is by default set to 100 in BigFix installed with All-in-One installer on Linux.
  2. Install the BigFix client on the computer whose identity you want to preserve. For available methods, see: Installing the BigFix clients.

    After the installation of the BigFix client completes, the computer automatically registers at the BigFix server and receives a unique Data Source Computer ID.

  3. Include the BigFix client in a computer image that can be deployed multiple times.
    1. Stop the BigFix client.
      • Windows Open the Windows services dialog box and stop the BigFix client service.
      • Linux Run the following command.
        BESClient stop
    2. Go to the following location.
      • Windows HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\GlobalOptions
      • Linux/var/opt/BESClient/besclient.config under the section [Software\BigFix\EnterpriseClient\GlobalOptions].
      Remove values for the following parameters.
      • RegCount
      • ComputerID
      • ReportSequenceNumber
    3. Delete __BESData and KeyStorage folders from the default installation directory of the BigFix client.
      • Windows C:\Program Files\BigFix Enterprise\BES Client
      • Linux /var/opt/BESClient
    Your computer is now ready to be imaged. It is important to save the gold image when the BigFix client service is stopped. To prepare a VM template, follow documentation for the virtualization technology that you use.
  4. Reload the image without any computer identity that is stored aside and start the BigFix client.
    • Windows Open the Windows services dialog box and start the BigFix client service.
    • Linux Run the following command.
      BESClient start
    After you start the BigFix client service, the computer that is reloaded from this image registers automatically at the BigFix server and receives a new Data Source Computer ID.
  5. To preserve the new identity of this computer, store some registry keys data aside before you power off the computer.
    1. Stop the BigFix client service.
    2. Store the following data.
      • The registry key value for ComputerID from the following location.
        • Windows HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\GlobalOptions
        • Linux /var/opt/BESClient/besclient.config under the section Software\BigFix\EnterpriseClient\GlobalOptions.
      • The BES Client\KeyStorage folder from the default installation directory of the BigFix client.
  6. Reload the computer from the gold image with the BigFix client service stopped.
  7. Import the data that you stored in step 5.
  8. Start the BigFix client.

Results

The gold image of your computer is ready and you can reload it at any time. Thanks to the registry keys data stored aside, the computer keeps its identity and bundling information of software that was discovered on this computer.

What to do next

You can write a script to automate some of the steps. For example, the script can:
  • Start and stop the BigFix client service.
  • Store and restore registry keys data that is needed to identify the computer.
If you want to deploy the image multiple times in your environment, it is beneficial to include the scripts in the gold image to help you make the process more effective.