Note: Time is not a constrain, client would be roaming frequently on a daily basis.
If clients working from home and connected to internet relay, Patch update should happen via Direct internet at client, instead of internet relay.
If same client whom is coming to office should take patch update via office relay server.
The above given scenario, Changing of relay between office relay and internet relay BES Client download direct value enable& disable should happen automatically.
Are you setting the _BESRelay_Register_Affiliation_AdvertisementList on your relays and subiquit _BESClient_Register_Affiliation_SeekList on your clients? Also, what is your _BESClient_RelaySelect_IntervalSeconds set to? Or do you just have relay select enabled and your clients go where ever they think is closest?
…sort of moot to my next point, but I wanted to know.
You basically need a fixlet that will run a relay select when it sees your network change. In the example fixlet I set the property “_NetSignature”.
Sounds like you already have the Relay selection set up correctly and need to control the behavior of _BESClient_Download_Direct, is that correct?
Here’s the default relevance for the “Relay” property: if ((it does not contain "127.0.0.1" and it does not contain "::1") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL" of client as string) then (preceding text of first "/" of (following text of first "//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server"
I would combine this with the name of your Internet relay(s). Create a Fixlet that will toggle the Download_Direct client setting based on which Relay is selected. Create a Policy Action targetting All Computers on it, set to “Reapply whenever it becomes relevant again”.
I haven’t tested this at all, so use with care:
Relevance: not exists setting "_BESClient_Download_Direct" whose (value of it as integer = ( if exists (if ((it does not contain "127.0.0.1" and it does not contain "::1") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL" of client as string) then (preceding text of first "/" of (following text of first "//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server" )) whose (it="Name_Of_My_Internet_Relay") then 1 else 0 ) of client
actionscript:
setting "_BESClient_Download_Direct"="{( if exists (if ((it does not contain "127.0.0.1" and it does not contain "::1") of name of registration server) then (name of registration server) else if (exists setting "_BESRelay_PostResults_ParentRelayURL" of client and exists value of setting "_BESRelay_PostResults_ParentRelayURL" of client as string) then (preceding text of first "/" of (following text of first "//" of (value of setting "_BESRelay_PostResults_ParentRelayURL" of client))) else "BES Root Server" )) whose (it="Name_Of_My_Internet_Relay") then 1 else 0 )}" on "{now}" for client
Yes relay selection by BES relay afilication is done already,
Only the BESClient_Download_Direct value auto change based on relay selection is the mandatory for us.
The below code only i need to change a “Name of My Internet Relay” value right?
Relevance:
not exists setting “_BESClient_Download_Direct” whose (value of it as integer = ( if exists (if ((it does not contain “127.0.0.1” and it does not contain “::1”) of name of registration server) then (name of registration server) else if (exists setting “_BESRelay_PostResults_ParentRelayURL” of client and exists value of setting “_BESRelay_PostResults_ParentRelayURL” of client as string) then (preceding text of first “/” of (following text of first “//” of (value of setting “_BESRelay_PostResults_ParentRelayURL” of client))) else “BES Root Server” )) whose (it=“BFX.MYDOMAIN.COM”) then 1 else 0 ) of client
I have relevance to find out current relay name but when i evaluate this as a “Local Client Evaluator” then only i received the result like below
Q:if ((it starts with “127.” OR it starts with “::”) of (name of registration server as string)) then (if ((exists setting"_BESRelay_PostResults_ParentRelayURL" of it AND exists value of setting"_BESRelay_PostResults_ParentRelayURL" of it) of client) then “n/a (BES Relay Installed)” else “n/a (BES Server Installed)”) else (name of registration server as string)
my query is if i get result as “bigfixrelay.mydomain.com:52311” means consider as a TRUE and if any other values means FALSE like that can you modify the relevance for us
You do need to run this in “local client evaluater mode” as you have found, because it depends on properties that are only available in the context of the running client.
Well, I’m not 100% sure on how your seek list is set up (if you change it based on where they are at), but here’s a very basic way to make sure your clients at least do a relay select when they move locations (based on when there IP changes). This works well when they come onto VPN, because they get an additional IP. then they go off, IPs change, New site… you get the idea.
Relevance:
(
(not exists setting "_NetSignature" of client
OR
/* check to see if NetSignature matches the current IP addresses */
value of setting "_NetSignature" of client as string != unique value of concatenations ";" of (it as string) whose(it != "127.0.0.1" and it does not start with "169.") of addresses of ip interfaces of network)
)
Then for the action script:
// Force client to send update to relay
relay select
// ***************************************************************************
// tattoo the settings with the Network Signature
// ***************************************************************************
setting "_NetSignature"="{unique value of concatenations ";" of (it as string) whose(it != "127.0.0.1" and it does not start with "169.") of addresses of ip interfaces of network as string}" on "{now}" for client
…then set that as a policy action to re-apply when it becomes relevant again.
Again, that’s only based on if you only set the _BESClient_Register_Affiliation_SeekList as static. There are other examples on how you can force this kind of action if other properties (like AD site in my example fixlet above) change.
Yup Okay, Now i make small changes in existing settings and i put my DMZ relay as a failover relay, So i want to findout if the client connected to fail over relay then automatically _BESClient_Download_Direct=1 Value need to set and if any other relay/root server the value need to be delete from there.
Forgive me, but I’m having some trouble understanding exactly what your talking about. Your saying that IF your client is connected to the DMZ relay, you want to set _BESClient_Download_Direct=1 ?
Are you only using BigFix for patch? How would that effect software delivery?
I am facing this issue in my environment where I have set _BESClient_Download_Direct =1.
It is working fine for patches where Laptops are connected to Internet but it is not working for software distribution.
Any suggestions?
Software distribution tasks typically have their binaries uploaded to the BigFix server, so they would not be available when using _BESClient_Download_Direct =1. If you’re using version 10 of the BigFix client, you can control which domains are downloaded directly by the client. Look into these settings:
_BESClient_Download_Direct_Domainlist
_BESClient_Download_DirectRecovery
as mentioned in this article