We are looking at migrating our BigFix environment to a set of servers with newer OS and MS SQL Versions.
In the planning, it came to the discussion if it was possible to have a fresh install of the BigFix Server without a restore of the old DB.
This is because we have had many performance issues with the current setup and we prefer to have a clean installation but without the need to have a masthead switch(We want to preserve the current agent configuration).
I have done multiple BES Server migrations over the years and always using the backup/restore DB method but never with only the base installation. I am aware that this may not be possible but I am inquiring here to see if anyone has attempted/performed something similar or if there is any documentation I can read.
Sure, it can be done. And performing such a migration is one of the Services offerings, lemme know if you’d like to get in touch.
The points that immediately come to mind are
Be familiar with the Masthead Migration process. You upload the new deployment’s masthead using a task on the the old server, and then take an Action from the old server to replace the masthead on the old deployment’s clients. After rebooting/restarting BESClients, the clients then register and start reporting to the new deployment.
Every client will get a new Computer ID
Fixlets/Tasks/Baselines on the original deployment can be exported using either the Console or REST API, and then imported into the new Console. Fixlets & Tasks will get new content IDs, and the source fixlet links on Baselines will be desynced (any custom Baseline Components will show ‘source unavailable’ status but continue to work with a copy of the content as it was at the time of export)
Check Users, Roles, Computer Groups, and Global Properties to see which of those need to be migrated or recreated on the new deployment.
Consider your Relay migration paths. Safest bet is to uninstall the Relay service and reinstall onto the new deployment, but how you schedule the Relays and Clients may be tricky depending on your network layout. I.e. during the Masthead Migration at step one, a client will need to find a reachable Relay on the new deployment.
If you’re using OS Deployment or Software Distribution, you’ll need to copy the content of your wwwrootbes/Uploads folder, and use the Software Distribution dashboard to export and import your packages.
Don’t forget Web Reports, especially any Custom Reports. There’s not an easy way in the user interface to bulk export/import the content, you may wish to go with the backup/restore of Web Reports and then link it to the new datasource.
Jason pretty much covered everything but for what is worth, we completed exactly what you describe (complete fresh install from scratch) a few years ago and went very smoothly. In our case, we rebuild/replaced all the relays as well, so it allowed us to have the new environment up and running fully before any of the clients were migrated. If that is not possible for you, one suggestion would be to migrate clients in portions - together with the relay they are supposed to have and immediately reinstall & configure the relay in the new environment. Just don’t migrate thousands of machines to the new root server without any relays and get it hammered…
Same but what caused a little confusion while running old and new was the Advertised Relay affiliations and seek lists. Make sure you validate if your changing advertisements and seek, and that at least one of your new relays is set to take all until you can update the clients appropriately.
And also consider disabling required client encryption and removing keys before they are pointed to the new masthead, so they can recreate the keys cleanly.