BigFix WebUI update for all WebUI applications

IBM BigFix is pleased to announce an update to the WebUI. This release contains a number of features that makes WebUI resilient to higher data latency conditions and increases operational efficiency with exciting features, such as Automatic Patching and personalized Self-Service Application.

Release Details
View nearly real-time (NRT) data: The Overview dashboard, Executive Dashboard and other views now show nearly real-time (NRT) data. For a majority of the workflows and views, the data is in real-time as it is directly sourced from the BigFix database. This release will significantly address data latency issues by eliminating the dependency on ETL transactions.

WebUI Core Framework
• Support for DB2 as source of WebUI data for platform versions 9.5.5+
• Support for MS SQL Server as source of WebUI data for platform versions 9.5.5+
• Allow the removal of ETL as the WebUI DB for platform versions 9.5.5+

Deploy personalized self-service applications: Master operators or Content creators can now configure the self-service application and add personalized attributes, such as icons, organizational branding, help links, etc. This will support the deployment of multiple self-service applications across the organization.

Specific Self-Service Application (SSA) release features include:

• Updated UI for enhanced usability
o New sleek and modern theme
o Improved Catalog view with large, icon-based tiles
o Responsive design as SSA UI windows are resized
• Support rebranding
o SSA now supports rebranding. You can change the SSA theme color, name, and icon.
• Support help message
o You can now add a custom help message in the SSA.
• SSA configuration page in WebUI
o New page in WebUI for creating a SSA configuration task that will deploy and/or customize the SSA.

Manage software distribution packages: Content creators can now edit certain custom content, such as software distribution packages and update the associated action script, relevance clauses, and personalize with an icon. This will eliminate the need to use Windows console for editing these packages.

WebUI Software Distribution application
• Support .appx file type
o WebUI SWD now provides a default installation command for .appx files.
• Option to cache URL-based files during Task runtime
o For URL-based files, the user now has the option to cache the file during Fixlet runtime. Previously, users cached the file during package creation.

WebUI Custom Application
• Edit and delete custom Tasks
o Users can now edit and delete custom Tasks in the WebUI. This feature is currently not supported in Baselines and Tasks created by the WebUI Profile Management app.
• Add icons to custom Tasks
o Users can add icons to custom Tasks in the WebUI. Icons are restricted to the WebUI and will not appear in the BigFix Console.

Automate routine patch tasks with Automatic Patching Automatic Patching Policies provides an easy do-over for the ongoing patch cycles. The policy settings such as patch criteria, roll-out schedules, targeted endpoints, and patch exceptions can be easily re-used. It provides a way to make very little adjustments to the patch policies and thus reduces the cost of patching.

Getting Started with Patch Policy
Use the Patch Policy-related screens to list policies, find specific policies, and view detailed policy information. A BigFix patch policy is a collection of Fixlets that meet defined criteria for patching. A policy defines how often patch updates are deployed to devices and provides an overall patch deployment status for compliance.

Patch policies help establish and maintain a process for continuous security compliance for endpoints.
Define a patch execution strategy and workload for devices by setting the criteria for the policies based on organization security guidelines to gain compliance.

The following workflows are supported:
• Adding a new policy
• Setting the policy schedule for rollout
• Setting the target device list
• Viewing the patch list
• Managing patch exclusion
• Editing a policy
• Deleting a policy
• Refreshing a policy
• Activating a policy
• Suspending a policy

Security enhancements:
This release addresses the following CVEs associated with third party dependencies;

• CVE-2016-10000232 (sqlite3)
• CVE-2017-1000381 (node)
• (Low Severity CVEs present in zlib) - outlined here: http://seclists.org/oss-sec/2016/q4/602

Action to take:
WebUI will update automatically be default unless configured otherwise.

For existing WebUI customers to migrate to the new platform schema, look for the Deploy/Update WebUI Database Configuration Fixlet (ID 2687) in the latest BES Support site.

Documentation:
WebUI Administration Guide
https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Admin_Guide/WebUI_admin_guide.html

WebUI Users Guide
https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Users_Guide/WebUI_users_guide.html
Self Service Application Installation & Configuration Guide
https://www.ibm.com/support/knowledgecenter/SS63NW_9.5.0/com.ibm.bigfix.lifecycle.doc/ssa_install.html
Managing BigFix Offers on Your Device
https://www.ibm.com/support/knowledgecenter/SS63NW_9.5.0/com.ibm.bigfix.lifecycle.doc/Lifecycle/Self_Service_Application/SSA_Device_Owners_Guide/c__intro_to_ssa_for_device_owners.html

Automatic Patching
https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Users_Guide/c_get_started_with_patches.html

Published Site Version for content enablement: BES Support v1360

Notes:
For customers using the Delayed updates feature, this update impacts all applications and all must be updated together.

For customers with air-gapped environment, follow these instructions to get new WebUI sites.
https://www.ibm.com/support/knowledgecenter/SS6MER_9.5.0/com.ibm.bigfix.doc/Platform/Config/c_airgap_tool_overview_NonExtr.html

Hi AlanM,

Is there aguide on how to use/deploy the automated patching? I have tried the link on your post but it only shows the normal patching deployment. Thanks

I think you’re looking for https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Users_Guide/c_get_started_with_patch_policy.html

You’ll want to expand the Table of Contents pane on the left side, some of the navigation is only available from there.

Thanks for the info. Is there a downtime when applying the "Fixlet “Deploy WebUI Database Configuration” (ID #2687) " to the bigfix server?. Thanks

Yes, from the fixlet note:

Note: WebUI index creation may take upwards of 20 minutes for a larger deployment. The WebUI will not be usable for this time.

This will also have a slight impact on FillDB performance during this event. The impacts will differ due to the amount of data, content and endpoints that you have.

Hi Alan,

stack in “WEBUI is initializing” for almost 4 hours now. Is it normal? Thanks

That would be not normal. You may have given incorrect or incompatible information in the fixlet. Check the logs of the WebUI (specifically one called “datasync.log”) and see what it says.

You may need to open a PMR

@AlanM - How would I go about replacing the AutoPatch-Beta and DataSync-Beta WebUI apps with their non-beta replacements?

I’d contact the person who handled the Beta program for you with instructions.

We used to monitor the etl.log in Baretail during starting of the service or in general, just so we could see that during initialization things were still happening. Since that isn’t used any longer, what is the equivilant (if any)? The datasync.log doesn’t seem to be all that active. Or maybe its all been deprecated because there is no ETL process happening and that the info is coming straight from the database?

I upgraded my DEV from 9.5.5 to 9.5.7 a few days ago. This morning, I upgraded my DEV WebUI, a separate server from the BES, to 9.5.7 (it had already had the Update WebUI DB Config fixlet applied a while ago; so it wasn’t using ETL any longer. The fixlet returned Fixed, but the only that that seemed to happened was breaking the WebUI (no longer can get to the WI). There is NO activity on any logs in the WebUI\logs directory. I stopped the WebUI service, which took forever and started; again, not a single log being updated…

As I wrote this, I saw activity on the datasync and service-app log and now the WI is up. This DEV system has less than 5 endpoints and for 30 minutes, I had no indication that anything was happening.

I’m in the same boat. See this thread.

I suspect there may be a missing step relating to WebUI schema in the upgrade process that does work properly in a new install.

I had been reading that. I wasn’t sure what you meant by “splash screen”; the login screen? I get the login screen and can login. I don’t have those errors that you do. The troublesome part is that I’m starting to feel like I have to cross my fingers every time I touch this thing (despite the testing and reading I do on each update).

I get the login / splash screen which tells me to wait. That doesn’t even allow me to login. Do you have any WebUI schema errors in your datasync.log? If you look into your database, do you have a WebUI schema? I have some WebUI tables, but no schema. I did the same 9.5.5 to 9.5.7 upgrade that you did. I opened a case this morning for it.

When you were on 9.5.5, did you did the schema update first? The once mentioned in this thread: Deploy/Update WebUI Database Configuration Fixlet (ID 2687)?

I did that first… then I upgraded to 9.5.7 on BES, then I upgraded WebUI to 9.5.7. That was my sequence of events.

I did the opposite order. I had a working 9.5.5 and WebUI configuration. I did the upgrade to 9.5.7, then ran the “Deploy/Update WebUI Database Configuration Fixlet”. That sequence gave me the error “bf:datasync:reset:error Error in reset RequestError: The specified schema name “webui” either does not exist or you do not have permission to use it.”

Perhaps that was the issue. I think if you waited for the WebUI 9.5.7 fixlet to be made available and run that you would have been ok. I think the Update WebUI fixlet is for folks not on 9.5.7 yet. I’m unsure but would be nice to know.

I agree that the cadence isn’t entirely clear. From my reading of the documentation, the “Deploy/Update WebUI Database Configuration Fixlet” could be run on any version of WebUI 9.5.5 or later. I didn’t see a preferred order of operations.

The Deploy fixlet should only be relevant when you have successfully gathered the schema update so you can’t apply it until your WebUI has been updated anyway.

As long as you have 9.5.5 or later and the Schema update of WebUI you can use that fixlet, or if you install a WebUI Service (if you didn’t have one) it will also activate with DB access.