I am wondering if there is a method that we can implement in our environment to get the Branch Cache feature enabled.
By saying branch cache, I mean that if we have a site of 50 users and I do not want to implement a relay as it would involve cost. How can we allow the first machine from that site reporting to root server to get all the content downloaded and then the remaining machines would contact that first machine for the content.
And the first machine will not be the first one to get the content every single time, so the next if another machines reports to root server, will start working as a content cache for other machines.
A BigFix relay is exactly the solution you are looking for, just not on server hardware.
You can do this by just taking one or two systems in that place and make them relays, then all other systems should be set to use auto relay selection and they will use those machines as relays unless they can’t contact them for 10 minutes, then they will do relay re-selection and failover to a different relay.
A relay doesn’t need to be expensive hardware, particularly for 50 endpoints. It should be a desktop system with a Gigabit connection if possible that is set as a “Last Man Standing” and set to not go to sleep. Ideally it would have plenty of hard drive space for a larger relay cache and a battery backup to keep it alive durning a short power outage.
If you already have VMs running on a server in that remote location, then you could spin up a relay VM for that location.
You could also put in place an inexpensive purpose built desktop system as a relay that has no other primary function. It could be something very small and relatively inexpensive like the Dell Optiplex 3020 micro, NUC, or similar.
If you have digital signage machines that have more than enough CPU to perform their primary function, those might also be a good candidate for a relay. I would just be concerned that some of these types of machines can have very low specs and even though it being a relay won’t put much extra load on it, it might be too much.
We’ve also done this with publicly available kiosk machines in the buildings. Any node with high up time is a great choice. If a small form factor dell is too expensive you could do a NUC as well
It would be great to figure out what are good options for small inexpensive enterprise friendly hardware for BigFix Relays.
I’d like to figure out an option that has 1 PCI-Express slot that could be used to add more Network Interfaces if desired at a later point, but that is a more specific need that isn’t required in most cases.
The problem here is that the client does not want to promote any machine in that site to Relay, be it a VM, Laptop, or any lab machine.
What I am trying to achieve is to define the connectivity in such a way that which ever machine in that site reports to the BES root server as the first client then that machine should work as relay. But the next time it is possible that the same machine would not report as the first machine and in that case the next machine which reports to root server as first client should act as relay.
I am pretty sure that this kind of configuration might bring a lot of questions for security which I would be glad to make a note of :).
I’m confused about why they want to make a machine act like a relay, but not be a relay.
The only thing special about this configuration is that it seems they want which machine is the relay to be more dynamic and automatic than normal. This would be a useful feature for the product to define something in-between a traditional relay and client, but there isn’t a way to do this easily now.
Do they have VMs at this remote site?
Do they have Desktop machines that are used by staff or other functions in which it wouldn’t be turned off by just anyone?
I totally agree with your point jgstew.
But if the request would have been to create a relay then I would not have posted this query in the forum.
As per the client the problem is that the 50 machine that are in that site are all user’s machines.
If machine A has been assigned the relay privilege and the next time machine A is not in office or moved to another location then this would defeat the purpose of getting this customization done.
What I am trying to achieve is a site level configuration and not a machine level.
I will keep trying to research about this topic and will keep you posted for any updates.
What you are looking for is more of a P2P client to client interaction where all clients can act as relays and the other clients can arbitrarily connect to them and ask them for content or downloads (if they have them). Or to have some intelligence between them to know which machine should be promoted as the relay at any given point in time. BigFix does not offer this type of functionality or configuration. You can file an enhancement request here: https://www.ibm.com/developerworks/rfe/?BRAND_ID=90
Out of the 50 machines that are at the site, is there not one or two that are static enough to designate as the relay(s) for the site? What kind of site is this? Do all 50 machines popup and dropoff of the site at any given time?
Maybe a $35 Raspberry Pi? I am not to sure if a BigFix client could run on one. Perhaps an interesting experiment for the next BigFix User’s Group or Hackfest.
This is not a problem for BigFix, it will automatically failover to another relay. Things will still work. Obviously I would recommend assigning the relay to a system like a desktop that is unlikely to be moved. If it is moved, then just pick another computer and make it a relay.
Alternatively the cheapest option is to recycle an old laptop with gigabit ethernet, set it to not go to sleep when the lid is closed, and make it a dedicated relay.
The Root server and top level relays can have some important configurations to them that are a bit unique, but most of your lowest level relays should be considered disposable and easy to replace in short notice.
It would be great if IBM added some functionality to have something in between dedicated relays and clients. In a similar way that you can designate wake on lan forwarders, designate desktop systems as optional relays that would be self coordinating within a particular subnet or similar small grouping. I could see this in-between functionality potentially only being used to cache downloads and reduce WAN traffic instead of full relay functionality. Processing UDP notifications would be very useful as well.