I am planning to upgrade our BigFix agents and relays to version 11.x. Currently, our BigFix server is running on version 9.x (or 10.x).
I have a few questions regarding the compatibility and best practices for this upgrade:
Compatibility: Will the 11.x agents and relays be compatible with a BigFix server running on version 9.x or 10.x? Are there any known issues or limitations I should be aware of?
Best Practices: What are the best practices for upgrading agents and relays to a newer version while the server remains on an older version? Should the relays always match the server version, or is it acceptable to have relays on a newer version?
Support: Does the official support policy allow for agents and relays to be on a higher version than the server? If so, are there specific guidelines or conditions that need to be met to ensure stable operation?
I appreciate any insights or experiences you can share regarding this upgrade path.
Totally! If you are using a relay or client version higher than BigFix master, I have not heard of any issues.
Additionally, we have nearly all of our clients and certain relays running versions greater than BigFix master.
My friend at a different organisation is acting similarly and there don’t seem to be any problems.
Note: We also intend to upgrade our master using a two-stage approach from version 10.x to version 11.x.
Certainly, it is recommended practice to have BigFix relay and client versions match BigFix master, not higher.
Not supported; you can contact HCL product support with problems if you have a support licence. However, they will either request that you revert to a previous version to match BigFix master or if its feasible upgrade your master to match the versioning across whole infra.
@vk.khurava I know from the page: Upgrading on Windows systems - that - “During the upgrade, the versions of the different components must respect this rule: server version >= relay version >= client version”
I’m always respecting those rules while doing upgrades to the infrastructure
The path you take may also be factored by the reason for the upgrade. Is it for security concerns or functionality. I favour maintaining the main server to as high a patch level of a supported version as possible before updating endpoints so the path I follow is main server, then relays then clients. You will find the HCL provided fixlets need custom copies as I they have version check so the relay and client fixlets for v11 would only be relevant if the registration server is v11. I have run newer relay and agents than the main server but only within the same major version, e.g. server 10.0.1, relays/agents 10.0.5, which was mainly for OS support reasons. I did test a v11 client and it work ok on a v10 main server and relays but I would personally try to avoid that scenario unless only a v11 agent supported a newer OS and there wasn’t a 1.0x version relased. Upgrading only clients and relays you may not be addressing any CVE’s that exist at the application level.