Compatibility of Upgrading BigFix Agents and Relays to 11.x with BigFix Server 9.x/10.x

Hello BigFix Community,

I am planning to upgrade our BigFix agents and relays to version 11.x. Currently, our BigFix server is running on version 9.x (or 10.x).

I have a few questions regarding the compatibility and best practices for this upgrade:

  1. Compatibility: Will the 11.x agents and relays be compatible with a BigFix server running on version 9.x or 10.x? Are there any known issues or limitations I should be aware of?
  2. Best Practices: What are the best practices for upgrading agents and relays to a newer version while the server remains on an older version? Should the relays always match the server version, or is it acceptable to have relays on a newer version?
  3. Support: Does the official support policy allow for agents and relays to be on a higher version than the server? If so, are there specific guidelines or conditions that need to be met to ensure stable operation?

I appreciate any insights or experiences you can share regarding this upgrade path.

Thank you!

Welcome @swapnil !

Totally! If you are using a relay or client version higher than BigFix master, I have not heard of any issues.

Additionally, we have nearly all of our clients and certain relays running versions greater than BigFix master.

My friend at a different organisation is acting similarly and there don’t seem to be any problems.

Note: We also intend to upgrade our master using a two-stage approach from version 10.x to version 11.x.

Certainly, it is recommended practice to have BigFix relay and client versions match BigFix master, not higher.

Not supported; you can contact HCL product support with problems if you have a support licence. However, they will either request that you revert to a previous version to match BigFix master or if its feasible upgrade your master to match the versioning across whole infra.!/wiki/BigFix%20Wiki/page/BigFix%20Upgrade%20Best%20Practices

@vk.khurava I know from the page: Upgrading on Windows systems - that - “During the upgrade, the versions of the different components must respect this rule: server version >= relay version >= client version”

I’m always respecting those rules while doing upgrades to the infrastructure

1 Like

The path you take may also be factored by the reason for the upgrade. Is it for security concerns or functionality. I favour maintaining the main server to as high a patch level of a supported version as possible before updating endpoints so the path I follow is main server, then relays then clients. You will find the HCL provided fixlets need custom copies as I they have version check so the relay and client fixlets for v11 would only be relevant if the registration server is v11. I have run newer relay and agents than the main server but only within the same major version, e.g. server 10.0.1, relays/agents 10.0.5, which was mainly for OS support reasons. I did test a v11 client and it work ok on a v10 main server and relays but I would personally try to avoid that scenario unless only a v11 agent supported a newer OS and there wasn’t a 1.0x version relased. Upgrading only clients and relays you may not be addressing any CVE’s that exist at the application level.