Dynamic relay server?

system · June 13, 2008, 9:34am

(imported topic written by Shlomi91)

Hi,

i have been rolling this idea for some time now…

our setup is 3 major sites (Hong-kong, Haifa and Norfolk), with ~130 remote sites all over the globe.

the smaller offices are connected with an MPLS network with 256Kb to 2 MB lines.

i am having a bandwidth problem, because:

A. when a client is first installed, its “relay selection” is set to “manual”, with the main BES server as relay.

B. most these branch offices dont have a local server, and i am forced to set a relay on one or two of the PC’s.

these are sometimes not available, which causes the rest of the clients to re-elect their Relay, and in most cases land on the main BES Server as their relay.

C. since both the fixlets and the files are transferred over the same port, i cannot allow the commands to go through my firewall, and block only the software / patch from being transferred.

what i would like to have is this:

A. install clients with “automatic” relay selection as default.

B. an option to block the main BES server to function as relay.

C. a way to allow commands to go from the server to the clients, but will not allow files to go through.

D. if possible, develop a mechanism called “dynamic relay”, where if no relay is found within “n” hope (“n” is configurable, of course), for a period of more than “n” time (configurable),

an election is made between clients and one is elected as relay.

feel free to add comments / suggestions…

Shlomi

BenKus · June 14, 2008, 12:47am

(imported comment written by BenKus)

Hi Shlomi,

I think you can tweak your setup slightly to get much better results. Here is my suggestion to solve your issues:

Establish a dynamic policy to either throttle your agents or lock them if they are more than 2 hops from their relay. For more information on how to do this see:

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=367

http://forum.bigfix.com/viewtopic.php?id=100

Create a policy so that agents will switch to autoselection after install: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=242

(note that the agents need to get a list of the relays before they can do autoselection so they need to contact the server or a specified relay at least once on install… if you want to tell agents to contact a specific relay and skip the server, you can use http://support.bigfix.com/cgi-bin/kbdirect.pl?id=454).

If you have 7.0 agents, consider turning on the new “Dynamic Bandwidth Throttling” feature that can help the agents determine the current network conditions and throttle appropriately. There are Tasks on the BES Support Fixlet site to enable and control the dynamic bandwidth throttling.

So to go back to your requests:

A. See #2.

B. If we allowed this, it would quickly lead to “orphaned agents” that you couldn’t control and we believe that is a major issue. If you implement the policy above, you should have agents either throttled/locked, which hopefully will accomplish what you are looking for.

C. That is exactly what a “Locked” agent does.

D. We have thought about this, but when you examine the implementation options, there are a lot of potential cases that lead to very undesirable and uncontrollable behavior and we haven’t found good ways to solve these issues. But hopefully by implementing the policy above, it greatly mitigates the need for such a feature.

Ben

system · June 15, 2008, 8:51am

(imported comment written by Shlomi91)

Hi Ben,

thanks for your suggestions, will test them and report back.

Shlomi