Does anyone know what the process is during the Computer ID generation?
I ask because we have one environment with 23k systems that we built a reporting poral around. Then years later, we took over another environment that has 5600 systems and as we pulled them into the same reporting portal, we found four computer IDs that were duplicates of the ones we had from the first environment.
This was a problem because we were using the computer ID as the primary key.
We are coming up with our own Primary key which may or may not include the Computer ID. Knowing how the computer ID is generated would be helpful.
When you mentioned that you took over another environment, does it means that you migrated the clients into your big fix server OR you mean that you aggregate information from different Big fix servers into one Reporting database
I think that you aggregate information from different Big fix servers into one reporting database.
the "Official" way to handle this in BigFix is via BigFix Insights. Insights is designed specifically to aggregate data from multiple BigFix roots into a single Data Warehouse (using Tableau or PowerBI). It solves the duplicate ID issue by creating a DataSourceID to prefix the ComputerID.
If you have a customer reporting database, apply to some logic to get a unique objects
The original instance of BigFix is multi-tenant. The one we took over is not. We considered Insights but it did not meet our needs.
We have a single location for customers to go to see all Patching and Vulnerability Management data. We have a very complex and proprietary algorithm for RISK calculation and we built an entire portal around it. We then added our patching (Main role of our BigFix instance) dashboards and data to that same portal.
We also keep a history of all systems. This means that if a customer takes a system home and puts in a drawer for 6 months, effectively causing our BigFix cleanup process to remove it from the BigFix database, when they boot it back up, it usually has communication issues due to the revoked keys. BigFix gets removed and reinstalled, then calls in as a new unique computer (ID). Now we have lost all data. If it were to keep the same ID, it would find the data in the database and we would regain it's history.
We considered using a data source prefix but instead, we are creating our own unique ID. We are taking the computer ID and adding a 5 digit random number.
random integer of 89999 + 10000
We are then storing this in a separate part of the Windows Registry, unrelated to BigFix; on Linux it will be held in \etc.
This is extremely helpful because we can still reference the computer ID but just ignoring the last 5 digits. This will help us connect to the endpoint's history until the permanent computer ID is fully implemented.
While the ComputerID is a unique key within a BigFix instance, they are not unique across instances. The ComputerID is issued to the endpoint on it’s first check-in and registration with the root server (or via a relay up to the root server). I believe it’s generated by a stored procedure in BFEnterprise SQL database, but I am not in front of my lab, so I cannot check at the moment.
Storing the ComputerID in a separate registry key (or file) for later use is a pro move. I have used that sometimes when doing migrations to a new masthead, where I wanted a reliable pointer back to the prior computerID and one where BESRemove would not remove it.