How to identify patch installed done by IBM Bigfix

Dear Team,

In my environment i deploy 2month patches from baseline but while monitoring through my Network monitoring tool its shown source from some public IP in that cause how we can ensure the patch download only from IBM Bigfix Server/ Relay .

Note: While deploying patches through bigfix, all the clients get the update directly from Microsoft site so high bandwidth utilisation happen.

why the bigfix client downloaded the patch directly from INTERNET instead of Bigfix relay/ Bigfix root server.

Kindly provide your suggestions on this.

Here Below I attached the screen shot of Utilization and N/w Monitor report.

There is a client setting that will cause the BES Client to download it’s files direct from the URL listed in the Action.

_BESClient_Download_Direct
Normally, BigFix Clients will contact their BigFix Relay to receive downloads from the internet. This setting forces the BigFix Client to download files directly from the internet using the url specified. This setting takes precedence over other download settings.

Ensure that this setting is not set on any of your endpoints.

Normally, the Main BES Server performs the only “Internet” download and the Relays are used to distribute the file to the endpoints.

2 Likes

Yes I agree that @TimRice But in my environment only Servers taking patches directly from the internet , In that cause i need to apply this settings only to Server endpoints right?

Regards
Vicky

Hi
Look here the details for the setting details: _BESClient_Download_Direct

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

The default as already mentioned is that the server will be the only one downloading. Are you sure that Windows Update is not still on for a lot of your endpoints?

Dear @AlanM

I put the client settings value for restrict clients download patches directly from internet.

Now i have one more query, if i initiate the patch task to IBM Bigfix Secondary(DSA) server its taken a patch download from our primary server or it can download directly and install because both server are BES Root Server’s

Kindly share your experience about this.

Thanks & Regards
Vicky

1 Like

As the secondary is a server its default is to download directly as well. as well. I am not sure you can set it to fetch downloads from the master server or not. I suggest you open a PMR to get the correct answer.