I am in a baptism-by-fire category here. Have no knowledge of BigFix but got handed the system to manage. So, please be patient with me.
Right now, there is only one other person, who knows faintly about this product and the way he showed me about the console access was using RDT into the BigFix machine and running the console app, using the desktop icon.
One of my initial actions is to enable multiple people to be able to run console apps. And as expected, I do not want to give RDT access to master bigfix server machine to any Joe Blow. I want to install some sort of a client, like the one I run on the desktop of the master machine, to the laptop’s of remote site administrators and in the same train of thought, to my machine and other server administrators’ machines as well. When I am on the RDT session, I have my active directory account, enabled to login to the console app,
I just don’t know how to install the client to these remote machines. Is there a step-by-step explanation about how to do this somewhere ?
Also, are there any firewall ports that need to be open for this thing to work ? If yes which ports/protocols/direction ?
The short answer is Yes, you can.
The IBM’s recommendation is login the console through a RDP connection, but not directly to the BigFix Server as the console has a high usage of resources(Mainly memory). There should be a terminal server so it could distribute the connection licenses and avoid the 3 parallel remote connections. If you don’t have this in your environment you could install the BigFix Console package on the laptop’s users, you can get the package installation from the BigFix Server, generally:
Copy the installer and the afxm file included in the folder.
If the user authenticity is implemented with the active directory, the laptops should be able to reach the active directory so they can authenticate. There is another option, which is manage the users using the BigFix application, but that will give you more management. However this is possible and many implementations use this option.
The port required depends on the BigFix Version:
Version 8.1 and earlier:
HTTP 52311 for sending actions (configurable at install time)ODBC Database connection port varies (usually 1433)
Version 8.2:
Console initially connects to the Root Server via 52311 (by default) which then forwards the Console to HTTPS 52313 (by default) for all further interactions
Version 9.0 and later: HTTPS 52311
Protocol: TCP (HTTP/HTTPS), ODBC connection-specific
The console can run on different machines yes. The installer should open the firewall ports that are needed when you install it, and I’d suggest that you install via fixlet so having agents on the machines that are running consoles (so you can update them when the server updates)
To install an agent on a remote machine is fairly easy if you have access to it. You merely need the masthead and the agent installer. If its Windows machines and the console you have has line of sight there is a client deploy tool that is usable as well.