I’ve been referencing this online guide for migration: How to Migrate the IBM Endpoint Manager Server
Current setup:
- Current bfxmaster server BFX01* replicates to DSA servers BFX02 and BFX03
- We do not currently have a top-level relay and hence all of our relays - and a couple of thousand clients with restricted access and no local relay - report directly to BFX01 (which is not ideal)
I’m proposing a change that will hopefully hit two birds with one stone, i.e. move the master server to a better server and re-purpose the former master server as a top-level relay (as all the global firewall access, etc. is already in place to its IP); taking pressure off the new master. Plan:
- Setup new master server BFX04 (to use more powerful hardware in same VLAN)
- Remove replication from BFX01 to BFX03 (as no longer required)
- At time of switch-over, stop BES root services on BFX01 and install BES Relay component (to change this server from a master server to a relay)
- Modify the hosts file on BFX01 to point the bfxmaster DNS alias to the IP of BFX00 (new master server). My goal here is to make the change transparent to the clients and only have BFX01 know that the master server has moved from it to BFX00
- Manually change Primary Server for all relays to BFX01 (new top-level relay) and keep bfxmaster as the Secondary Relay
- Check on BFX00 that machines are reporting in correctly and then change replication to now go from BFX00 (new master) to BFX02
Few things I’d appreciate some feedback on:
(i) Is it possible to stop - but not uninstall - the root service/component on BFX01 and install the relay component, and just have this server running as a relay? I’d like to wait before uninstalling the root server component from BFX01, until I’m sure that I don’t need to roll-back for any reason
(ii) Regarding replication… How easy is it to add/remove servers and/or change the direction of replication? It was setup in my environment before I joined, so I’ve never had to modify it. Doing a browse online makes it seem pretty involved and there doesn’t seem to be a GUI tool. I’m obviously not recovering from a server failure, so I’m hoping that planning changes - rather than reacting to a failure - means that it is easier to modify. Thoughts?
Articles I’ve seen:
DSA Disaster Recovery: Version 19
How to remove a secondary DSA server from TEM Administration Tool
(iii) Regarding modify the hosts file on BFX01 to point the bfxmaster DNS alias to the IP of BFX00 (new master server)… presumably this will work rather than specifically rerouting the DNS alias to the new server? It suits our purposed as I am happy for all other servers to think BFX01 is still the master server, as long as the host file hack is enough for BFX01 to know that it’s not and that BFX00 actually is the new master. How will that affect things like the assignation of relays; what the console thinks of as the “Main IBM BigFix Server” and any other pitfalls?
Whilst I’m looking forward to the positive affects of these changes, it’s also not a question of choice… Due to factors out of my control, it’s a migration that MUST be completed ASAP. To that end, any advice regarding simplification - or possibly my over-simplification! - would be much appreciated.
Thanks.