Date/Time: May 11th, 2016 at 11:00 AM EDT (15:00 UTC/GMT, UTC-4 hours) for 60 minutes. Presented by: Nathan Hanner from our IBM BigFix L2 Support organization along with a panel of other product experts arrayed from our product management, development, and services teams.
Check back ahead of the event for the link to the meeting invite.
Ahead of and after the OpenMic; please post any questions you would like to have answered either during the OpenMic or through this forum.
To receive email notifications for upcoming Security Support OpenMic web casts, send an e-mail to isssprt@us.ibm.com with the following in the subject line: ste subscribe Endpoint And Mobility Management.
On page 5 of the presentation, you show that the client will check for download files in
BES Client__BESData__Global__Cache\Downloads
first and then in
~__Global<sitename><actionid>\0
what is the difference between these 2 locations (ie. what proces puts files there) ?? Do the files get moved from
~__Global<sitename><actionid>\0
into
BES Client__BESData__Global__Cache\Downloads
On Page 9 it says
"When the relay gets the final file for an action it will look at the action and send a UPD ping request to all the endpoints relevant for that action. "
How does the relay know which clients are relevant for the actions? Is this checked somehow from the Relay or is it the Server that tells the relay this info.
Page 21, another problem scenario with Proxy usage is if the exceptionlist is not defined when configuring BigFix to use a proxy. There are some applications Eg. LMT/BFI v9 that have actions (ie. Catalog Download) which tried to prefetch the
Software Catalog from a local network machine and if Proxy is configured but Exceptionlist does not specify local addresses to ignore, then that will fail to download the Software Catalog. Just need to add the local ip or subnet into the exceptionlist definition on the Proxy setup.
BESClientDownload_NormalStageDiskLimitMB is the limit of all files of an action. BESClientDownload_PreCacheStageDiskLimitMB is the limit for one file of an action.
The relay doesn’t really know which clients are relevant for an action. The relay is sort of dumb (all the intelligence is on the client). The relay notifies the client that something is there (an update to a site or a download) and the client responds to this notification by gathering it or downloading it. When the client evaluates an action that contains a download, it makes a request of its relay parent for the download, if the parent relay does not have the file being requested it goes up the relay chain all the way up to the server until a copy of the file is located or the main server and all the relays in the chain between the client and the server would need to re-download and re-cache it to make it available to the requesting client.
Not really, if you are talking about the “File Pre-Cache Wizard”. The issue with the wizard is that it’s more of a static wizard. You can select fixlets from it to cache but you have no way on knowing which fixlets are relevant for the systems you are caching. If I have 10 systems that I’m trying to patch and they are on 5 different patch levels, they would all have different patches required. I could hammer them with EVERY patch that I have cached which would guarantee that they got the correct patches, but that would also send them GB’s worth of patches they don’t need and needlessly extending the time required to pre-cache.
What I’m looking for is a dynamic method of pre-cache patch files based on an action. Example: I have a baseline of 100 patches that I would like to send to a set of endpoints, each endpoint has different patches installed, but they all need some subset of these 100 patches. There would be a new checkbox, or something, that says “Pre-cache all relevant patches of this action”, which now sends calculates which patches are required as part of this baseline and stores the patches locally on the endpoint. I can now issue the actual “patch” command some days later so that it will actually “patch” during my defined maintenance window and all of the time-consuming part of downloading the patches has been completed beforehand.