Hi All,
I have a question about how BigFix handles MS patching to endpoints. Normally with fixlets I know data is cached on the relay and endpoints get it from those. But in the case of MS patches, where the fixlet actions say to prefetch the patch file from http://download.windowsupdate.com… is each endpoint actually doing that?
Not by default, no. Even though the actionscript might specify a prefetch with a particular URL, the Client first checks to see if it has the given payload in its download cache, then checks with its parent Relay. If the Relay does not have it, it checks upstream all the way to the BigFix Server. If the BigFix Server also does not have the given payload in its download cache, it will download and cache it, then make it available for downstream components.
Please see https://www.ibm.com/support/knowledgecenter/en/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Config/c_managing_downloads.html for more information.
Thanks! So if I’m running an action, using the option for endpoints to start downloading before the action constraints are met… at what point would the relays actually have the patch files?
I asked because our Network team saw high WAN utilization around the same time we deployed patches. We allowed clients to download the data immediately but not run until after hours.
Would it be a better course of action to pre-stage all the patches to the relays first?
When deploying an action with the ‘Start client downloads before constraints are satisfied’ option checked in the Execution tab, then Clients will start downloading payloads immediately after they receive the action (which if the endpoints are online, should be shortly after the action is issued/deployed). And that is likely when the Relays will download the files as well if they don’t already have them in their download cache.
Thanks Aram. So basically the moment the first endpoint downloads the patch update file, its parent relay also downloads/caches it? Does its immediate parent download it or does the very top level BigFix root server download/cache it, which then works its way down the stream to all relays then finally to the endpoints?
I guess I’m still a little unclear… at any point does the endpoint download data directly from the URL specified in the prefetch or does it always just prompt the relay to download it?
Unless you have modified the client or relay settings, all downloads go through the BigFix relay hierarchy and only the root server accesses the Internet.
There are several settings that can modify this behavior, as described at IBM Documentation
Those settings include
_BESClient_Download_Direct
_BESClient_Download_DirectOnFail
_BESGather_Download_CheckInternetFlag
_BESGather_Download_CheckParentFlag