We are working on deploying BigFix to our Windows server environment. We have AWS, Azure, on-prem, and DMZ.
Months back we added AWS Clients and AWS Relays. This past week we added Azure clients and found that when we initially joined Azure clients, automatic relay selection defaulted to our AWS Relays. Clearly the connectivity must be too good
This is an issue, as we do not want clients using relays in their opposite clouds. So I believe to address, we should be looking at relay affiliation?
Documentation, I feel, is lacking on this feature. It’s unclear to me how to create groups but I do know how to assign them. So asking for help
My thinking is the most straight forward configuration, is create two relay affiliation groups called “AWS” and “Azure” and assign to AWS Clients and Azure clients respectively. Our on-premises servers and DMZ servers would not use Relay Affiliation (at least for now). The cloud groups would also include on-prem Relays.
Relays and servers can be assigned to one or more affiliation groups through the client setting:
_BESRelay_Register_Affiliation_AdvertisementList
Set also client setting to a semi-colon delimited list of relay affiliation groups, for example:
AsiaPacific;DMZ;*
For Clients:
Clients are assigned to one or more relay affiliation groups through the client setting:
_BESClient_Register_Affiliation_SeekList
Set the client setting to a semi-colon delimited list of relay affiliation groups, for example:
AsiaPacific;Americas;DMZ
You just need to make sure that the clients and the relays that you want talking have the same value. For example the relays are tagged with either Azure or AWS, as are the clients.
If I use create affiliation groups, and for clients I don’t define any client setting for _BESClient_Register_Affiliation_SeekList, I assume they continue to work exactly like before?