We had a similair problem for a client. Very large, many many subnets, networks changes were constant (add/change VLANS) and many endpoints (>30k). To make matters worse, a large portion of the endpoint would MOVE between campuses on a regular bases.
The customer was also very fearful in some locations about bandwith in general and lastly wanted to be able to group devices in automatic groups (not all endpoint where in AD either… so could not leverage that).
What we did find was that the network team of course had the subnet/VLAN information we wanted and live information from SolarWinds. So we asked for a dump in CVS format. What was interesting to me was that they gave us data that looked something like:
SUBNET, LOCATION, City, Address, LinkSpeedUp, LinkspeedDown
10.10.15.34, EastCampus, Boca FL, 11 yamotta Way, T1, T1
10.10.24.32, 3rd Floor Corp, Mirimar FL, 1234 tarce cir, Ethernet, 100 gps
10.45.56.76, Store 123, Jaxsonville FL, xxx 9 street, DSL, DSL
It was interesting to me becuase they had the “Subnet by Location” information (friendly name) link speeds and other nuggets that would help us for making groups of devices and providing the address, friendly name (no longer needing SubNet by Location Wizard) and link speed that might help us understand throttling per location.
Now how can we leverage this? (at the end this was all automated when the Network folks dumped/updated a file for us)
Well, I thought about how the relays.dat file works, basically every time you update a relay or add/remove a relay BigFix compress uip the relays.dat file and send it to all endpoints. So we wrote a script that took the Network team subnet dump and merged it with our relay information:
SUBNET, SEEKLIST, FAILOVER, LOCATION, CITY, LinkUp, LinkSpeeDown
10.10.15.34, EAST;FL1, TIER1;TIER2;TIER3, EastCampus, Tampa FL, 11 yamotta Way, T1, T1
10.10.24.32, CORP;FL1, TIER1;TIER2;TIER3, 3rd Floor Corp, Mirimar FL, 1234 tarce cir, Ethernet, 100 gps
10.45.56.76, WEST;FL1, TIER3;TIER1;TIER2, Store 123, Jaxsonville FL, xxx 9 street, DSL, DSL
It was fairly easy based on the names to plug in our relays groups (affilications) based on the locations to the network teams data. Now we zipped up this file (being all TEXT thousands of lines become a few K in a ZIP file) and the file was added to the a custom site with -SendtoClients. Note that this zipped up file was smaller then most of the other files in any site.
On the client side, we had a policy that looked for the DATE stamp of this file and if it was say new in the last 15 minutes, the policy became active, which did the following:
- Unzip the file
- Lookup up it’s Subnet in the file
- If the settings for SEEKLIST / Subnet by Location / Failoverlist were not set or DIFFERENT then the lookup:
Set _BESClient_Register_Affiliation_Seeklist
Set _BESClient_RelaySelect_FailoverRelayLis
Set Location_By_Subnet
Set City
Set Uplink
Set DownLink
Also note, we put in the common home IP address (like 192.168.1.x) into the file and called location “INTERNET”, if no match was found we put UNKNOWN for location. this helped us find subnets that were NOT our file. At this point during testing we did NOT enable automatic relay selection (all client were manual at the time) but waited to ensure the settings seemed to be correct. We had another Fixlet that would check if all these settings were correct and if in manual mode, become active to switch to automatic mode. So we slow rolled this out and it worked quite well. Even started to play with the LinkSpeed to adjust throttling.
As this was automated, it was rather cool to watch machines change locations (frequent travel between campuses) and watch the Subnet_By_Location and relay selection change dynamically. With a few changes you could also use this method to set MANUAL relay selection based on the same data.