Setting up a "False Root" configuration

Mark Leitch’s BigFix 11 “blog” includes a diagram of a configuration that we’re very interested in replicating.

image2225×1318 364 KB

Where can I find information about setting up a system like this? Essentially, we’d want to have the masthead route clients and all other relays to a “False Root” (or “Primary Relay”) server so that only the False Root, WebUI, Web Reports, and Consoles communicate with the Root Server. We’re not worried at all about those “Relay Cluster” clouds.

Root ↔ Primary Relay ↔ Secondary Relays ↔ Endpoints

Some of the items that are not clear to me at the moment:

• altering and distributing the masthead
• configuring relays to be left out of the auto selection list

Anyone have any thoughts about all this?

I think it would be something like:

Set your Primary Relay to manual relay selection to the Root server,

Top Level Relays would be excluded from auto seleciton using:

_BESRelay_Selection_AutoSelectableRelay = 0

Last Fallback Relay = False Root

image716×526 41 KB

So, for the prevention of relay auto-selection, you’re saying that I’ve already asked and received the answer to this question? #oops #sorry

We actually have a fallback relay defined in our masthead but still have 20 or so clients reporting to the root server instead of a relay. Any idea what’s going on there?

First thing I would do is verify that those 20 or so clients have the proper masthead which defines the last fallback relay, and that they have a network path to the relay as well.

Edit:

Another thing I would do is check that DNS or local hosts files are not causing grief with name resolution of the fall back relay.

One thing to note is that the root server itself does not respect the AutoselectableRelay client setting.
The only good way to prevent your root from being selected by auto-selection is to configure it to advertise an Affiliation Group that no client seeks. I.e.

_BESRelay_Register_Affiliation_AdvertisementList = "DoNotUse"