Short Lifespan endpoints - Best Practice

How are other BF folks dealing with shorter lifespan endpoints in Bigfix? Currently my Azure devs are testing a process that stands up 2 vm instances every time a user logs into portal, and then shuts it down immediately. These vms share the same IP, use a cycled name, and get created/recycled roughly 2-3 times each hour.

I am basically removing 120-150 records day just trying to keep my console clean. If I don’t, it messes with my server counts as these are all Win2019. Is there any Bigfix internal process where I could script these to drop from console with 15 minutes after creation?

image (6)

2 Likes

You can use the cleanup tool integrated in the BigFix admin tool.
We are cleanup VMs based on duplicate unique ids(A custom property we have created to identify duplicate entries), you can use any computer property that can identify a duplicate instance.
We run the tool every 24hrs and that keeps our BigFix console clean. You will need to customized it based on your requirements/environment.

See the following reference:
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_clean_up.html

There is also this idea for a better solution within the product - https://bigfix-ideas.hcltechsw.com/ideas/BFMCLOUD-I-9

My main concern is that I only want these servers removed. I still need the brunt of my non-report servers to stay in console so I can research drop-outs and comm issues. The computer cleanup tool is an all or nothing deal right now.
I have tried to use the duplicate instance setting previously but that has been inconsistent.

Edit: The Bigfix Idea that cstoneba posted seems to be exactly what I am asking for. Voted

1 Like

@Meydey, would it be an option for the Azure devs to call the BigFix REST API to remove the specific VMs after destroying them? Pretty easy to do by Computer ID, which they could pull from the endpoint registry for their integration.

1 Like

@cmcannady While it is a wonderful assumption that my cloud guys will listen or take a recommendations from me, that is not really an option. Currently fighting with them just to tag on build via script so I can determine ownership. Sometimes I really wish for a small >10 IT team to get stuff done. 1800+ is taxing.

2 Likes

Well that’ll blow your license usage out of the water. Did this ever get resolved?

Best I’ve got are prayers and a custom filter based on the expected machine name, and then manually remove them every so often:
image

I have a property called “Cloud Name” (from BES inventory) but you could use any session relevance query to detect the cloud instances. Then I have a script that runs every hour that returns all “cloud” computers and their computerID where last report time is 12+ hours. Then it just deletes each of those by making a call to the BigFix REST API /computer delete endpoint
https://bigfix.me/restapi/?id=326

3 Likes