I have a very early proof of concept for remote relevance debugging that is working here:
Right now it is basically a REST API that calls the BigFix Root Server REST API to create an action that uses CURL on the endpoints to send the results back to the remote relevance server using a REST API call. Currently written in python, and the results are only available in the server console.
My plan is to make it a webapp using websockets to push the results from the remote relevance server to the webapp.
It would also be nice if you ālogged inā to the remote relevance web app and it checked with the BigFix Root Server to see if the credentials were valid to give you access to the web app, but then also cache them for use while doing remote relevance evaluations.
I wrote this using Nitrous which gives you a free linux VM and IDE to develop/test in. You can try out this project quickly using Nitrous.
Iām not completely certain with what you mean by āevalā on the client. Do you mean using eval.exe? I could use eval.exe in the actionscript to do the eval instead of relevance substitution, but I saw many advantages to creating actions directly anyway, so I figured relevance substitution would work.
Another option would be to create a new analysis property for every query and then poll the server for the results, but I didnāt see a way to make this as quick as creating an action and having the bes-client push the results to the remote-relevance-server.
I am creating actions to leverage the existing BigFix infrastructure to deliver the remote relevance query to the endpoints I wish to query. As long as they receive the UDP packets, they reply very quickly. The idea is that I do not need to figure out how to connect with each endpoint I wish to query, the existing infrastructure does that for me.
I am also using a computer group ID to determine which endpoints should be targeted by the action. I donāt need to know ahead of time which computers will be queried, or even that all of the computers are online. As long as a few are online, you will get results from them.
I could also see querying a specific endpoint by specifying it, but that would not be guaranteed to work if it is offline or at a network location where it does not receive the UDP packets.
Also, since I am using the existing BigFix infrastructure, this requires that the credential used have access both to the endpoints, as well as the automatic group being used. This means that it will respect the console permissions and not require a separate permissions scheme.
It occurs to me that with websockets, this might be possible to do this using a client side application entirely and not require the server middleman, as long as the endpoint can connect with the client side application directly. There is still an advantage of using a server middleman that has a public IP that the bes client endpoints are more likely to be able to reach.
Just wanted to update this thread and point out that the WebUI Query functionality is meant to provide remote relevance debugging capability and is available now.
It is also possible to do Queries using the REST API.
Another option is to make an analysis just for doing remote relevance evaluation and make new properties for each query. The analysis in question can be limited in scope to only test machines if desired and reevaluate once every 30 days. This is how I always did remote relevance evaluation before other options existed, and as long as UDP notifications / command polling is in place, then it works very well and has some advantages over the other methodsā¦ mostly that it will eventually get all machines that come online over the time period it is active.