Managing data sources

Computers in an organization can be divided into organizational units, and can be monitored by multiple BigFix infrastructures. Each infrastructure is referred to as a data source. Data from multiple data sources can be imported to one instance of BigFix Inventory.

About this task

Definition of a data source
A data source can be viewed as a BigFix server and the clients that report to that server. Thus, a data source is the infrastructure from which BigFix Inventory imports the scan data. Organizations can define multiple data sources that mirror various types of organizational units such as departments or countries in which the organizations have their branches.

A disconnected data source is specific for environments that are monitored by disconnected scanners. It can be defined as a directory on the BigFix Inventory server that provides the scan data during the import. The disconnected data source cannot be the only data source that is set up in BigFix Inventory.


Infrastructure with two data sources
Hardware requirements
Sum up the number of the BigFix clients that report to BigFix Inventory from all data sources, and ensure that the computer where BigFix Inventory is installed meets the hardware requirements specific to the environment size. You can designate a physical server or virtual machine that is capable of handling large data imports (ETL) and has the capability to process a large amount of data. For more information, see:
Import of data from multiple data sources
During the import of data to BigFix Inventory, connectivity to all data sources is checked. If any of the data sources is not reachable, the entire import fails. Ensure that all data sources are reachable during the import.

Adding a data source

To collect data from multiple BigFix infrastructures and report it to a single instance of BigFix Inventory, add multiple data sources to BigFix Inventory.

Procedure

  1. In the top navigation bar, click Management > Data Sources, and then click New.
  2. Provide a unique name for the data source.
  3. To automatically enable scans that collect data from the computers in your infrastructure, select Enable default scan schedule for this data source.

    If you enable the default scan schedule, actions that are needed to collect data from the computers in your infrastructure are automatically started on the BigFix server. This option is advised for environments with up to a few thousand computers. For larger environments, divide the computers into groups, and then manually set up scan schedule for each group to avoid performance issues. For more information about the default and manual scan schedule, see: Setting up scans to discover software and hardware inventory.

  4. Select the database type.
    • If you choose DB2, specify the host, port, database name, and credentials of the user that can access the BigFix server database.
      Important: Ensure that the DB2 user has the following permissions. These permissions apply only if the databases were installed with default settings, and all customizations and hardening configurations were consulted with BigFix support.
      • For the BigFix database (BFENT): DBAUTH
      • For the Web Reports database (BESREPOR): DATAACCESS
    • If you choose SQL Server, specify the host, database name, and credentials of the user that can access the BigFix server database.
      Important:
      • Ensure that the MS SQL Server user has the following permissions:
        • For the BigFix database (BFEnterprise): CREATE FUNCTION, CREATE SCHEMA, CREATE TABLE, CREATE VIEW, EXECUTE, SELECT
        • For the Web Reports database (BESReporting): SELECT
        These permissions apply only if the databases were installed with default settings and all customizations and hardening configurations were consulted with BigFix support.
      • Ensure that the MS SQL Server user has the appropriate role to create the BigFix Inventory database.
        • If you create a new database during initial configuration in BigFix Inventory, the user must have the sysadmin role in MS SQL Server.
        • If you manually create an MS SQL before the configuration, make sure that the database is empty and use the SQL_Latin1_General_CP1_CS_AS collation. You must have the db_owner role in MS SQL Server to perform this action. You must also allow snapshot isolation in the database. To allow snapshot isolation, use ALTER DATABASE DatabaseName and SET ALLOW_SNAPSHOT_ISOLATION ON queries.
        • If you are using MS SQL Server 2012 and you chose local system account as the service owner during the installation, provide the dbcreator or sysadmin role to the NT AUTHORITY\SYSTEM user in MS SQL server.
      • Ensure that the MS SQL Server user has the default language set to "English" (not a variety of English).
      • 10.0.5 Ensure that the MS SQL Server user is either a system admin or has the access of "SQLAgentUserRole" for msdb database to manage SQL Server agent jobs. Without access, the user cannot manage the BigFix Inventory index maintenace job. Instead to the index maintenance job being created/updated, warning appears in the tema.log log file.
      • Ensure that the user who are not the system admin, has required permissions and user mapping to access the BigFix Inventory database. The permissions are:
        • user role: public
        • permission: select
        • execute, mapping: BigFix Inventory database, Master, MSDB
  5. Provide credentials of the Console Operator that you created while installing BigFix (by default, IEMAdmin).
  6. Optional: If the BigFix and BigFix Inventory servers are in separated networks, the automatic address lookup might return incorrect address. To disable the lookup, select Disable automatic address lookup, and specify the address manually. Then, configure additional environment variables on the BigFix Inventory server. For more information, see Configuring servers in separate networks.
  7. Optional: You can additionally configure connection between your BigFix Inventory data source and the Web Reports database to allow the Web Reports users to access BigFix Inventory. Specify the database type, host name, database name, and credentials of the Web Reports database user. For more information, see: Integrating users with Web Reports.
  8. Click Create.

Editing a data source

If you move the BigFix database to a different computer, or change credentials of the Console Operator that is used for connecting with BigFix, edit the parameters to maintain data source connectivity.

Procedure

  1. In the top navigation bar, click Management > Data Sources.
  2. Click the data source that you want to edit, and change connection parameters.
    • To edit connection parameters to the BigFix database, edit fields in the first column.
    • To edit credentials of the Console Operator that is used for connecting with BigFix, edit fields in the second column.
    • To edit connection parameters to the Web Reports database, edit fields in the last column.
  3. During editing, passwords for the BigFix database, Console Operator, and the Web Reports database are cleared. Re-enter the passwords, and click Save.

Deleting a data source

If you no longer want to import data from a particular BigFix infrastructure to BigFix Inventory, remove this data source.

Procedure

  1. In the top navigation bar, click Management > Data Sources.
  2. Click the data source that you want to delete, and click Delete.
  3. Run the data import to refresh the reports.
    Data for computers that reported to this data source is deleted from BigFix Inventory.
    Note: It is mandatory to run the data import before you continue to use BigFix Inventory.

Lowering user permissions for BigFix Platform database accesss

The permission of database users may be lowered to allow them to access the BigFix Platform database. Users with lower permission than those with permission to configure BigFix Inventory Data Source can perform data imports. It might be required due to security policies for database accounts.

About this task

Once BigFix Inventory is installed or updated and the first data import is complete, MS SQL users with lower permissions can access BigFix Platform database. Before any BigFix Inventory update, the data source must be reconfigured to allow the database user, db_owner access to BigFix Platform database. If you do not reconfigure the data source, the next data import might fail. It is assumed that there is no configuration used to access the BigFix Web Reports database.

Following are the required minimal permission for a user on BigFix Platform database to run regular import:

DEFAULT_DATABASE=[BFEnterprise]
DEFAULT_LANGUAGE=[us_english]
Server Role: public

Permissions:
CONNECT TO ANY DATABASE
CONNECT SQL

BFEnterprise database permissions
Roles: public, db_datareader
Permissions:
EXECUTE

GRANT EXEC TO <user>