Server Backup

Using SQL Server Enterprise Manager, establish a maintenance plan for nightly backups for the BFEnterprise and BESReporting databases. Multiple backup copies allow for greater recovery flexibility.

  1. Consider backing up to a remote system to allow for higher fault tolerance.
  2. Back up the following files and folders used by the BigFix Server:
    • [BigFix Server folder]\sitearchive -- If the version of the BigFix Server is earlier than V8.0.
    • [BigFix Server folder]\BESReportsData\
    • [BigFix Server folder]\BESReportsServer\wwwroot\ReportFiles -- Support files for custom Web Reports.
    • [BigFix Server folder]\ClientRegisterData -- If the version of the BigFix Server is earlier than V9.0.
    • [BigFix Server folder]\Encryption Keys -- Private encryption keys (if using Message Level Encryption).
    • [BigFix Server folder]\Mirror Server\Inbox\ -- Information necessary for BigFix Agents to get actions and Fixlets.
    • [BigFix Server folder]\Mirror Server\Config\DownloadWhitelist.txt. Information necessary for BigFix -- White List for Dynamic Download.
    • [BigFix Server folder]\UploadManagerData.
    • [BigFix Server folder]\wwwrootbes -- Various information necessary about actions, Fixlets, uploads and downloads .
    where [BigFix Server folder] is the BigFix Server installation path, by default C:\Program Files (x86)\BigFix Enterprise\BES Server.
  3. Securely back up site credentials, license certificates, and publisher credentials, and the masthead file.

    The license.pvk and license.crt files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered.

    The masthead file is an important file that must be used for recovery. It contains the information about the BigFix server configuration. This file can be exported via the Masthead Management tab of the Administration tool.
  4. Decrypt and save the encrypted configuration keys. The encrypted keys are located, by default, in the [BigFix Server folder] folder. Depending on the version of the BigFix Server, the keys to back up are:
    • The EncryptedServerSigningKey and EncryptedClientCAKey keys, if the version of the BigFix Server is 8.2 or later and earlier than 9.5 Patch 3.
    • The EncryptedServerSigningKey, EncryptedClientCAKey, EncryptedAPIServerKey, EncryptedPlatKey, and EncryptedWebUICAKey if the version of the BigFix Server is 9.5 Patch 3 or later.

    Use the ServerKeyTool.exe tool and run the steps documented in this page to decrypt the keys.

    All the existing encrypted keys stored in the input folder are backed up at once, and the files containing the decrypted keys are stored in the specified destination folder with the filename prefix Decrypted*.

  5. If leveraging DSA, use SQL Server Management Studio to connect to the BFEnterprise database and examine the DBINFO and REPLICATION_SERVERS tables:

    Record all column values for verification purposes.

    If DNS aliases are being leveraged for the servers, this should not change. If is using hostnames, and the hostnames are changing, these column values may need manual modification after the restore.