Installation Procedure

Use this procedure to install the WebUI on BigFix Platform version 10 or later.

The WebUI Installation Fixlets default to SQL Server on Windows systems and DB2 on Red Hat Enterprise Linux systems.
Note: This task only installs the WebUI service, which will then automatically install and configure the rest of the WebUI. After this task is completed, you need to wait for the WebUI service to complete several post-installation operations before you can actually use the WebUI.

Before you start:

  • Review the WebUI deployment and hardware requirements, and verify that your environment is ready. For example, if the database account permissions are not correct, the WebUI will not start correctly.
  • Complete the BigFix Platform installation to V10. For more information, see the BigFix Installation Guide.
  1. On the BES Support site, locate the Install BigFix WebUI Service Fixlet that is relevant for your root server version. For example, if you are running Platform Version 10, use the Fixlet Install BigFix WebUI Service (Version 10).
  2. Have the host name or IP address of server where the WebUI will be installed ready.
    • The default installation directories for the WebUI are:
      • On Windows systems:
        C:\Program Files (x86)\BigFix Enterprise\BES WebUI
      • On RHEL systems:
        /var/opt/BESWebUI and /opt/BESWebUI
  3. If you are not using the defaults, have the WebUI target drive and directory ready.
    • On Windows systems, the specified targets are created automatically.
    • On Red Hat Linux systems:
      1. Create the target directory.
      2. Symlink the default directory to the target directory.
  4. The WebUI needs to connect directly to the BigFix Server database. If your BigFix Server uses a remote database, the WebUI will connect to that database as well. Routine database credential changes can cause the WebUI initialization to fail, so the account used to access the WebUI database should be used exclusively for that purpose.
    Note: If you change the account password after installing the WebUI, run the Deploy/Update WebUI Database Configuration Fixlet. The same Fixlet can also be used to repair a credential-based initialization failure.
  5. If you are using SQL Server:
    • Select the appropriate value in the Specify Database Authentication Type field.
    • If you selected Windows authentication, in the Specify Database Username field, enter your username in the format DOMAIN\username, where DOMAIN must be a NetBIOS domain name.
    • If you selected SQL Server authentication, with an SQL credential, in the Specify Database Username field, enter your plain SQL Server username, the default is sa.
    • In the Specify BigFix Server Database Host, enter the host name or the IP of the computer that hosts the database of your BigFix Server. The host name must be DNS-resolvable.
    • You can use either the Specify SQL Server Named Instance field or the Specify Database Port field. Select one to edit it. To use the default database instance, enter its port, which by default is 1433. To use a named database instance, enter its name (e.g. SQLEXPRESS).
    • If you selected to connect to a named database instance, enter the instance name in the Specify SQL Server Named Instance field.
  6. If you are using IBM DB2:
    • In the target database computer, ensure that the DB2 configuration parameter extended_row_sz is set to ENABLED. Starting from DB2 10.5, this parameter is ENABLED by default. However, it could be set to DISABLED if DB2 has been upgraded from version 10.1 or earlier. This parameter can be manually changed. Ensure it is set to ENABLED for all Linux Server installations, otherwise the WebUI cannot start successfully.
    • In the Fixlet, specify the DB2 database username and password.
    • In the Specify BigFix Server Database Host, enter the host name or the IP of the computer that hosts the database of your BigFix Server. The host name must be DNS-resolvable.
    • Enter the DB2 database port in the Specify Database Port field.
  7. Ensure that the following ports will be available and allowed:
    • The default HTTP redirect port is 80.
    • The default HTTPS port is 443.
    • If you use SAML 2.0, the port 5000 of the WebUI server must be reachable by the Web Reports server and the BigFix main server. For more details, see How to configure BigFix to integrate with SAML 2.0.
    • For its internal scope, WebUI uses also the port 5001. Ensure that it is available on the WebUI server.
    Note: If the WebUI is installed on another machine, ensure that the WebUI port on the BigFix main server is allowed as well. The WebUI port value is calculated as follows: Server port number increased by 4. The Server port number can be configured by the BigFix Administrator during the installation and, as default, its value is 52311: the default value for the WebUI port is equal to 52315. For more information about the Server port number, see Step 2 - Requesting a license certificate and creating the masthead and Customizing the masthead parameters (root server installation on Windows and on Linux, respectively).
  8. If you are installing the WebUI on a remote server and configuring WebUI to work with SAML, set the _WebUI_AppServer_Hostname key of the BigFix server computer to the host name of the computer where the WebUI is installed.
  9. Deploy the Fixlet.

Image of the WebUI Installation Fixlet for V10

Image of the WebUI Installation Fixlet for V10

Post installation notes:

  • If the Fixlet fails, revoke the certificates that it generates and sends to the target machine.
  • If you have encryption enabled for your MSSQL server, you will need to apply the client setting _WebUIAppEnv_MSSQL_CXN_ENCRYPT = 1 on the remote WebUI server.
  • If WebUI is installed on a Linux machine, to display all localized messages correctly, on the machine where WebUI is installed, create the client setting _WebUIAppEnv_LANG and set the preferred language; for example, ja_JP.UTF-8 for Japanese.
  • If the Fixlet is successful, the WebUI port on the root server is used to allow the communication between the root server and the WebUI. All network firewalls between the two machines must also allow using the WebUI port.
  • Start, stop, and restart the WebUI process on a remote machine using services.msc on Windows, or through the terminal in Red Hat Linux. If stopped, the Fixlet 2562 - BES WebUI Service not Started can also be used to start the WebUI.