Extraction usage

The "Extraction usage" mode of the Airgap tool.

Important: If you have a BigFix fresh installation, to make the WebUI sites available, you must complete the following steps:
  1. Install the WebUI and run the Airgap tool.
  2. Wait a few minutes for the WebUI initialization to complete.
  3. Rerun the Airgap tool.

To make Fixlet content and product license updates available in the isolated network, the utility must be transferred from a computer with internet connectivity using the following steps:

On Windows operating systems

  1. Run on the BigFix server

    From the BigFix server installation directory, double-click BESAirgapTool.exe or run it from the command line without any parameters, a Graphical User Interface opens.

    Provide a destination folder for the Airgap tool to store its site request and all the files it requires to run. After the Airgap tool finishes copying the files, copy the entire folder to a portable drive.

  2. Move the Airgap request and run on the internet facing computer

    Bring the portable drive to a computer with Internet connectivity. You must have the rights to write in the folder where the BESAirgapTool.exe is located. Enter the folder and run the Airgap tool by double-clicking BESAirgapTool.exe or invoking it from the command line.

    Optionally, you can also specify the following command line parameters:
    -usehttps
    All urls beginning with "http" are forced to use "https" to gather license information and site contents. Note that some urls in Fixlets begin with "https" and some patch sites might redirect requests to urls beginning with "https".
    -proxy [user:password@]hostname:port
    This option is available only starting from BigFix Version 9.5.5. Used when the workstation that has access to the public Internet can connect only through a proxy server. In this case, after the -proxy option, specify the host name and the port of the proxy server in the format hostname:port. If the proxy is an authenticating proxy, add also the user ID and the password in the format userid:password@hostname:port. In extraction usage, when a proxy server is configured in the client registry settings or in the Internet Explorer settings for the current user and the -proxy option is not specified, the proxy settings are used as in earlier versions of the Airgap tool. When you use the -proxy option, the specified values are used regardless of other settings.
    -cacert <full_path_to_ca-bundle.crt_file>
    To specify a path in which to store the file ca-bundle.crt, if you want to use a different folder from that where the Airgap tool runs. The file ca-bundle.crt is used to validate the server certificate when you use the -usehttps option, or when the URL in the Fixlet begins with "https". The option -cacert can only be used together with the -usehttps option.

    A Graphical User Interface opens. The Airgap tool will download all files required by the Airgap request in the same folder as BESAirgapTool.exe. This exchanges the Airgap request file for an Airgap response file. Copy the Airgap response file to a portable drive.

  3. Move the Airgap response to the BigFix server and run the Airgap tool on the BigFix server
    Take the portable drive back to the BigFix server computer and run the BESAirgapTool.exe again by double-clicking BESAirgapTool.exe or invoking it from the command line without any parameters. Ensure that you are running it logged on as a user that:
    • Has Administrator privileges.
    • Has the database permissions necessary to add content to the BFEnterprise database.

    A Graphical User Interface opens.

    This imports the Airgap response file with the Fixlet content and license updates into your deployment.

    The Airgap tool creates temporary files in the folder specified by the TEMP environment variable. If you want to use a different folder for temporary files, set the TEMP environment variable to that folder before you run the BESAirgapTool.exe.

    To update the Fixlet content on the main BigFix server, repeat these steps periodically. You can join the new Fixlet mailing list to receive notifications when Fixlets are updated.

    Ensure that the Airgap tool version is compatible with the installed BigFix server version.

On Linux operating systems

  1. Run on the BigFix server
    Ensure that on the Linux computer, the Airgap tool is located in the same path where you installed the BigFix server. The default path is /opt/BESServer/bin. Open the Linux Terminal, and enter the following commands to create a tar file named airgap.tar, containing the AirgapRequest.xml file based on the BigFix database information:
    # cd /opt/BESServer/bin 
    # ./Airgap.sh -remotedir directory
    Where:
    -remotedir directory
    Runs Airgap to generate the request file in the specified folder.
  2. Move the Airgap request and run on the internet facing computer
    Copy the airgap.tar file to a portable drive, and extract the airgap.tar file content by issuing the following command:
    # tar -xf airgap.tar
    Ensure that your system has an environment variable named LD_LIBRARY_PATH set to the path of the folder containing the DB2 library libdb2.so.1. Ensure that the Airgap.sh and AirgapRequest.xml files are in the same folder and that you have writing rights to that folder. Run the Airgap.sh command.
    Optionally, you can also specify the following command line parameters:
    -usehttps
    All urls beginning with "http" are forced to use "https" to gather license information and site contents. Note that some urls in Fixlets begin with "https" and some patch sites might redirect requests to urls beginning with "https".
    -proxy [user:password@]hostname:port
    Used when the workstation that has access to the public Internet can connect only through a proxy server. In this case, after the -proxy option, specify the host name and the port of the proxy server in the format hostname:port. If the proxy is an authenticating proxy, add also the user ID and the password in the format userid:password@hostname:port.
    -cacert <full_path_to_ca-bundle.crt_file>
    To specify a path in which to store the file ca-bundle.crt, if you want to use a different folder from that where the Airgap tool runs. The file ca-bundle.crt is used to validate the server certificate when you use the -usehttps option, or when the URL in the Fixlet begins with "https". The option -cacert can only be used together with the -usehttps option.

    This exchanges the Airgap request file for an Airgap response file. Copy the Airgap response file to a portable drive.

    If you receive the following error message when running the Airgap tool:
    ./Airgap: error while loading shared libraries: libdb2.so.1: 
    cannot open shared object file: No such file or directory
    Create and export the LD_LIBRARY_PATH variable by running the command:
    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/your/path/"
    Where:
    /your/path
    Is the path of the folder containing the DB2 library libdb2.so.1
  3. Move the Airgap response to the BigFix server and run the Airgap tool on the BigFix server
    Connect the portable drive back to the BigFix server computer and run the Airgap.sh command. This imports the response file with Fixlet content and license updates into your deployment.
    # cd airgap 
    # ./Airgap.sh -run
    Optionally, you can also specify the following option:
    -temp directory
    The Airgap tool creates temporary files under the /tmp directory, but in the event you do not have enough space left in it, you can use this option to specify a different folder where you have enough space.

    Note that the Airgap.sh and AirgapRequest.xml files must be in the same folder.

    To update the Fixlet content on the main BigFix server, repeat these steps periodically. You can join the new Fixlet mailing list to receive notifications when Fixlets are updated.

    Ensure that the Airgap tool version is compatible with the installed BigFix version.