Client Updates from the Cloud

Receiving pattern updates from the "cloud" is not recommended as the default behavior. However, there are some cases, such as when an endpoint is not connected to the server or relay, you may want the endpoint to fail-over to updates from the cloud. The most typical use case is to support roaming clients, for example those being taken off-site for travel.

Note: Perhaps the best method for updating roaming endpoints is to place a relay in your DMZ. This way, endpoints are able to maintain continuous connectivity with the IBM BigFix architecture and can receive their updates through this relay just as they would if located inside the corporate network.

There are several reasons updating from the cloud is not recommended for daily use by all endpoints:

  • The Update from the cloud Task is not restricted only to roaming clients. You will need to target your endpoints carefully to avoid triggering a bandwidth spike.

  • Full pattern and engine file updates can be 15MB or more.

  • Updates from the cloud will always include all patterns (you cannot update selected patterns as you can from the server).

  • Updates from the cloud are typically slower than updates from the server.

Three additional points are relevant to cloud updates:

  • The endpoint will need an Internet connection. If the endpoint has a proxy configured for Internet Explorer, those settings will be automatically used.

  • As with any pattern update, following a pattern rollback, further updates will be prohibited until the rollback condition has been lifted by running the Core Protection Module - Clear Rollback Flag Task.

  • The CPM client will verify the authenticity of the pattern from the cloud.