Client Updates from the Cloud

Receiving pattern updates from the cloud is not recommended as the default behavior. However, there are some cases, such as when an endpoint is not connected to the IBM BigFix Server or Relay, when you might want the endpoint to fail over to updates from the cloud. The most typical use case is to support roaming clients, for example those clients being taken offsite for travel.

Note: Perhaps the best method for updating roaming endpoints is to place a BigFix Relay in your DMZ. This way endpoints can maintain continuous connectivity with the BigFix architecture and receive updates through the Relay, as they would if located inside the corporate network.
There are several reasons why updating from the cloud is not recommended for daily use by all endpoints:
  • The Update from the cloud Task is not restricted to roaming clients. Target your endpoints carefully to avoid triggering a bandwidth spike.
  • Full pattern and engine file updates can be 15 MB or more.
  • Updates from the cloud always include all patterns (you cannot update selected patterns as you can from the BigFix Server).
  • Updates from the cloud are typically slower than updates from the BigFix Server.
Three more points are relevant to cloud updates:
  • The endpoint requires an Internet connection. If the endpoint has a proxy configured for Internet Explorer, those settings are automatically used.
  • As with any pattern update, following a pattern rollback, further updates are prohibited until the rollback condition has been lifted by running the Task: Core Protection Module - Clear Rollback Flag.
  • The CPM for Mac client verifies the authenticity of the pattern from the cloud.

Configure Clients to Update from the Cloud

  1. From the BigFix Console, click Endpoint Protection on the lower-left pane.
  2. From the upper-left navigation pane, go to Core Protection Module > Updates > Other Update Tasks.
  3. From the list in the right pane, click Core Protection Module - Update From Cloud. A screen that displays the Task Description tab opens.
  4. Below Actions, click the hyperlink to open the Take Action window.
  5. In the Target tab, choose All computers with the property values selected in the tree list below and then select the property that you want to apply (for example, one that distinguishes between corporate and non-corporate Internet connections).
    Execution
    Schedule the time and duration of the cloud updates, as well as the retry behavior. This setting can be useful for cloud updates.
    Users
    Select the computers that you want to convert to cloud-updates by User. This option works in combination with Target, linked by the AND operand (both conditions must be present for the install to occur).

  6. Click OK when finished.
  7. At the prompt, type your private key password and click OK.
  8. In the Action | Summary window that opens, monitor the "Status" and "Count" of the Action to confirm that it is "Running" and then "Completed."