Step 2 - Installing the Server

Before running the installation, to ensure you have all the prerequisites, see Server requirements.

Note: The installation program installs all prerequisites using Yum. For information about how to configure Yum and Yum repositories see Configuring Yum and Yum Repositories.

To install the BigFix Server in your production environment, perform the following steps:

From the shell where you extract the server package, move to the installation directory, ServerInstaller_9.2.6.xxx-rhe6.x86_64 and enter the following command:
```
./install.sh 
```

To install the Production, enter 2:

Select the type of installation
[1]  Evaluation: Request a free evaluation license from IBM Corp. 
This license allows you to install a fully functional copy of the 
IBM BigFix on up to 30 clients, for a period of 30 days.
[2]  Production: Install using a production license or an authorization 
for a production license.
Choose one of the options above or press <Enter> to accept the default value: [1]

Note: If you enter 1 to run the evaluation installation, consider that this type of installation does not support the enhanced security option. For more information about this feature see Security Configuration Scenarios.

After reading the License Agreement, enter 1 to accept it and continue.

Select 1 if you want to install all the components:

Select the IBM BigFix features that you want to install:
[1]  All components (server, client, and WebReports)
[2]  Server and client only
[3]  WebReports only
Choose one of the options above or press <Enter> to accept the default value: [1]

Enter 1 to create a Master database for later replication or single database if you need only one database in your deployment.
```
Select the database replication:
[1]  Single or master database
[2]  Replicated database
Choose one of the options above or press  <Enter>  to accept the default: [1]
```
If you enter 2, you create a replica of an existing master. For additional information, see Using multiple servers (DSA).
To use a local database, enter 1:
```
Select the database:
[1]  Use a local database
[2]  Use a remote database
Choose one of the options above or press  <Enter>  to accept the default: [1]
```
The local database name of BigFix server is BFENT. The local database name of Web Reports is BESREPOR.
Note: To use an external database for BigFix, you must perform the following steps:
1. Install the DB2® server on the remote workstation.
2. Install a DB2 client on the workstation from where you run the BigFix Server installation
3. Connect the DB2 server to the DB2 client installed on the workstation from where you run the installation, that is, the port of the DB2 database (default 50000) must be reachable by the workstation where the installation is running.
4. Provide the following information in the installation procedure:
  1. the remote DB2 node
  2. the DB2 port number
  3. the user name of the local DB2 instance owner

Enter the location where the downloaded files for the Clients are stored:

Choose the web server's root folder:
Specify the location for the web server's root folder or 
press  <Enter>  to accept the default: /var/opt/BESServer

Enter the location where the WebReports Server stores its files:

Choose the WebReports server's root folder:
Specify the location for the WebReports server's root folder or 
press  <Enter>  to accept the default: /var/opt/BESWebReportsServer

Enter the WebReports server's port number:
```
Choose the WebReports server's port number:
Specify the port number or press  <Enter>  to accept the default: 80
```
The default is 80.
Note: If you are installing BigFix Version 9.2.5, the default value is 8080. If you are upgrading to BigFix Version 9.2.5, the default value remains 80.
If you are installing BigFix V9.2.5, you can specify a name of the DB2 instance name used by BigFix different from the name of the DB2 user.
```
Specify the name of the DB2 instance that you want to use or 
press <Enter> to accept the default value: db2inst1 
```
Enter the user name for the local DB2 Administrative user. The default is db2inst1.
Enter the DB2 Local Administrative user password.
Enter the DB2 instance configuration.
Enter the user ID and the password to define the BigFix administrative user.
If the local firewall is running, the installation program asks to enter the Local firewall configuration.
To run the installation using a BES license authorization file, enter 1.
```
Choose the setup type that best suits your needs:
[1]  I want to install with a BES license authorization file
[2]  I want to install with a production license that I already have
[3]  I want to install with an existing masthead
```
Note: If you already ran a first installation, or part of it, you can specify option 2 or 3, with an existing production license (license.crt, license.pvk) or an existing masthead (masthead.afxm) and perform only some of the installation steps.
Specify if a proxy must be used to communicate over the internet to external content sites or to BigFix subnetworks.
If your environment needs to use a proxy, specify the proxy hostname or IP Address and, optionally, the port number.

The installation procedure shows you the default configuration settings:

Proxy user: none
Proxy password:none
Proxy tunneling capability: let proxy decide
Authentication method: all methods allowed by the proxy
Proxy exception list: localhost,127.0.0.1
Use the proxy for downstream notification: false

You can accept the default settings or, alternatively, you can assign different values. These are thee settings that you can specify:

####################
Server port number
Specify the server port or press <Enter> to accept the default: 52311

####################
Enable the use of FIPS 140-2 compliant cryptography
[1]  Use of FIPS enabled
[2]  Use of FIPS disabled
Choose one of the options above or press <Enter> to accept the default value: [2]

####################
Gathering interval
Specify the time interval that you want to use. The default value is suitable for most 
of the IBM BigFix deployments.
[1]  Fifteen minutes
[2]  Half an hour
[3]  One hour
[4]  Eight hours
[5]  Half day
[6]  One day
[7]  Two days
[8]  One week
[9]  Two weeks
[10]  One month
[11]  Two months
Choose one of the options above or press <Enter> to accept the default value: [6]

####################
Initial action lock
[1]  Locked
[2]  Lock duration
[3]  Unlocked
Choose one of the options above or press <Enter> to accept the default value: [3]

####################
Action lock controller
[1]  Console
[2]  Client
[3]  Nobody
Choose one of the options above or press <Enter> to accept the default value: [1]

####################
Enable lock exemptions
[1]  Lock exemption enabled (fairly unusual)
[2]  Lock exemption disabled
Choose one of the options above or press <Enter> to accept the default value: [2]

####################
Enable the use of Unicode filenames in archives
[1]  The use of Unicode filenames in archives is enabled.
[2]  The use of Unicode filenames in archives is disabled.
Choose one of the options above or press <Enter> to accept the default value: [1]

See Setting a proxy connection on the server for details about supported values and their usage.

Note: If you want to enable FIPS mode, ensure that the proxy configuration is set up to use an authentication method other than digest, negotiate or ntlm.

Note: If you specify to use the negotiate authentication method on a server or relay, a different authentication method might be used.

Note: The proxy configuration specified at installation time is saved in the server configuration file BESServer.config and it is used also at runtime.

Optionally you can test if the connection to the proxy can be successfully established. In particular you can select to:
```
[1]  Test the connection
[2]  Test the connection using FIPS
[3]  Do not test the connection
```

If selected option 1 in the step 15, specify where the generated license authorization file is located:

License Authorization Location
Enter the location of the license authorization file that you received 
from IBM or press <Enter> to accept the default: 
./license/LicenseAuthorization.BESLicenseAuthorization

Specify the DNS name or ip address of the machine on which to install the server. This name is saved in your license and will be used by clients to identify the BigFix server. It cannot be changed after a license is created.
Specify the related Site Admin Private Key Password.

Specify the size in bits of the key used to encrypt the credentials:

Key Size Level
Provide the key size that you want to use:
[1]  'Min' Level (2048 bits)
[2]  'Max' Level (4096 bits)
Choose one of the options above or press <Enter> to accept the default: [2]

Enter the License folder where the installation generates and saves license.crt, license.pvk and masthead.afxm.

Choose License Folder:
Specify a folder for your private key (license.pvk), license certificate 
(license.crt), and site masthead (masthead.afxm) or press  <Enter>  to accept 
the default: ./license

After you specify where to save the files to be generated, you can submit the request to IBM for getting the license certificate by choosing one of the following options depending on if your machine is connected to Internet:

[1]  Submit request from this machine over the Internet. The request will be 
     redeemed for a license certificate (license.crt) and saved in 
     your credential folder.
[2]  Save request to a file and send it to IBM at the URL: 
     'http://support.bigfix.com/bes/forms/BESLicenseRequestHandler.html'. 
     This method might be necessary if your deployment is isolated 
     from the public Internet.

If you choose 1, you can continue with the next installation step.

If you choose 2, the request.BESLicenseRequest request is generated. You can continue the installation by importing the certificate specifying the location of the license certificate (such as: ./license/license.crt) or exit from the installation and rerun it at a later time as described in the installation procedure:

Info: The following License Request file was successfully generated: 
./license/request.BESLicenseRequest
####################
Import License Certificate
[1]  Continue with the installation importing the certificate (license.crt).
[2]  Exit from the installation, I will import the certificate at a later time.

If you exit the installation, you can rerun ./install.sh later and repeat all the steps specifying that you want to use the generated license with option 2:

Choose the setup type that best suits your needs:
[1]  I want to install with a BES license authorization file
[2]  I want to install with a Production license that I already have
[3]  I want to install with an existing masthead

To import the files, you need to specify the license certificate file (./license/license.crt) and the Site Admin Private Key (./license/license.pvk) to administer the database:

License Certificate Location
Enter the location of the license certificate file or
press <Enter> to accept the default: ./license/license.crt

Site Admin Private Key: 
Specify the site Level Signing Key file (license.pvk) for the database you want 
to administer or press  <Enter>  to accept the default: ./license/license.pvk

Accept the default masthead values:
```
        Server port number: 52311
        Use of FIPS 140-2 compliant cryptography: Disabled
        Gather interval: One Day
        Initial action lock: Unlocked
        Action lock controller: Console
        Action lock exemptions: Disabled
        Unicode filenames in archives: Enabled
```
or change them by entering 2:
```
[1]  Use default values
[2]  Use custom values
```
You can change the following masthead parameters:
Server port number

Specify the number of the server port. The default value is: 52311.
Note: Do not use port number 52314 for the network communication between the BigFix components because it is reserved for proxy agents.

Enable use of FIPS 140-2 compliant cryptography

Use this setting to specify whether or not to be compliant with the Federal Information Processing Standard in your network. Enter 1 to enable it, 2 to disable it. The default value is 2.
Note: Enabling FIPS mode prevents the use of some authentication methods when connecting to a proxy. If you selected to use a proxy to access the Internet or to communicate with subcomponents, ensure that you selected an authentication method other than digest, negotiate or ntlm.

Gathering interval
This option determines how long the clients wait without hearing from the server before they check whether new content is available. Specify the interval time to use by entering one of the following values:
```
[1]  Fifteen minutes 
[2]  Half an hour 
[3]  One hour 
[4]  Eight hours 
[5]  Half day 
[6]  One day 
[7]  Two days 
[8]  One week 
[9]  Two weeks 
[10] One month 
[11] Two months 
```
The default value is: 6 (one day).
Initial action lock
You can specify the initial lock state of all clients, if you want to lock a client automatically after installation. Locked clients report which Fixlet messages are relevant for them, but do not apply any actions. The default is to leave them unlocked and to lock specific clients later on. You can select one of the following values:
```
[1]  Locked 
[2]  Lock duration 
[3]  Unlocked 
```
The default value is: 3 (unlocked).
Action lock controller
This parameter determines who can change the action lock state. You can select one of the following values:
```
[1]  Client 
[2]  Console 
[3]  Nobody 
```
Enable lock exemptions
In rare cases, you might need to exempt a specific URL from any locking actions. This setting allows you to disable or disable this function. You can select one of the following values:
```
[1]  Lock exemption enabled (fairly unusual)
[2]  Lock exemption disabled
```
The default value is 2 (disable lock exemption).
Enable the use of Unicode filenames in archives
This setting specifies the codepage used to write filenames in the BigFix archives. You can select one of the following values:
```
[1]  The use of Unicode filenames in archives is enabled.
[2]  The use of Unicode filenames in archives is disabled.
```
If you selected 1 in the previous step, you have now created the license files (license.pvk and license.crt files). After this step, the masthead.afxm file is created with the specified parameters.

Enter the port number for the DB2 connection to create the DB2 instance:

####################
DB2 Connection:
Specify the DB2 Port Number or press <Enter>  to accept the default: 50000

The installation program checks if a DB2 instance is already installed. If it is already installed, skip to step 5.

If the database is not detected, enter 1 to specify the DB2 download package and install it:

####################
DB2 Installation check
The installer does not detect DB2 as installed on the system. Determine which
of the options corresponds to your installation:
[1]  DB2 is not installed, install it
[2]  DB2 is installed, use the installed instance
[3]  Exit from the installation
Choose one of the options above or press  <Enter> to accept the default: [1]

If the user chooses the option1 then the user will be prompted with the
following question with details of the settings that will be used.

Enter 1 to accept the DB2 default settings:

####################
DB2 Installation
DB2 will be installed using the following settings:
        DB2 Instance owner: db2inst1
        DB2 Fenced user: db2fenc1
        DB2 Administration Server user: dasusr1
        DB2 communication port: 50000
        DB2 Installation directory: /opt/ibm/db2/V10.5
If you need to use settings different from those proposed above, you can
specify them in the installation response file. Refer to the product
documentation for further details.
[1]  Proceed installing also DB2
[2]  Exit from the installation
Choose one of the options above or press  <Enter> to accept the default: [1]

The BigFix Server installation is now complete. You can now install the BigFix Console on a Windows™ System and log on with the account you created during the installation of the server.

You can see installation errors in the BESinstall.log and the BESAdmin command line traces in the BESAdminDebugOut.txt files under the /var/log directory.