Home
Remote Control V9.1.4
BigFix® Remote Control V9.1.4 Administrators Guide
This guide is for users who want to administer BigFix® Remote Control.
Certificate management
When using BigFix® Remote Control to facilitate remote control sessions across the internet, you can use certificates to address the authentication and verification required for ensuring secure connections between brokers and endpoints.
Self signed certificates with strict verification
Strict verification can be used with self-signed certificates in BigFix® Remote Controll. To do this you should add each broker's certificate to the server trust store.

Remote Control V9.1.4
- Release Notes V9.1.4 Fixpack 1
- BigFix® Remote Control V9.1.4 Installation Guide
  By using BigFix® Remote Control you can remotely support and control thousands of PCs and servers, on an enterprise scale, from a central location or directly, in peer to peer mode.
- BigFix® Remote Control V9.1.4 Administrators Guide
  This guide is for users who want to administer BigFix® Remote Control.
  - Set a secure environment
    Set a secure environment when you are using BigFix® Remote Control
  - Secure target registration
    To prevent unauthorized targets from registering with the BigFix® Remote Control server, you can use tokens to authenticate the target.
  - Configure SAML 2.0 authentication on the server
    BigFix® Remote Control V9.1.3 introduced support for SAML 2.0 authentication on the BigFix Remote Control server.
  - Access the server web interface.
  - Unlocking user accounts
    When a user account is locked, you can unlock the account by using the Unlock locked userid feature.
  - Manage targets and target groups
  - Manage users and user groups
  - Server session policies
  - How session policies are determined
  - Starting a managed session by using an installed controller
    When you start a managed session, you can configure the server to use an installed controller rather than using the Java™ Web Start method. This feature makes starting a session faster and it removes any warning message windows that are displayed while the session is starting.
  - Manage permission sets for temporary access to targets
  - Requests for temporary access to targets
  - Generate custom reports
  - Manage the home page for a user or group
  - Adding tables and columns to queries
  - Configuration and troubleshooting options in the Admin menu
  - Ensure targets are registered correctly
  - Record the session on the target
  - Set up for exporting recordings
  - Audit log distribution
  - Access targets on different networks
  - Editing the properties files
    You can use the properties files in BigFix® Remote Control to customize your environment, configure LDAP, set debug options, and set controller and on-demand target properties. The files can be edited in the BigFix Remote Control Server UI.
  - Reduce the volume of target connections to the server
  - Broker configuration
    When you install broker support you can use the installed trc_broker.properties file to configure your environment for using the broker function.
  - Managing brokers
    After installing broker support you can register the broker machines in the BigFix® Remote Control server. When they have been registered you can view the list of brokers, edit the broker details and delete brokers that are no longer required.
  - Certificate management
    When using BigFix® Remote Control to facilitate remote control sessions across the internet, you can use certificates to address the authentication and verification required for ensuring secure connections between brokers and endpoints.
    - Creating a self signed certificate
      To generate the certificate for a broker you can use the IBM Key Management tool. This tool is provided with the BigFix® Remote Control application and with IBM WebSphere Application Server.
    - Configuring the keystore on the broker
      After you have created the keystore which holds the private key and certificate for the broker, it should be copied to the broker machine and the broker properties configured accordingly.
    - Self signed certificates with strict verification
      Strict verification can be used with self-signed certificates in BigFix® Remote Controll. To do this you should add each broker's certificate to the server trust store.
      - Extracting the certificate from the keystore
        When using strict certificate verification, the certificate needs to be extracted from the keystore before being uploaded to the BigFix® Remote Control server.
    - Certificate Authority signed certificates
      You can use Certificate Authority (CA) signed certificates to address the authentication and verification required for ensuring secure connections between brokers and endpoints.
    - Truststore configuration
      The BigFix® Remote Control server holds the truststore that is used for verifying the broker certificates.
  - Migrating to a new certificate
    If your existing certificates are due to expire, you can create new certificates. Distribute the new certificates to the relevant endpoints so that they can continue to successfully establish remote control sessions through the broker.
  - Configuring the session connection code
    You can define the number of characters required and the timeout value, for the connection code used when starting a remote control session through a broker.
  - Target registration before a remote control session
    When you have targets that are on the internet or third-party networks and cannot register directly with the BigFix® Remote Control server you can configure server properties to allow the target to register with the server. When the target registers, you can start a remote control session with the target, by using a broker.
  - Configure target properties
  - Importing data from other sources
  - Database table and column descriptions
  - Troubleshooting and Help
  - Gateway sample scenarios
  - Properties for configuring logging activity
    Use properties to determine what type of information and how much is written to the broker, gateway, and target component log files.
- BigFix® Remote Control V9.1.4 Console Users Guide
- BigFix® Remote Control V9.1.4 Controller Users Guide
- BigFix® Remote Control V9.1.4 Target Users Guide
- BigFix® Remote Control V9.1.4 On-demand Target Guide
  Use BigFix® Remote Control to start remote control sessions over the internet with targets that do not have the target software installed.
- Remote Control V9.1.4 Readme file

Using strict verification with self signed certificates

Strict verification can be used with self-signed certificates in BigFix® Remote Controll. To do this you should add each broker's certificate to the server trust store.

The BigFix® Remote Control controller and target, instructed by the remote control server, uses strict certificate validation by default and requires a trust store. Normally, a trust store contains the Certificate Authority's root certificates but when using self-signed certificates, there is no CA.

When using strict certificate verification, the certificate needs to be exported from the keystore and uploaded to the BigFix® Remote Control. The target downloads and caches the trust store when registering, during the call home process with the server or during a remote control session. The controller downloads the trust store at the start of the remote control session.

The use of strict certificate validation is determined by the broker.trusted.certs.required property in the trc.properties file on the remote control server.

Set to Yes: Strict certificate validation is enabled. This is the default value.
Set to No: Strict certificate validation is disabled.
Note: Disabling strict verification is not recommended. When strict verification is disabled, the BigFix® Remote Control controller and target will trust all valid certificates, whether they were generated by you or by a potentially malicious third party.