Message Level Encryption and DSA

If Message Level Encryption is enabled and clients are set using Task: BES Client Setting: Encrypted Reports, move the BigFix server encryption key to the secondary BigFix DSA server.

This enables the BigFix DSA server to process reports from encrypted BigFix clients during normal operations or in the event of an outage on the primary BigFix server.

Copy the encryption key (.pvk) from the BigFix server directory:
  • Windows server: %PROGRAM FILES%\BigFix Enterprise\BES Server\Encryption Keys\
  • Linux server: /var/opt/BESServer/Encryption Keys
to the DSA secondary server.