Server Backup

Using SQL Server Enterprise Manager, establish a maintenance plan for nightly backups for the BFEnterprise and BESReporting databases. Multiple backup copies allow for greater recovery flexibility.

  1. Consider backing up to a remote system to allow for higher fault tolerance.
  2. Back up the following files and folders used by the BigFix Server:
    • [BigFix Server folder]\BESReportsData\
    • [BigFix Server folder]\BESReportsServer\wwwroot\ReportFiles -- Support files for custom Web Reports.
    • [BigFix Server folder]\Encryption Keys -- Private encryption keys (if using Message Level Encryption).
    • [BigFix Server folder]\Mirror Server\Inbox\ -- Information necessary for BigFix Agents to get actions and Fixlets.
    • [BigFix Server folder]\Mirror Server\Config\DownloadWhitelist.txt. Information necessary for BigFix -- White List for Dynamic Download.
    • [BigFix Server folder]\UploadManagerData.
    • [BigFix Server folder]\wwwrootbes -- Various information necessary about actions, Fixlets, uploads and downloads .
    where [BigFix Server folder] is the BigFix Server installation path, by default C:\Program Files (x86)\BigFix Enterprise\BES Server.
  3. Securely back up site credentials, license certificates, and publisher credentials, and the masthead file.

    The license.pvk and license.crt files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered.

    The masthead file is an important file that must be used for recovery. It contains the information about the BigFix server configuration. This file can be exported via the Masthead Management tab of the Administration tool.
  4. Decrypt and save the encrypted configuration keys. The encrypted keys are located, by default, in the [BigFix Server folder] folder. Depending on the version of the BigFix Server, the keys to back up are:
    • The EncryptedServerSigningKey and EncryptedClientCAKey keys, if the version of the BigFix Server is 8.2 or later and earlier than 9.5 Patch 3.
    • The EncryptedServerSigningKey, EncryptedClientCAKey, EncryptedAPIServerKey, EncryptedPlatKey, and EncryptedWebUICAKey if the version of the BigFix Server is 9.5 Patch 3 or later.

    Use the ServerKeyTool.exe tool and run the steps documented in this page to decrypt the keys.

    All the existing encrypted keys stored in the input folder are backed up at once, and the files containing the decrypted keys are stored in the specified destination folder with the filename prefix Decrypted*.

  5. Use SQL Server Management Studio to connect to the BFEnterprise database and examine the DBINFO and REPLICATION_SERVERS tables:

    Record all column values for verification purposes.

    If DNS aliases are being leveraged for the servers, this should not change. If is using hostnames, and the hostnames are changing, these column values may need manual modification after the restore; if you want to update the CN on the BigFix internal certificates, see How to change the Common Name (CN) on BigFix internal certificates.

Note: Any configuration involving registry keys is neither saved nor restored. To recover these values, you must restore them after the recovery procedure successfully completes by running the appropriate configuration processes. For example, email server settings must be set up again on recovered Web Reports. Furthermore, clients are registered as new computers.