Home
Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
Installing on Linux systems
After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.

Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
- Introduction
  BigFix aims to solve the increasingly complex problem of keeping your critical systems updated, compatible, and free of security issues. It uses patented Fixlet technology to identify vulnerable computers in your enterprise. With just a few mouse-clicks you can remediate them across your entire network from a central console.
- BigFix Platform Unicode Support Overview
  BigFix Platform V9.5 gathers data from BigFix clients deployed with different code pages and languages, encode the data into UTF-8 format, and report it back to the BigFix server.
- Sample deployment scenarios
  The following deployment scenarios illustrate some basic configurations taken from actual case studies. Your organization might look similar to one of the examples below, depending on the size of your network, the various bandwidth restrictions between clusters and the number of relays and servers. The main constraint is not CPU power, but bandwidth.
- Assumptions and requirements
  BigFix runs efficiently using minimal server, network, and client resources.
- Types of installation
  Before you install the product, decide if you want to do an evaluation or production installation.
- Managing licenses
  You must obtain a license key before you can install and use BigFix.
- Before installing
  Before running the installation make sure that you read the following topics and run the requested activities if needed.
- Installing on Windows systems
  Now that you understand the terms and the administrative roles, you are ready to get authorized and install the programs.
- Installing on Linux systems
  After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
  - Installing and configuring DB2
    Depending on which version of DB2 you want to install, you install DB2 either before installing the BigFix server or at the same time:
  - Installation Steps
    To install the BigFix Server perform the following steps:
  - Installation Command Options
    You can run the Production or Evaluation installation in interactive or silent mode.
  - Silent installation
    To run a silent installation enter the following command:
  - Installation Folder Structure
    After the BigFix installation, you can see the following folder structure:
  - Configuration, Masthead, and Log Files
    At the end of the installation you can find the following BigFix files containing the settings of the installed components and the installation messages:
  - Managing the BigFix Services
    You can start, stop, restart, or query the status of Linux BigFix services using the following commands:
  - Changing the database password
    After you install the database of the BigFix server, you can change its password by running the following command:
  - Changing the DB2 port
  - Authenticating Additional Servers (DSA)
    Multiple servers can provide a higher level of service for your BigFix installation.
  - Installing Additional Linux Servers (DSA)
    For each additional server that you want to add to your deployment, ensure that they are communicating with each other, and then follow these steps:
  - Understanding the server components
    The BigFix server is now successfully installed and responds to messages and requests from the relay, client, and console computers using a variety of components.
  - Installing the Console
    You can install the BigFix console on any Windows computer that can make a network connection via HTTPS port 52311 to the Server.
  - Installing the clients
    Install the BigFix client on every computer in your network that you want to administer, including the computer that is running the console.
  - Running the Administration Tool
    The installation script install.sh automatically downloads the BigFix Administration Tool bash shell script, BESAdmin.sh, in the /opt/BESServer/bin directory.
  - Working with TLS cipher lists
    All network communications between the BigFix components and the internet are encrypted by using the TLS protocol standard. Starting from Version 9.5.11, master operators can control which TLS ciphers should be used for encryption. A master operator can set a deployment-wide TLS cipher list in the masthead by using BESAdmin.
  - Removing the Product Components on Linux systems
    You can have one or more BigFix components installed on a local system and you can decide to remove one or all of them at the same time.
  - Uninstalling a Linux replication server
    To uninstall a replication server, call the database-stored procedure delete_replication_server, which removes the specified ID from the replication set.
- Post-installation configuration steps
  After having run the installation, make sure that you read the following topics and run the requested activities if needed.
- Managing relays
  Relays can significantly improve the performance of your installation.
- Introduction to Tiny Core Linux - BigFix Virtual Relay
  Follow the step-by-step sequence of operations needed to build the virtual machine, from the downloading of the ISO image to the complete setup and configuration of the BigFix Virtual Relay.
- Setting up a proxy connection
  If your enterprise uses a proxy to access the Internet, your BigFix environment can use that communication path to gather content from sites.
- Running backup and restore
  You can schedule periodic backups (typically nightly) of the BigFix server and database files, to reduce the risk of losing productivity or data when a problem occurs by restoring the latest backup.
- Upgrading on Windows systems
- Upgrading on Linux systems
- Known limitations and workarounds
  This section describes the known limitations and possible workarounds.
- Logging
  This section describes the log files associated with the BigFix components.
- Uninstalling the BigFix client

Installing on Linux systems

After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.

Because BigFix is powerful, you might want to limit access to trusted, authorized personnel only. The program depends on a central repository of Fixlet actions called the Action site, which uses public/private key encryption to protect against spoofing and other unauthorized usage. To get started, you need authorization from HCL by getting a License Authorization file, which will have a name like CompanyName.BESLicenseAuthorization.

Note: If you run a fresh installation of BigFix V9.5.6 or later using the License Authorization file, be aware that limitations apply in managing Clients earlier than V9.0 and in using Relays earlier than V9.5.6. This is due to the introduction of two security enforcement services that are enabled, in this specific scenario, by default. You can change this behavior after the installation completes by changing the values assigned to minimumSupportedClient and minumumSupportedRelay as described in Running the BigFix Administration Tool.

The installation program collects further information about your deployment and then creates a file called the action site masthead. This file establishes a chain of authority from the BigFix root all the way down to the Console operators in your organization. The masthead combines configuration information (IP addresses, ports, and so on) and license information (how many Clients are authorized and for how long) together with a public key used to verify the digital signatures.