Network configuration requirements

The following network configuration is recommended for security and performance reasons:

  • All internal network communication is on one specified port (52311 is the default port for all the components, including the console) to allow for simplicity and flexibility of deployment. TCP/IP and UDP on this port must be completely unblocked at all internal routers and internal firewalls (you can optionally disable UDP, but that might negatively affect performance).
  • The BigFix server should connect to the network at 100 mbps or higher.
  • Consoles should have high speed connections to the BigFix server (100 mbps or higher)
  • The BigFix client must be installed on the BigFix server machine.

These networking recommendations are typically easy to satisfy for most organizations maintaining a moderate security posture. For information about larger installations, see Deployment Scenarios.

The BigFix Server requirements and performance can also be affected by other factors in addition to the number of clients. These factors include:

The number of console operators
Multiple console operators can connect to the servers at the same time to manage subsets of the networked computers. Some deployments can have hundreds of operators. If you plan to have more than 30 operators, you might want to have a more powerful Server to support the additional load.
Relays
Use to lighten the load on the servers by accepting connections from clients and then forwarding the data to a server. In most deployments, very few clients report directly to the main Server.
Note: To improve performance, you can connect from 500 to 1000 clients to each relay and use a parent child relay configuration.
The number and type of Retrieved Properties and Analyses
Custom-Retrieved properties and analyses can provide extremely useful data, but if custom properties are poorly implemented or overused, they can also create undue load on the system by requiring too much bandwidth or too many client resources. For example, it would be unwise to create a custom-retrieved property that returned the names of every file on every computer, due to the load on the client computers and the network.

For more information about these issues, see https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/Performance%20Configuration.