Managing relays

Relays can significantly improve the performance of your installation.

Relays lighten both upstream and downstream burdens on the server. Rather than communicating directly with a server, clients can instead be instructed to communicate with designated relays, considerably reducing both server load and client and server network traffic. Relays improve performance by:

  • Relieving downstream traffic. Using relays, the BigFix server does not need to distribute files, such as patches or software packages, and Fixlets to every Client. Instead, the file is sent once to the relay, which in turn distributes it to the clients.
  • Reducing upstream traffic. In the upstream direction, relays can compress and package data (including Fixlet relevance, action status, and retrieved properties) from the clients for even greater efficiency.
  • Reducing congestion on low-bandwidth connections. If you have a server communicating with computers in a remote office over a slow connection, designate one of those computers as a relay. Then, the server sends only a single copy to the relay (if it needs it). That relay, in turn, distributes the file to the other computers in the remote office over its own fast LAN.

Establishing the appropriate relay structure is one of the most important aspects of deploying BigFix to a large network. When relays are fully deployed, an action with a large download can be quickly and easily sent out to tens of thousands of computers with minimal WAN usage.

A recommended configuration is the connection of 500 - 1000 clients to each relay and the use of a parent child relay configuration.
Note: If the connection between a relay and server is unusually slow, it might be beneficial to connect the relay directly to the Internet for downloads.

BigFix deployments with internet-facing relays that are not configured as authenticating are prone to security threats. Security threats in this context might mean unauthorized access to the relays and any content or actions, and download packages associated with them or to the Relay Diagnostics page that might contain sensitive information (for example: software, vulnerability information, and passwords). To prevent any security vulnerabilities, configure the internet-facing relays in your deployment as authenticating. For details, see Setting up internet relays.

For additional information about relays, see https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/BigFix%20Relays.