Archive for June, 2012

Deploying your IBM BigFix Agents

IBM BigFix Agents are installed on every computer that you want to manage. They access a collection of Fixlet messages that detects security holes, improper configurations, and other vulnerabilities.   These intelligent but small agents are typically less than 10MB in size.   IBM offers a range of agents for Windows, macOS, IBM AIX, HP-UX,  CentOS, Solaris , VMware ESX Server (4.x – 8 versions of Linux…. phew.

Windows computers

There’s a number of ways to easily deploy these agents across your environment.   Page 30 of the Administrator’s Guide details a number of different techniques.

For all of your Windows endpoints, you can utilise the ‘built in’ Client Deployment Tool.   This allows you to easily select your Windows computers and install the agent across your the network without any user interaction.  I’ve found it typically takes less than 30 seconds to install/test the agent for each system across a LAN.

You can also distribute the client via a login script or Active Directory (Group Policy) Software Distribution.   Via AD Software Distribution, simply select an appropriate GPO in which the agent will be deployed.  In my test environment, I created a new Organisational Unit (OU) in which appropriate computers would have the agent deployed.   I did this because in my lab, I have several Endpoint Manager servers and didn’t want any clashes, however you might simply select an entire AD domain.

I then copied the BESClient.MSI (which the embeded masthead info to self register the agent with the Endpoint Manager server) to my AD’s NetLogon share   (which was  \\myad.lab.ibm\NETLOGON\).    This MSI was found on my Endpoint Manager server’s  :\Program Files (x86)\BigFix Enterprise\BES Installers\ClientMSIs\ directory.    Then via the Group Policy Management Tool,  I created a new software package and browsed to the DFS share for the BESClient.MSI)

The details for the MSI are shown below:

The agent isn’t distributed immediately to your computers,  but according to the current Group Policy update interval.   If the computer is restarted, the agent will be installed and automatically registered in the Endpoint Manager console within a few minutes.

Non-Windows computers

All non-Windows agent software,  including installation instructions is provided here.   You can also utilise the BigFix Unix/Linux/Mac Client Deploy Tool available from the BigFix labs download  (at the bottom of the page).  This tool provides a similar function to the Windows tool, to locate/install the appropriate agent via the network.   I’ve included some example screen captures of the tool in action, installing an agent for a RHEL 5.x server.

OK, so there you have it.  Pretty easy hey!    Any queries, feel free to contact me or check out the IBM TEM Deployment and Configuration developerWorks forum.

Darryl

3 Comments