BigFix - Migrate the BigFix Server
Servers can get old and have outdated hardware and will need to migrated BigFix from one server to another.?Migrations could be required if an Operating System is coming to end of life or you want to migrate to the cloud.?This same guide could be used to migrate to a cloud instance if you want to move your BigFix Server to Google Cloud, AWS, or Azure.?Please always refer to documentation and read it over thoroughly this article is mainly intended for a simple server migration from one to server to another.?
Anytime you do a migration I strongly encourage you to open a preemptive ticket with HCL support.?Let support know you are scheduling a server migration on x date.?This is in case something happens with the migration support can be on top of it with you.
Here is a link to HCL Support - https://support.hcltechsw.com/csm
Here is the official product documentation on the HCL support site
Login your old BigFix Server and stop all of the BigFix services
On the old server launch SQL management studio and detach the BESEnterprise database
By going to tasks - Detach
Select the drop checkbox and hit OK
Select the BFReporting Database and Right Click and Select Detach
Select Drop and select OK
Browse to the path of where your SQL databases are stored and move the BFEnterprise?and BesReporting database ffiles to the new server
On the new BigFix Server Open SQL Management Studio and Right Click on Database and select Attach
Select the Add Button
Browse to the copied over database files and add BESReporting and BESEnterprise
Copy the folders from the old server to the new server and keep the same file and folder structure
·????????[BigFix Server folder]\sitearchive (pre-8.0 only)
·????????[BigFix Server folder]\BESReportsData\ArchiveData
·????????[BigFix Server folder]\BESReportsServer\wwwroot\ReportFiles
·????????[BigFix Server folder]\ClientRegisterData (pre-9.0 only)
·????????[BigFix Server folder]\Encryption Keys
·????????[BigFix Server folder]\Mirror Server\Inbox --?NOTE:?Be sure to edit and update the paths specified in the GatherState.xml?if?the installation path has changed, e.g. Program Files to Program Files(x86) for example, otherwise you will receive class NotASignedMessage errors. This particularly applies when migrating the OS from 32-bit to 64-bit architectures.
·????????[BigFix Server folder]\Mirror Server\Config -> DownloadWhitelist.txt
·????????[BigFix Server folder]\UploadManagerData
·????????[BigFix Server folder]\wwwrootbes
Download the Decrypt Server Keys Tool from - https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/Server%20signing%20key%20Tool
?
On the old Server Decrypt and Save the Encrypted Configuration Keys by running the command
ServerKeyTool.exe /decrypt /dirin:"C:\Program Files (x86)\BigFix Enterprise\BES Server" /dirout:C:\Tools\Decrptyed
This will store the decrypted keys to the path you set
Copy the Decrypted Keys to the new server and run the command
ServerKeyTool.exe /encrypt /dirin:"C:\Tools\Decrypted " /dirout:” C:\Program Files (x86)\BigFix Enterprise\BES Server”
领英推荐
This will encrypt your new keys
?Go to https://support.bigfix.com/bes/install/downloadbes.html and download the Installation Generator to your new BigFix Server
?
Run the installation generator on the new server
Select I want to install ?with an existing masthead and let the installation generator install
Browse to your license certificate and input your password
Select Single or Master Database
Create a local account for your console
Select your Database type
Make sure the checkbox "Run the BigFix Diagnostic Tool" is selected
Verify all services are back up and running
Now you can update your DNS Alias to point to your new BigFix Server
Verify you are able to successfully login the console
In your console send blank action to your clients and verify they are reporting back
Tools – Take a custom action and target all Computers
Verify they report back
Check any of your logs for any gather errors after the upgrade.
Sr Engineer at Weill Cornell Medicine
10 个月hey brad,,, i was going through this. we're only doing the sql server at present. basically, is this guide good down to key decryption? thanks
Analista de Seguran?a Senior | Blue Team | SOC | Gest?o de Vulnerabilidades
1 年Thanks Brad!