HCL Connections
  • Home
  • Profili ▼
  • Comunità ▼
  • App ▼
  • Metriche
  • Moderazione
  • ▼
  • Accesso
  • Condividi
  • ?
  • HCLHCL

Blog

  • Blog personali
  • Blog pubblici
  • Aggiornamenti personali
  • Amministrazione
  • Accedere per partecipare

▼ Tag

 

▼ Archivio

  • settembre 2021

▼ Autori del blog

BigFix - Setup and MCM 2.0

Visualizza tutte le voci
Facendo clic su questo pulsante verrà eseguito un aggiornamento della pagina completa. L'utente dovrà passare all'area "Elenco di voci" per visualizzare il nuovo contenuto.) Elenco di voci

BigFix - Setup and Configure MCM 2.0

Brad Sexton 64576A77-B31D-BF00-0025-86070027DBEC bsexton@hcltechsw.com | ‎ | 1.971 viste

BigFix Mobile has been released! This new release allows new customers or existing BigFix customers to manage mobile devices including: iOS & Android (licensed separately). For Lifecycle or Compliance customers it means they can leverage new laptop management capabilities provided in the Modern Client Management 2.0 release alongside Mobile Device Management all in a completely re-designed User Interface.

 

Earlier I created a “how-to” guide to help customers setup the MDM server from start to finish for a lab/test environment. Here is an update to help folks install the MDM server for 2.0 on Windows and Mac Devices. First, I will walk through setting up the MCM server for a windows device and then I’ll cover how to add Mac/iOS/iPad support. Reach out to your TA or myself if you are interested in looking at these new capabilities.   

 

Things needed to complete the setup

-RHEL 7.6 and above with docker installed

-LDAPS Enabled in your Environment - http://vcloud-lab.com/entries/windows-2016-server-r2/configuring-secure-ldaps-on-domain-controller

-A plugin server that includes mongodb

-A public facing URL to be used for device enrollment

-A public facing certificate for your MDM URL.  Please be sure to included the intermediate certificate often called a cert chain (This is required for Apple devices)

 

For Windows Devices

-Windows WNS configuration file (https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_WNS.html)

 

For Apple Devices (Mac, iOS, and iPadOS)

-A generated CSR file submitted to HCL along with the Key https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_configuring_push_notification_mcm.html

You will then be provided an Apple Push Certificate and instructions on how to submit to your apple developer account and register with apple

 

Installation of RHEL 7.6 Operating System

Download the 7.6 ISO from Redhat

image

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Install the Server with GUI

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Set your user account and root password

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Network and Host Name

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Set your Host name

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Not Listed?

image

 

 

 

 

 

 

 

 

 

 

Login as root

image

 

 

 

 

 

 

 

 

 

 

Open Satellite Registration and register your device in order to receiver docker

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Login with your Red Hat account to register the device

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Run the commands

yum-config-manager --enable rhel-7-server-extras-rpms

image

 

 

 

 

 

Yum install docker

image

 

 

 

 

 

image

 

 

 

curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod 755 /usr/local/bin/docker-compose

image

 

 

 

 

 

 

 

 

Service docker start

image

 


 

 

Set dockers so it starts when OS boots

image

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Set your DNS of your local DNS Server

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Open /etc/ host to edit the host file to your bigfix server if dns does not resolve

image

 

 

 

 

 

 

 

 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copy the bigfix installer to your machine and run the command to install the agent

image

 

 

 

 

 

 

 

Create a new folder under /etc/opt called BESClient (Case Sensative)

image

 

 

 

 

 

 

 

 

 

 

 

 

Copy the actionsite.afxm to this folder

image

 

 

 

 

 

 

 

Run the command to start the bigfix agent

image

 

 

Once machine is checking into Bigfix remote into your Bigfix Server

On the Bigfix Server run the command change the path to export the cert to and the common name of your bigfixserver

BESAdmin.exe /generateplugincertificates /certificatespath:C:\Tools [/commonname:bigfixserver]

image

 

 

image

 

 

 

 

 

 

 

This will extract files to the patch specified

 

image

 

 

 

 

 

 

 

 

Make sure you have a DNS alias for your MDM server or use the fully qualified name

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Installing MDM server Windows Devices

Open WebUI

 

Select Apps- MCM

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Jump to – Admin

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select MDM Servers – Install

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select your Device you want to target for installing the MDM server.  This Device will need to be RHEL with docker installed otherwise it will not be relevant.

image

 

 

 

 

 

Select Windows for the OS you want to install

image

 

 

 

 

 

Select Enable LDAP Auth and enter your LDAPS parameters for your environment

image

 

 

 

 

 

 

 

 

 

 

 

Set the TLS Key Password you would like to use (This sets the password to encrypt the private key)

TSL Certificate is your public facing url.  It is recommended to use your certificate chain so it also includes the intermediate certificates.

image

 

 

 

 

 

 

 

 

Upload the 3 files below.  These files were created on your BESadmin tool on your BigFix Server in steps earlier

image

 

 

 

 

 

 

 

 

 

Upload the WNS Credentials you generated with your Microsoft Developer Account – Follow this link for more details https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_WNS.html

image

 

 

 

 

 

 

Select the Install button to complete the server install

image

 

 

 

 

 

Configure the Windows Plugin service

Select Apps- MCM

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Jump to – Admin

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select MDM Plugins – Install

image

 

 

 

 

 

 

 

 

 

 

 

 

image

 

 

 

 

 

Select the MDM Plugin Install Type to Windows

image

 

 

 

 

 

Set your mdm Server Address

Upload the following files (These 3 files were created from your BigFix Server BESAdmin Tool)

image

 

 

 

 

 

 

 

 

 

 

Select Deploy to install the Windows Plugin to your Plugin portal

image

 

 

 

 

 

Installing Apple MDM Server

Go to MDM Servers – Add Capability

image

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Apple as your Operating System

image

 

 

 

 

 

This is the password you set when creating your key file when creating your apple CSR (https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_configuring_push_notification_mcm.html) 

Add the Apple Push Certificate File you (This will be downloaded from the Apple Push Certificate Portal in your email instructions from HCL) https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_configuring_push_notification_mcm.html

Add the Apple Push key that was created - https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_configuring_push_notification_mcm.html

Set the welcome message you would like User to see when they enroll

image

 

 

 

 

 

 

 

 

 

 

 

 

Select the Deploy Button to install the Apple MDM Server

image

 

 

 

 

 

 

Install the Apple Plugin Server

Select MDM Plugins - Install

image

 

 

 

 

 

 

 

 

 

 

 

 

 

Select your Plugin Server to deploy to

image

 

 

 

 

 

Select Apple as the Plugin Type

image

 

 

 

 

 

Set your mdm Server Address

Upload the following files (These 3 files were created from your BigFix Server BESAdmin Tool)

image

 

 

 

 

 

 

 

 

 

 

 

Select Deploy to install the Windows Plugin to your Plugin portal

image

 

 

 

 

Verify the Health of the environment

Select Apps- MCM

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Jump To – Health Check

image

 

 

 

 

 

 

 

 

 

 

 

 

If your analysis are not already active select the activate all button to activate each of the analysis. 

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Prestage the Windows and Mac Client install as part of MDM

Select Jump to – Configure MDM

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Prestage macOS BigFix Installer

image

 

 

 

 

 

 

 

 

 

 

Select the Deploy Button to Stage the Mac installer

image

 

 

 

 

 

 

 

 

 

Select Jump to – Configure MDM

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Prestage Windows BigFix Installer

image

 

 

 

 

 

 

 

 

 

 

 

 

Select the BIgFIx MSI (This article describes how to edit the msi and add client settings so software can automatically be provisioned - https://www.linkedin.com/pulse/bigfix-use-mcm-automatically-provision-install-software-brad-sexton/ )

Select the MSI you created and hit the deploy Button to prestage the MSI

image

 

 

 

 

 

 

 

 

 

 

Select Jump To – Policies

Here we are going to create a simple passcode policy but this can be anything for this step such as deploy a certificate, passcode, encryption, etc.

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Name Your policy

Set the Site you want to store the policy in

image

 

 

 

 

 

 

 

 

 

 

 

Select Mac / iOS / IPadOS

image

 

 

 

 

 

 

 

 

 

 

Select a few settings you would like to apply

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Windows 10

image

 

 

 

 

 

 

 

 

 

 

Select Allow Simple Passcodes

image

 

 

 

 

 

 

 

 

 

 

Select Save

image

 

 

 

 

 

 

 

Select Jump To – Policy Groups

image

 

 

 

 

 

 

 

 

 

 

 

 

Select the Create Policy Groups Button

image

 

 

 

 

Name Your Policy Group Name

Select the OS to MacOS

Assign to Group and Select Over the Air Enrollment and Automated Device Enrollment

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Add BigFix Agent

image

 

 

 

 

 

 

 

 

 

 

 

 

Add your DMZ relay information along with your passcode for the client.  This is used with Relay Authentication enabled https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Console/ManualKeyExchange.html#Manualkeyexchange

Select the Mac Agent you want to Deploy and select Confirm (Note if you just uploaded the mac installer it might take a few minutes before it to show up in the list)

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Add Policy

image

 

 

 

 

 

 

 

 

 

 

 

 

Select the policy we created Earlier from the list and click ok

image

 

 

 

 

 

 

Save the Policy

image

 

 

 

 

 

 

 

 

 

 

Select the Policy you just created and Click Deploy – Policy Group on MDM Server

image

 

 

 

 

 

 

 

 

 

 

 

 

Select Jump To – Policy Groups

image

 

 

 

 

 

 

 

 

 

 

 

 

Select the Create Policy Groups Button

image

 

 

 

 

Name Your Policy Group Name

Select the OS to Windows

Assign to Group and Select Over the Air Enrollment, Bulk Enrollment, and Autopilot Enrollment

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Add BigFix Agent

image

 

 

 

 

 

 

 

 

 

 

 

Select the MSI file you would like to deploy when the machine enroll and save

Note: if you just uploaded the msi installer it might take a few minutes before it to show up in the list

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Select Add Policy

image

 

 

 

 

 

 

 

 

 

 

 

 

 

Select the Policy we Created Earlier and select OK

image

 

 

 

 

Select Save

image

 

 

 

 

 

 

 

 

 

 

Select The Windows Policy we just created and Deploy – Policy Group on MDM Server

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click Deploy

image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Aggiungi un commento Aggiungi un commento
  • Modifica
  • Ulteriori azioni v
  • Metti questa voce in quarantena
Invia notifica ad altre persone
notification

Invia notifica email

+

Metti in quarantena questa voce

deleteEntry
duplicateEntry

Contrassegna come duplicato

  • Voce precedente
  • Principale
  • Voce successiva
Feed per voci del blog | Feed per commenti del blog | Feed per commenti relativi a questa voce
  • Home
  • Guida
  • Strumenti di segnalibri
  • Metriche server
  • IU mobile
  • Informazioni su
  • HCL Connections su hcl.com
  • Inoltra feedback