BigFix Agent Deployment Wizard (stand-alone)

IBM Endpoint Manager Agent Deployment Wizard is being deprecated, but is still available to use.

We encourage to use Bigfix Client Deploy Tool , that from release 9.5.5 can deploy clients on all target platforms.

Deploying Bigfix Agents with the Bigfix Agent Deployment Wizard

This page describes the stand-alone Bigfix Agent Deployment Tool. If you want to deploy agents from Tasks within the Bigfix console, see Windows Agent Deployment Tasks (Console) and RHEL Agent Deployment Tasks (Console) for more information.

About the Bigfix Agent Deployment Tool

Using the Bigfix Agent Deployment Tool, you can deploy the Bigfix agent to one or more computers in your network. Use the tool to enter the details of the computers to which you want to deploy the agent and then select the agent version and client configuration. The tool provides feedback on each step of the process and displays the results of the deployment for each computer. You can then manage the computers from within the Bigfix console.

You can run the tool from both Windows and Red Had Enterprise Linux operating systems. You can deploy the IBM Bigfix agent to computers with operating systems listed in the Image Catalog on the Welcome page of the IBM Bigfix Agent Deployment Tool.

Before you begin

You must configure the firewall to enable SSH and SMB traffic between the computer that is running the IBM Bigfix Agent Deployment Tool and any computer on which you want to deploy the IBM Bigfix agent. The default SSH port for TCP is 22. The default SMB port is 445. If you modify a default SMB, SSH, LDAP, or IBM Bigfix port number, you must configure the firewall with the details of that port.

For AIX, Solaris, Mac, HP-Unix, and Windows operating systems, you must configure the IBM Bigfix default port 52311. The IBM Bigfix Agent Deployment Tool automatically configures IBM Bigfix port 52311 on Red Hat Enterprise Linux, SUSE, Debian, CentOS, and Ubuntu operating systems.

If you use the LDAP server to target hosts, you must configure your firewall to enable communication with the default ports 389 and 636 or any port number that you use for LDAP.

Select Edit > Preferences in the IBM Bigfix Agent Deployment Tool menu to edit the number of parallel agent installations, the SSH and SMB port numbers, connection timeout, and the temporary folder settings.

Adding/Editing Proxy Details

You can configure the tool with a proxy. To add your proxy details, see Editing the Proxy Settings of the IBM Bigfix Agent Deployment Tool

To use the tool, your computer must have Internet access or use the Airgap feature to import the required images from another computer. For more information, see Exporting and Importing IBM Bigfix agent images to an Air gapped environment

Prerequisites for deploying to Windows systems

Port 445 must not be blocked by a firewall. The predefined rule in the Windows firewall for this port is Netlogon Service (NP-In).
Remote Registry service must be started (On Windows 7 is turned off by default.)
User Account Control Setting is configured to accept remote connections. ( Run cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f)
Disable User Account Control if a different Administrator user account is to be used to connect (Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings. Set to "Never notify" )
On Windows 2000, ensure that Reg.exe is installed. You can use a Windows Supports Tool CD to install Reg.exe.

Alternatively:

Port 445 must not be blocked by a firewall. The predefined rule in the Windows firewall for this port is Netlogon Service (NP-In).
Start the WinRM service on the target machine from power shell by using the command Start-Service WinRM
Configure the WinRM service running WinRM quickconfig and accept the changes by providing the input "Y" ( The Win RM listner on HTTP://* to accept WS-Man requests will be created and LocalAccountTokenFilterPolicy will be configured to grant administrative rights remotely to local
users)
Set Basic authentication to true to use the basic authentication mechanism running

Set-Item WSMan:\localhost\Service\Auth\Basic $true
Set AllowUnencrypted to true, to allow Unencrypted message communication running

Set-Item WSMan:\localhost\Service\AllowUnencrypted $true

Port 5985 must not be blocked by a firewall. The predefined rule in the Windows firewall for this is Windows Remote Management (HTTP-In)

Prerequisites for deploying to Linux/Unix systems

For Linux/Unix users, you must configure the sudoers group with the user name and password that you want to use to deploy the agent. If you want to deploy the agent with a user name that is not root, you must remove the following two lines from the sudo configuration:

Defaults targetpw

ALL ALL=(ALL) ALL

Verify that on target machine scp,sudo and ssh are properly installed running from a different machine:

scp user@ip_address:sample_file.txt /tmp/

ssh user@ip_address sudo -V

To install the agent on a computer with a HP-Unix operating system with sudo installed, you must use the Root user name and password.

Click the Bug icon on the upper left of the toolbar to view the overall installation log file.

Downloading and installing the IBM Bigfix Agent Deployment Tool (Windows)

For Windows users, you can download the IBM Bigfix Agent Deployment Tool from the following URL:

http://software.bigfix.com/download/bes/util/AgentDeployment/TEMAgentDeployment-1.0.453-win.zip

Copy the zip file to a location in which you want to install the application and extract the files.
Navigate to the location where the file was extracted and to open TEMAgentDeployment-1.0.453-win.zip > bin directory.
Click the batch file TEMAgentDeployment.bat to launch the application.

Downloading and installing the IBM Bigfix Agent Deployment Tool (RHEL)

To run the IBM Bigfix Agent Deployment Tool on a Red Hat Enterprise Linux 64-bit computer, you must update the libraries with the following commands:

    #yum update libXext

    #yum update libXrender

    #yum update libXft

    #yum update libXtst

You must also install the following 32-bit Red Hat Enterprise Linux libraries with the following commands:

    #yum update libXext.i686

    #yum update libXrender.i686

    #yum update libXft.i686

    #yum update libXtst.i686

You must change the file permission to make the .sh file an executable file

For Red Hat Enterprise Linux Users, you can download the IBM Bigfix Agent Deployment Tool from the following URL:

http://software.bigfix.com/download/bes/util/AgentDeployment/TEMAgentDeployment-1.0.453-rhel.zip

Copy the zip file to a location in which you want to install the application and extract the files.
Navigate to the location where the file was extracted and to open TEMAgentDeployment-1.0.453-rhel.zip > bin directory
Click the batch file TEMAgentDeployment.sh to launch the application.

Using the IBM Bigfix Agent Deployment Tool

Entering Targets

On the Enter Targets page, enter the following mandatory parameters:

*Table 1. Enter Targets: Mandatory parameters*
Parameter	Requirement
Hosts	Enter the DNS name or IP address for each host on which you want to deploy the IBM Bigfix agent. As an alternative, you can click Load Hosts to add a .txt file with the list of the host names to the Hosts field. Separate each host with a comma or write each host on a new line. You can also enter a range for IP addresses. For example: 192.168.10.2-192.168.120.254. To import a list of hosts from an LDAP server, click the LDAP Browser icon above the Hosts field. For more information, see Importing hosts with the LDAP wizard
User Name	Enter the user name to log in to each host. The user name must be valid for every host that you enter. For Windows operating systems, you cannot enter the user name in the following format: `DOMAIN NAME/user name`. This is a known issue.
Password	Enter the password that is associated with the user name. The password must be valid for every host that you enter.
Use key file	Select this option to use ssh key to connect to the target machine. If you select Use key file, you must enter the private key file to open a connection to the targets.
Key file	Enter the private key file to open a connection to the targets. The key file must be valid for every host that you enter. This parameter becomes available when you select "Use key file". (note - User Name and Password fields cannot be blank, but appear to be ignored when using Key file for authorization)
Passphrase	Enter the passphrase associated to the key file. The passphrase must be valid for every host that you enter. This parameter becomes available when you select "Use key file".

Select Show Optional if you want to enter any optional parameters.

*Table 2. Enter Targets: Optional parameter(s)*
Parameter	Requirement
use SU command	If the user name that you enter is not part of the sudoers group, select the SU check box and enter the root password. In this case, the tool connects to the computer with the login credentials entered in the User Name field and then uses the root user name credentials to complete the installation.

Click Next to proceed to the Report Targets page

Reporting Targets

In the Report Targets page, the tool generates an individual report for each host that you enter. You can view:

The operating system;
The IBM Bigfix agent version (if any);
Whether the user credentials that you entered have permissions to install the agent.

If you deploy the agent to a computer that runs Windows 8, the tool renders the name of the operating system as Microsoft Windows. This is a known issue. You can cancel the reports by clicking the Cancel button above the Results list.

Log File

To view the log file for a host, select that host in the Results list. The log opens in the Details pane.

On the Details pane, select either Show Errors or Show Warnings to highlight any errors or warnings in the log files.

From the Results table, select the hosts with which you want to continue the installation of the agent.

Click Select all Successful to select all the hosts on which you can deploy the Endpoint Manager agent.

Selecting Agents

Click Next to proceed to the Select Agent page.

On the Select Agent page, enter the following mandatory parameters:

Table 3. Select Agent: Mandatory parameters
Parameter	Requirement
Platform Version	Select the platform version from which you want to select an agent version.
Agent Version	Select which version of the agent that you want to deploy to each host. The Agent Deployment versions that are available for deployment are listed in the catalog. The Latest Version option refers to the latest version that is available in the catalog, and might not be the latest version that is released.
Masthead Location	Enter the file location for the masthead that you want to copy to the hosts. Click Next to begin the installation.
If Agent Exists..	Click Copy Masthead if you do not want to upgrade the current version of the agent but you want to manage the agent with a different Root Server. Click Upgrade Version if you want to upgrade the existing agent. You cannot downgrade the agent version that is installed on the computer. If you select an agent version that is lower than the agent version currently installed on the computer, the tool copies the masthead.

Select Show Optional if you want to specify the following optional parameters:

*Table 4. Select Agent: Optional parameters*
Parameter	Requirement
Root Server IP	Enter the IP address for the IBM Bigfix client that corresponds with the masthead. If the DNS name of the root server cannot be resolved, the tool uses the Root Server IP.
Client Configuration	To configure the IBM Bigfix agent on deployment, enter a file path of a clientsettings.cfg file for Windows and Mac, or a besclient.config file for Linux/Unix. For example, you can use the client configuration file to configure the relay and the client log file.
Proxy Settings	If the clients to install need to communicate thru a proxy, configure the proxy connection clicking Proxy Settings.

In the Proxy Settings panel specify:

The hostname or IP Address and the port number to communicate with the proxy machine.
The credentials of the user defined on the proxy machine that is to be used when establishing the connection.

For the Windows targets select the checkbox if you want that the proxy settings are retrieved from the Internet Explorer configuration.

Results

On the Deploy Agent page, you can view the progress of the agent deployment to the hosts that you selected.

For each host, you can view:

The deployment result;
The host address;
The status;
The operating system;
The version of the IBM Bigfix agent.

You can cancel the agent deployment by clicking the Cancel button above the Results table. The tool attempts to cancel all pending installations. If the installation is in the final stages, the tool might not manage to cancel the installation.

To display the installation details of an individual host:

Select the host from the Results table. The log file for that host opens in the Details pane.
On the Details pane, select either Show Errors or Show Warnings to highlight any errors or warnings in the logs for a particular host.

To restart the agent deployment on a computer which failed to complete, select the host and click Restart.

Note: The support for this tool is provided on the forum.