BES Relay Health

It is extremely important to a properly functioning BES deployment to keep the BES Relays healthy and to keep the BES Clients properly reporting to them. The BES Relays two main purposes are to reduce total network usage and to remove load from the BES Server. If the BES Relays are not set up properly, the WAN links can possibly become saturated by the BES Client traffic and the BES Clients might appear to be very "sluggish" when an action is taken because the BES Server is overloaded with incoming requests from the BES Clients.

More information on BES Relays can be found in the BES Relay FAQ and the BES Administrator's Guide.

Below are the best practices for maintaining the BES Relay health. These should be verified periodically in every deployment.

All BES Clients are using a BES Relay

Description:
The BES Clients must connect to either the BES Server or a BES Relay to gather the latest information about Fixlets and actions, download files, and post their information. In most deployments of BES, especially mid to large deployments, it is recommended that all the BES Clients use a BES Relay instead of using the BES Server. This tends to lead to better performance because the BES Clients can get the latest actions and download files faster and as a result, you see the BES Client action status update quickly. If some BES Clients are using the BES Server instead of a BES Relay, it is not necessarily a problem, but it is recommended that as few BES Clients report directly to the BES Server as possible to free up the BES Server for other tasks.

How to Verify:
The easiest way to verify which BES Clients are using BES Relays is to use the Relay column in the BES Console. Look in the BES Console under the "Computers" tab. On the left, expand the "By Retrieved Properties" section and expand the "By Relay" filter (if you don't see the "By Relay" filter, right-click on the column headings and make sure "Relay" is checked). This will show you the breakdown of where the BES Clients are currently reporting. A healthy deployment will have very few computers reporting to the DNS name of the BES Server (except the BES Relays).

Note: The "Primary BES Relay" and "Secondary BES Relay" show which BES Relays the BES Clients are supposed to choose if they are set to manual relay selection and the "Relay" column shows which BES Relay the BES Client currently has selected.

How to Troubleshoot Issues:
There can be a number of reasons why the BES Clients are not currently reporting to a BES Relay:

• The BES Clients are set to manual BES Relay selection and no BES Relay is currently set
• The BES Clients cannot resolve the BES Relay's DNS name
• The BES Clients cannot contact the BES Relay because of NATs or firewalls
• The BES Relay is not working properly

Information on how to troubleshoot these issues and more are available at: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=182

The BES Clients are using a nearby BES Relay

Description:
One of the primary benefits of BES Relays is that they can server as "distribution points" for large files, such as patches or applications. This ability allows for greatly reduced network usage especially across slow WAN pipes (the files are distributed to the BES Relay across the WAN and distributed from the BES Relay to the BES Clients locally). However, the BES Clients must be properly set up to use the local BES Relay otherwise you will use more WAN bandwidth than necessary. You can set the BES Clients to either automatically find their closest BES Relay based on network hops or manually select the BES Relay for the BES Clients (in general automatic BES Relay selection is recommended because it simplifies administration).

How to Verify:
There are two basic ways to verify that the BES Clients are using a nearby BES Relay:

• The BES Clients will return the number of hops to the BES Relay that it is using (this will work only if the BES Client is using automatic relay selection). You can view these values in the BES Console or in a report to help determine if the BES Clients are choosing appropriate BES Relays. Look at the "Distance to BES Relay" retrieved property in your BES Console to view this information.
• Using the BES Console or a report, you can view which BES Relays the BES Clients are using in each subnet or in each location (see http://support.bigfix.com/bes/misc/retrievedproperties.html for more information about creating these properties). This will give you a good idea if any BES Clients are using the wrong BES Relays because the BES Clients in each location should usually all be using the same BES Relay(s). To view this information in the BES Console, filter "By Location" or "By Subnet" and then look at "By Relay" for each subnet/location to see the BES Relay distribution.

How to Troubleshoot Issues:

• If the BES Clients are not using a particular BES Relay, try the suggestions listed at http://support.bigfix.com/cgi-bin/kbdirect.pl?id=182.
• If the BES Clients are using automatic selection and you believe they are incorrectly choosing the wrong BES Relay, you might was to do a "tracert" from the BES Client to the BES Relay because there might be additional network hops that you were not aware of.
• If it appears that only a few BES Clients that are using automatic selection are choosing a non-optimal BES Relay, you can prompt them to immediately choose a new BES Relay (by default they will attempt to find a better BES Relay every 6 hours) by sending them a custom action with the action command relay select. See http://support.bigfix.com/bes/misc/customactions.html for more information about custom actions.

There are fewer than 1000 BES Clients using any BES Relay

Description:
One of the main benefits of BES Relays is that they act as distribution points for files so that the main BES Server does not have to provide the file to each BES Client, but if there are too many BES Clients pointing at any single BES Relay, the BES Relay will become swamped when an action is sent out (especially if the file is big). This will cause actions to take longer to deploy while the BES Clients are waiting to get the files from the BES Relays. In most deployments, an optimal number of BES Clients reporting to each BES Relay is between 500-1000. Most BES Relay computers can handle a larger number of BES Clients and BES will function properly if there are more than 1000 BES Clients per BES Relay, but the results will not be optimal. Note that a very powerful BES Relay computer can certainly handle more BES Clients than an older and less powerful computer, but since the BES Relay is heavily constrained by bandwidth, the difference in performance between a more powerful and less powerful BES Relay computer is not extremely significant.

How to Verify:
In the BES Console, click on the "Computers" tab and expand the "By Retrieved Properties" > "By Relay" filter. This will list each BES Relay that is being used along with how many BES Clients are reporting to each BES Relay.

How to Troubleshoot Issues:
If you are using manual relay selection and there are too many BES Clients using a BES Relay, then you should assign BES Clients to a different BES Relay to reduce the load. If too many BES Clients are using a BES Relay and they are set to automatic relay selection, then you can add a BES Relay to the same subnet as the other BES Relay and the BES Clients will automatically distribute themselves between all BES Relays the same distance apart. Alternately, you can set the BES Clients to manually point to a specific BES Relay if necessary.

The BES Relays all point to the BES Server or a top level relay

Description:
In most deployments, especially smaller deployments, all BES Relays should be manually assigned to point directly back to the BES Server. Alternately, if there are many BES Relays, it is a good idea to have one BES Relay computer designated as a "top level" BES Relay and all the other BES Relays can point directly to the top level BES Relay. Note that unless there is a compelling network bandwidth limitation, it is generally better to have as few levels to the BES Relay as possible because each level introduces a little bit of latency for the BES Client reporting. BES Relays should not use automatic BES Relay selection.

How to Verify:
In the BES Console, click on the "Computers" tab and expand the "By Retrieved Properties" > "By Relay Installed" > "Yes" > "By Relay" filter. This will list the BES Relays the each of the BES Relays are using.

How to Troubleshoot Issues:
If the BES Relay hierarchy is not set properly, set the BES Relays to all manually point to a top level BES Relay or the main BES Server.

Redundant BES Relays are set up for slow WAN pipes

Description:
Putting a BES Relay in each location with a slow WAN link is vital to save bandwidth; however, if the BES Relay computer is turned off, crashes, loses network connectivity, or for any reason is inaccessible, then the BES Clients will attempt to find their next closest BES Relay and if this occurs during an action push, you will potentially overwhelm the WAN pipe. One way to reduce the risk of this is to set up redundant BES Relays in each location that is connected over a slow WAN pipe. In this case, if one BES Relay goes down, the other local BES Relay will be used by the BES Clients.

How to Verify:
In order to verify this, you will need a subnet property or location property setup that will allow you to get an idea of the location of the BES Relays. You will also need to know which subnets/location are connected through a slow pipe. With this information, you can open the BES Console, click on the "Computers" tab and expand the "By Retrieved Properties" > "By Relay Installed" > "Yes" > "By Location/By Subnet" filter. This will show how many BES Relays are in each location.

How to Troubleshoot Issues:
You will need to add redundant BES Relays as necessary for each location.