Summary

This document describes the disaster recovery plan for BigFix Enterprise Suite using Standard backup/restore. If you are using Distributed Server Architecture (DSA) see the article on DSA Disaster Recovery.

Standard Backup/Restore

The standard backup/restore method is commonly used as a simple method of allowing for disaster recovery in BigFix. The general method is to do periodic backups (usually nightly) of the BigFix Server and database files. In the event of a problem, the database and BigFix Server files can be restored to the BigFix Server computer (or another computer) and the system will be restored. This is sometimes called a "Cold Standby" method of disaster recovery.

Pros

Cons

Backup Procedure

  1. Using SQL Server Enterprise Manager, establish a maintenance plan for nightly backups for the BFEnterprise and BESReporting databases -- Multiple backup copies allow for greater recovery flexibility. Consider backing up to a remote system to allow for higher fault tolerance.
  2. The following files/folders are used by the BigFix Server and should be backed up for recovery purposes:

    • [BigFix Server folder]\BESReportsData\ArchiveData -- Archived Web Reports.
    • [BigFix Server folder]\BESReportsServer\wwwroot\ReportFiles -- Support files for custom Web Reports.
    • [BigFix Server folder]\Encryption Keys -- Private encryption keys (if using Message Level Encryption).
    • [BigFix Server folder]\wwwrootbes\Uploads -- Contains custom packages that were uploaded to the system for distribution to clients.
  3. The following files/folders are used by the BigFix Server, but can be rebuilt automatically by the server in the event of a failure. Backing them up will allow for faster recovery.
    • [BigFix Server folder]\ClientRegisterData\registrationlist.txt -- Information about last known IP address of computers.
    • [BigFix Server folder]\Mirror Server\Inbox\bfemapfile.xml -- Information necessary for BigFix Agents to get actions/Fixlets.
    • [BigFix Server folder]\sitearchive -- Information necessary for BigFix Agents to get actions/Fixlets (for version 7.2 and earlier).
    • [BigFix Server folder]\wwwrootbes\bfsites -- Information necessary for BigFix Agents to get actions/Fixlets.
    • [BigFix Server folder]\wwwrootbes\bfmirror\bfsites -- Information necessary for BigFix Agents to get actions/Fixlets.
    • [BigFix Server folder]\wwwrootbes\bfmirror\downloads -- Contains the download cache.
  4. Securely backup site credentials, license certificates, and publisher credentials -- The license.pvk, license.crt, and publisher.pvk files are critical to the security and operation of BigFix. If the private key (pvk) files are lost, they cannot be recovered. These files must be securely backed up.
  5. Backup the user account information in SQL Server -- The database usernames and privileges are stored in the master database on SQL Server and will need to be restored in the event of a failure (otherwise all logins would need to be recreated). Information on how to backup SQL Server login information is available at: http://support.microsoft.com/kb/246133/.

Recovery Procedure

  1. Using either the previous BigFix Server computer or new computer, install SQL Server (use the same version of SQL Server as was previously used). Remember to enable Mixed Mode Authentication for your new SQL installation if you were using it on the primary BES Server
  2. Ensure that the new BigFix Server computer can be reached on the network using the same URL that is in the masthead file. (For example: http://192.168.10.32:52311/cgi-bin/bfgather.exe/actionsite OR http://bigfixserver.company.com:52311/cgi-bin/bfgather.exe/actionsite).

    Important: To avoid issues where the BigFix Clients connect to the BigFix Server before it is fully restored, it is best to make sure the BigFix Server is not available on the network until the migration is complete (i.e., don't push the DNS update until the migration is complete, use a local hosts file entry, initially).
  3. Restore the SQL Server login information: http://support.microsoft.com/kb/246133/.
  4. Restore the BFEnterprise and BESReporting databases from backup.
  5. Restore the backed up files/folders (creating the directory structure, as needed).
  6. Install the BigFix Server component using the masthead file and specifying the same path used in the original install.
  7. In a command window, change to the BES Server directory and run "BESAdmin.exe /rotateServerSigningKey".

Note: If you have HTTPS enabled be sure to restore the server settings for Web Reports.

Verification of Restoration

To make sure that your BigFix Server has been successfully restored, perform the following steps:

  1. Check the BigFix Diagnostics to make sure all services are properly started.
  2. Login with the BigFix Console and verify that the logins work properly and the database information was properly restored.
  3. BigFix Clients and BigFix Relays should soon notice that the server is available and will be reporting data to the server. Full recovery with all agents reporting will usually take anywhere from a few minutes to many hours (depending on the size of the deployment and how long the server was unavailable). In any circumstance, at least some agents should be reporting updated information within an hour or so).
  4. After verifying some agents are reporting properly, send a "blank action" (Tools > Take Custom Action, target "All Computers", click OK) to all computers. The blank action will not make any changes to the agent computers, but the agents will report that they received the blank action. If the most agents respond to a blank action, it is a very strong indicator that everything is working well because sending an action tests many core components and communication paths of BigFix.
  5. Login to the web reports and ensure the data was restored properly.
  6. Contact BigFix Technical Support with any issues or questions.