If you are using BigFix 8.0 or newer, please see http://support.bigfix.com/bes/install/airgapnetwork.html.
In addition to the BES Server which is being configured on the isolated network, you will need a computer which has access to the public Internet, the 'Gathering Computer'. The Gathering Computer will be used to download Fixlet content and file downloads, which will then be transferred to the BES Server on the isolated network. The Gathering Computer should not be a BES Relay or a BES Server.
Note: The first section must be completed on a computer with Internet access.
On a computer that has internet access using the standard installation instructions. Follow steps 1 though 8 using the licensing authorization file you have been provided in email. This will generate the licensing files you need: License.pvk and License.crt. These files and your password is all that Internet computer will be needed for to generate the licensing information.
Continue running the setup process on the BES Server on the internal network using the standard installation instructions (http://support.bigfix.com/bes/install/besinstall.html) from step 9. And now select the option "Use a production License I already have" and continue the installation. When the BES Server installation is complete, subscribe to each Fixlet site that you are licensed to use by double-clicking on the Fixlet site mastheads and loading them in the BES Console.
After you subscribe to each Fixlet site masthead, you will not be able to actually gather the Fixlets into the database (because of the air gap), and the BES Console will display a status of "Gathering site ...".
After the internal BES Server is set up, download the Make Mirror Archive Tool. This tool will be used for downloading fixlets and compressing them into the format to take to the BES Server. The utility will only need to be run on the Gathering Computer and the files it generates will be manually transfered to the Main BES Server. Keeping the tool and the data on removable media, like a usb key, is preferred.
In order to make Fixlet Content available on the isolated network, it will need to be transferred in from the Gathering Computer. You will run the MakeMirrorArchive.exe on the Gathering Computer and transfer the resulting files to the Main BES Server. Perform the following steps to update the Fixlet content on the BES Server on initial installation and all subsequent updates.
MakeMirrorArchive.exe sitemasthead.efxm
Deploying Fixlets on the main BES Server will likely require downloaded patches and other files from the Internet. Included in the BES Air Gap Package is the BES Download Cacher utility. This utility will help you in downloading and transferring files to the main BES Server. The utility can help to download every patch in a Fixlet site or single file downloads from a url. You can download the current utility here.
Transfering all files from Fixlet sites
BES_Download_Cacher.exe -m <MyMasthead.efxm> -x downloads
If you need to download a single file (instead of all the files of a Fixlet site), use the instructions below:
Transfering a single file
BES_Download_Cacher.exe -u <url> -x downloads
You may need to increase the size of the cache on the main BES Server so that it does not try to empty any files from the cache. Use the BES Download Cacher to increase the size of the cache with the command:
BES_Download_Cacher.exe -c <Cache Size(Bytes)>
The default size is 1024 MB.
After the files are cached in the BES Server sha1 folder, they will be automatically delivered to the BES Relays/BES Clients when you click on an action in the Fixlet message that references a downloaded file. If the file is not cached, the BES Console will give you a status of "Waiting for Mirror Server" indefinitely after you deploy an action. More information about how the BES cache works is available here.