Following are the best practices for maintaining the BigFix Relay health. These should be verified periodically in every deployment.
BigFix Clients must connect to either the BigFix Server or a BigFix Relay to gather the latest information about Fixlets and actions, download files, and post their information. In most deployments of BigFix, especially mid to large deployments, it is recommended that all the BigFix Clients use a BigFix Relay instead of using the BigFix Server. This tends to lead to better performance because the BigFix Clients can get the latest actions and download files faster and as a result, you see the BigFix Client action status update quickly. If some BigFix Clients are using the BigFix Server instead of a BigFix Relay, it is not necessarily a problem, but it is recommended that as few BigFix Clients report directly to the BigFix Server as possible to free up the BigFix Server for other tasks.
The easiest way to verify which BigFix Clients are using BigFix Relays is to use the Relay column in the BigFix Console. Look in the BigFix Console under the "Computers" tab. On the left, expand the "By Retrieved Properties" section and expand the "By Relay" filter (if you don't see the "By Relay" filter, right-click on the column headings and make sure "Relay" is checked). This will show you the breakdown of where the BigFix Clients are currently reporting. A healthy deployment will have very few computers reporting to the DNS name of the BigFix Server (except the BigFix Relays).
Note: The "Primary BigFix Relay" and "Secondary BigFix Relay" show which BigFix Relays the BigFix Clients are supposed to choose if they are set to manual relay selection and the "Relay" column shows which BigFix Relay the BigFix Client currently has selected.
There can be a number of reasons why the BigFix Clients are not currently reporting to a BigFix Relay:
Information on how to troubleshoot these issues and more are available at: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=182.
One of the primary benefits of BigFix Relays is that they can server as "distribution points" for large files, such as patches or applications. This ability allows for greatly reduced network usage especially across slow WAN pipes (the files are distributed to the BigFix Relay across the WAN and distributed from the BigFix Relay to the BigFix Clients locally). However, BigFix Clients must be properly set up to use the local BigFix Relay otherwise you will use more WAN bandwidth than necessary. You can set BigFix Clients to either automatically find their closest BigFix Relay based on network hops or manually select a BigFix Relay for BigFix Clients (in general automatic BigFix Relay selection is recommended because it simplifies administration).
There are two basic ways to verify that the BigFix Clients are using a nearby BigFix Relay:
One of the main benefits of BigFix Relays is that they act as distribution points for files so that the main BigFix Server does not have to provide the file to each BigFix Client, but if there are too many BigFix Clients pointing at any single BigFix Relay, the BigFix Relay will become swamped when an action is sent out (especially if the file is big). This will cause actions to take longer to deploy while the BigFix Clients are waiting to get the files from the BigFix Relays. In most deployments, an optimal number of BigFix Clients reporting to each BigFix Relay is between 500-1000. Most BigFix Relay computers can handle a larger number of BigFix Clients and BigFix will function properly if there are more than 1000 BigFix Clients per BigFix Relay, but the results will not be optimal. Note that a very powerful BigFix Relay computer can certainly handle more BigFix Clients than an older and less powerful computer, but since the BigFix Relay is heavily constrained by bandwidth, the difference in performance between a more powerful and less powerful BigFix Relay computer is not extremely significant.
In the BigFix Console, click on the Computers tab and expand the By Retrieved Properties > By Relay filter. This will list each BigFix Relay that is being used along with how many BigFix Clients are reporting to each BigFix Relay.
If you are using manual relay selection and there are too many BigFix Clients using a BigFix Relay, then you should assign some of your BigFix Clients to a different BigFix Relay to reduce the load. If too many BigFix Clients are using a BigFix Relay and they are set to automatic relay selection, then you can add a BigFix Relay to the same subnet as the other BigFix Relay and the BigFix Clients will automatically distribute themselves among all BigFix Relays the same distance apart. Alternately, you can set BigFix Clients to manually point to a specific BigFix Relay if necessary.
In most deployments, especially smaller deployments, all BigFix Relays should be manually assigned to point directly back to the BigFix Server. Alternately, if there are many BigFix Relays, it is a good idea to have one BigFix Relay computer designated as a "top level" BigFix Relay and all the other BigFix Relays can point directly to the top level BigFix Relay. Note that unless there is a compelling network bandwidth limitation, it is generally better to have as few levels to the BigFix Relay as possible because each level introduces a little bit of latency for the BigFix Client reporting. BigFix Relays should not use automatic BigFix Relay selection.
In the BigFix Console, click on the Computers tab and expand the By Retrieved Properties > By Relay Installed > Yes > By Relayfilter. This will list the BigFix Relays the each of the BigFix Relays are using.
If the BigFix Relay hierarchy is not set properly, set the BigFix Relays to all manually point to a top level BigFix Relay or the main BigFix Server.
Putting a BigFix Relay in each location with a slow WAN link is vital to save bandwidth; however, if the BigFix Relay computer is turned off, crashes, loses network connectivity, or for any reason is inaccessible, then the BigFix Clients will attempt to find their next closest BigFix Relay and if this occurs during an action push, you will potentially overwhelm the WAN pipe. One way to reduce the risk of this is to set up redundant BigFix Relays in each location that is connected over a slow WAN pipe. In this case, if one BigFix Relay goes down, the other local BigFix Relay will be used by the BigFix Clients.
In order to verify this, you will need a subnet property or location property setup that will allow you to get an idea of the location of the BigFix Relays. You will also need to know which subnets/location are connected through a slow pipe. With this information, you can open the BigFix Console, click on the Computers tab and expand the By Retrieved Properties > By Relay Installed > Yes > By Location/BySubnet filter. This will show how many BigFix Relays are in each location.
You will need to add redundant BigFix Relays as necessary for each location.