IBM Bigfix also known as TEM (Tivoli EndPoint Manager), IEM (IBM EndPoint Manager)

First install Redhat (also supported on Windows)

/var/opt/BESServer               20GB
/var/opt/BESWebReportsServer      3GB
/home/db2inst1                   30GB   # DB2 home dir and DB
/opt                              2GB
/opt/ibm/LMT                      2GB
/opt/ibm/db2                      4GB   # DB2 bin
/opt/BESWebUI                     1GB 
/backup                          20GB

Ensure that on Red Hat Enterprise Linux 8.0 the libnsl.so.1 and libstdc++.so.6 libraries are installed

ilmtsrv:$ bigfix_backup.ksh
#!/usr/bin/ksh
#==================================================================================
#
# FILE:    bigfix_backup.ksh
#
# PURPOSE: Backup BigFix + ILMT Server
#
# AUTHOR:
#
# PARAMETERS:
#
# SAMPLES:
#
#==================================================================================

backup_bigfix()
{
echo "**********************************"
echo "***** Stopping BigFix Server *****"
echo "**********************************"
date '+%Y-%m-%d %H:%M:%S'
/etc/init.d/LMTserver stop
/etc/init.d/besfilldb stop
/etc/init.d/besgatherdb stop
/etc/init.d/besserver stop
/etc/init.d/beswebreports stop
/etc/init.d/besclient stop
echo "**********************************"
echo "***** Removing old backups   *****"
echo "**********************************"
date '+%Y-%m-%d %H:%M:%S'
rm -f /backup/BFENT*
rm -f /backup/BESREPOR*
rm -f /backup/TEMADB*
echo "**********************************"
echo "***** Backup DB2 to disk     *****"
echo "**********************************"
date '+%Y-%m-%d %H:%M:%S'
/usr/sbin/runuser -l db2inst1 -c "db2 backup db BFENT to /backup"
/usr/sbin/runuser -l db2inst1 -c "db2 backup db BESREPOR to /backup"
/usr/sbin/runuser -l db2inst1 -c "db2 backup db TEMADB to /backup"
echo "**********************************"
echo "***** Backup to disk          *****"
echo "**********************************"
date '+%Y-%m-%d %H:%M:%S'
tar cvf /backup/BESClient.tar /var/opt/BESClient
tar cvf /backup/BESServer.tar /var/opt/BESServer
tar cvf /backup/BESWebReportsServer.tar /var/opt/BESWebReportsServer
tar cvf /backup/misc.tar /etc/opt/BESServer/actionsite.afxm /var/.com.zerog.registry.xml
tar cvf /backup/LMT.tar /opt/ibm/LMT
echo "**********************************"
echo "***** Startting BigFix Server ****"
echo "**********************************"
date '+%Y-%m-%d %H:%M:%S'
/etc/init.d/besfilldb start
/etc/init.d/besgatherdb start
/etc/init.d/besserver start
/etc/init.d/beswebreports start
/etc/init.d/besclient start
/etc/init.d/LMTserver start
date '+%Y-%m-%d %H:%M:%S'
}

#################
# Main
#################
backup_bigfix > /tmp/backup.log 2>&1

Download BESClient from

http://support.bigfix.com/bes/release/

Space used on filesystems

/opt/BESClient 200MB
/var/opt/BESClient 200MB or more
/var/opt/BESCommon 50MB
/var/opt/BESRelay 30GB

Get the masterhead file from BigFix server:

wget --no-check-certificate -O /etc/opt/BESClient/actionsite.afxm https://<server_ip>:52311/masthead/masthead.afxm

Or

On the server the masthead.afxm file location: /var/opt/BESClientDeployTool/BigFixInstallSource/ClientInstaller/masthead.afxm

Copy the server file masthead.afxm to the client created folder /etc/opt/BESClient and rename it as actionsite.afxm

Then install the client:

rpm --nosignature -Uhv BESAgent.rpm  

(same version as server) and start the service

/etc/rc.d/init.d/besclient start

You 'll find the installation logs into the folder

/var/opt/BESClient/__BESData/__Global/Logs/

Download the BigFix package and extract it. Put in the same folder the file named masthead.afxm, and install the client package, the masthead file 'll be automatically loader

Installation path is : “C:\Program Files(x86)\BigFix Entreprise\BES Client\”

https://developer.bigfix.com/rest-api/iem_cli/iem_samples.html

Ex: command line

[root@BIGFIXSRV]# /opt/BESServer/bin/iem login --server=10.10.10.137:52311 --user=IEMAdmin --password=password
Server  : 10.10.10.137:52311
User    : IEMAdmin

The security certificate used by 10.10.10.137 is not trusted. Do you want to trust security certificates signed by IBM_Endpoint_Manager when connecting to 10.10.10.137?[Y/N]: Y
Successfully logged in to server!

[root@BIGFIXSRV]# /opt/BESServer/bin/iem get help
/api/action
/api/actions
/api/admin
/api/analyses
/api/analysis
/api/authenticate
/api/clientquery
/api/clientqueryresults
/api/computer
/api/computergroup
/api/computergroups
/api/computers
/api/dashboardvariable
/api/dashboardvariables
/api/fixlet
/api/fixlets
/api/help
/api/import
/api/ldapdirectories
/api/ldapdirectory
/api/login
/api/mailbox
/api/operator
/api/operators
/api/properties
/api/property
/api/query
/api/replication
/api/role
/api/roles
/api/samlprovider
/api/samlproviders
/api/serverinfo
/api/session
/api/site
/api/sites
/api/task
/api/tasks
/api/upload
/api/uploads
/api/webreports
/api/webui-app
/api/webui-apps
/api/webui-content-upgrade-status
/api/webui-sites
/api/webui-using-local-config
/api/webui-variables

[root@BIGFIXSRV]# /opt/BESServer/bin/iem  get ldapdirectories
<?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BESAPI.xsd">
        <LDAPDirectory Resource="https://10.10.10.137:52311/api/ldapdirectory/140">
                <ID>140</ID>
                <Name>My LDAP Server</Name>
                <IsActiveDirectory>false</IsActiveDirectory>
                <UseSSL>true</UseSSL>
                <BaseDN>dc=mydom,dc=tst</BaseDN>
                <UIDAttribute>uid</UIDAttribute>
                <UserFilter>(objectClass=account)</UserFilter>
                <GroupFilter>(objectClass=organizationalUnit)</GroupFilter>
                <User>cn=Manager,dc=mydom,dc=tst</User>
                <Servers>
                        <Server>
                                <Host>10.10.10.11</Host>
                                <Port>636</Port>
                                <Priority>0</Priority>
                        </Server>
                </Servers>
        </LDAPDirectory>
</BESAPI>

Optional you can install for windows only “Session Relevance Editor”

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Session%20Relevance%20Editor

Fixlet Debugger can be used to extract informations:

[root@BIGFIXSRV]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm

Q: total space of filesystem "/opt"
A: 1023303680
T: 318

Q: properties of type "filesystem"
A: name of <filesystem>: string
A: volume of <filesystem>: string
A: size of <filesystem>: integer
A: total space of <filesystem>: integer
A: free space of <filesystem>: integer
A: used space of <filesystem>: integer
A: free percent of <filesystem>: integer
A: used percent of <filesystem>: integer
A: file count of <filesystem>: integer
A: free file count of <filesystem>: integer
A: used file count of <filesystem>: integer
A: type of <filesystem>: string
A: mount point of <filesystem>: string
A: device name of <filesystem>: string
A: fstype of <filesystem>: string
A: filesystem type of <filesystem>: string
A: mount option of <filesystem>: string
A: block size of <filesystem>: integer
A: uuid of <filesystem>: string
T: 7209

Q: lines whose (it as lowercase contains "root") of file "/etc/security/limits"
E: Singular expression refers to nonexistent object.
T: 228

Q: exists filesystem "/var"
A: True
T: 7531

Q: lines whose (it as lowercase contains "root") of file "/etc/security/limits"
E: Singular expression refers to nonexistent object.
T: 302

Q: names of sites
A: BES Asset Discovery
A: BES Inventory and License
A: BES Support
A: BigFix Labs
A: IBM License Reporting
A: Patches for RHEL 7
A: Patching Support
A: Server Automation
A: Software Distribution
A: actionsite
A: mailboxsite
A: opsite10
T: 3046

Q: type of site whose (name of it is "BES Support")
A: Fixlet Site
T: 4690

Q: (name of it, type of it, version of it) of sites
A: BES Asset Discovery, Fixlet Site, 96
A: BES Inventory and License, Fixlet Site, 179
A: BES Support, Fixlet Site, 1301
A: BigFix Labs, Fixlet Site, 51
A: IBM License Reporting, Fixlet Site, 94
A: Patches for RHEL 7, Fixlet Site, 132
A: Patching Support, Fixlet Site, 720
A: Server Automation, Fixlet Site, 65
A: Software Distribution, Fixlet Site, 77
A: actionsite, Master Action Site, 92
A: mailboxsite, Mailbox Site, 0
A: opsite10, Operator Site, 1
T: 499

BigFix diagnistic

https://<bigfix_server>:52311/rd

BigFix help for CLI (command line)

https://<bigfix_server>:52311/api/help

Example BigFix help for CLI

# List all ID computers
https://<bigfix_server>:52311/api/computers
# Detail info about a computer
https://<bigfix_server>:52311/api/computer/4194896

If you relocate the server to a different IP address but the name in the Masthead remains the same then you should have no issues other than you will have endpoints whose DNS caching will have the older address. The issue could be mitigated by upper level relays as they would be the only ones contacting the server directly so you could manually clear their DNS caches. Console users would also need to shut down and restart.