Overview of the IBM BigFix Remote Control system
The IBM® BigFix® Remote Control system includes the following main components:
- IBM BigFix Remote Control Target
- The target is installed on every computer that you want to control remotely with IBM BigFix Remote Control. It listens for connection requests
that come from the controller. You can also start a remote control session over the internet with a
target, by using a broker.
Targets that are outside of your intranet can be configured to register their details with the server. Sessions with these targets are managed by server policies. The targets must be deployed with the Managed property set to Yes. The ServerURL and BrokerList properties must also be configured. Targets can also be configured so that they do not send their details to the server. These targets are classed as unregistered targets. You can install the target software and set the Managed property to No. The BrokerList property must also be set. You can also use the on-demand target features to start a remote control session with a computer that does not have any target software preinstalled. Server policies are used to manage the on-demand sessions. The target software is deleted at the end of the session. For information about target requirements, see Target requirements.
- IBM BigFix Remote Control Controller
- The controller can be installed by using the Fixlet, or by using the installer that is provided for use in peer-to-peer sessions. It can also be launched in context from the remote control server or the IBM BigFix Remote Control console. In all instances, the controller can be used to allow the user to control a remote computer on which the remote control target is installed. The controller delivers an interface to several actions, available to the controller user, like remote control, guidance, chat, file transfer, collaboration, and many more. For information about controller requirements, see Controller requirements.
- IBM BigFix Remote Control Server
- A web application that manages all the deployed targets that are configured for managed mode and
to point to the IBM BigFix Remote Control Server 's
URL. You can deploy it on an existing WebSphere® server,
or install it by using the installer package along with an embedded version of WebSphere. The server listens for HTTP or HTTPS connections by default.
When it is installed with the embedded WebSphere option,
WebSphere it listens on ports 80 and 443. When it is
deployed on top of an existing WebSphere server, the
IBM BigFix Remote Control server listens on ports 9080
and 9443. The server requires a database server: embedded Derby, only for proof of concept
deployments; DB2®, SQL Server, and Oracle are the supported
options. Additionally, it can also be configured to synchronize and authenticate user and group data
from an LDAPv3 server, such as Active Directory or Tivoli Directory Server. This deployment scenario
has the same networking characteristics as peer-to-peer. Therefore, direct TCP connectivity is
required between all the controllers and all the targets. However, the IBM BigFix Remote Control server provides a method of
centralized, and finer, policy control, where targets can have different policies that are
determined by the user who is trying to start the remote control session. The Server also provides
for centralized audit and storage of full session automatic recordings. In this scenario, the
controller is not a stand-alone application, but is started as a Java™ Web Start application from the IBM BigFix Remote Control server's web interface to start the
remote control session. Note: Peer-to-peer and managed are not exclusive modes. You can configure the IBM BigFix Remote Control target in the following ways:
- To be strictly managed.
- To fail back to peer-to-peer mode when the server is not reachable.
- To accept both peer-to-peer and managed remote control sessions.
The following components can be used only in managed mode:
- IBM BigFix Remote Control CLI tools
- CLI tools are always installed as part of the target component but you can also install them
separately. The CLI provides command-line tools for the following tasks:
- Script or integrate the launch of managed remote control sessions.
- Run remote commands on computers with the managed target installed.
- IBM BigFix Remote Control Gateway
- A service that is installed in computers in secure network boundaries, where there is strict control of traffic flows between the secure networks. For example, the firewall at the boundary allows only traffic between a pair of specific IP address and ports. In these scenarios, a network of gateways can be deployed. The gateway routes and tunnels the remote control traffic from the controller, which is located in a particular network zone, to the target that is in a different network zone. The gateway is a native service that can be installed on a computer that has a Windows or Linux operating system installed. It does not have a default port for listening, although 8881 is a usual choice, and can be configured for multiple incoming listening ports and outgoing connections.
- IBM BigFix Remote Control Broker
- A service that is installed in computers typically in a DMZ so that computers outside the enterprise network, in an Internet cafe or at home, can reach it. The IBM BigFix Remote Control broker receives inbound connections from the controller and the target and tunnels the remote control session data between the two components. The broker is a native service that can be installed on a Windows or a Linux computer. It does not have a default port for listening, but 443 is a recommended option because usually this port is open for outbound connections and has fewer issues with content filtering than, for example, 80 would have.