IBM Support

Can the Microsoft SQL Server database exist on a separate computer from the Tivoli Endpoint Manager (TEM) Server?

Technote (troubleshooting)


Problem(Abstract)

The following will guide you through Remote Database setup and configuration.

Resolving the problem

You can setup a remote database for the TEM Server using the graphical user interface during the initial installer Setup process. The following guide will describe how you can manually set and check database authentication, TEM services, and ODBC connections.

You must decide how you want your TEM Application services to authenticate and connect to the remote database. There are three server authentication options: the first two are flavors of NT and the third is SQL. Because it is more secure, IBM recommends NT Authentication.

Using NT Authentication with Domain Users or User Groups

When using this technique, the TEM Server uses the specified domain user or a member of the specified user group to access the database. To authenticate your TEM Server using Domain Users/User Groups, follow these steps:

  1. Create a service account user or user group in your Active Directory domain. For an NT user group, add authorized domain users to this group.
  2. Use Microsoft SQL Server Management Studio under Security > Logins, create a login for the domain service account user or user group, with a default database of BFEnterprise, and give this login System Admin (sa) authority.
    **System Admin authority is required in order for operator account creation, product upgrades, and other Administrative processes.
  3. On the TEM Server, change the LogOn settings for the BES FillDB, GatherDB, Web Reports Server, and RootServer services to the domain user or member of the user group created above
  4. Restart the service.

Using SQL Authentication

When using this technique the TEM Server has settings as registry values for SQL authentication including a login name and password. Be aware that the password for this account is stored in clear-text under the HKLM branch of the registry on the TEM Server. To authenticate your TEM Server using SQL Authentication, follow these steps:

  1. Choose a single login name (for example, 'besserverlogin'), and a single password.
  2. Use Microsoft SQL Server Management Studio under Security > Logins to create a login with this name. Chose SQL Server Authentication as the authentication option and specify the password. Change the default database to BFEnterprise and grant it System Admin (sa) authority.
    **System Admin authority is required in order for operator account creation, product upgrades, and other Administrative processes.
  3. On the TEM Server, add the following String values under the following keys
    HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Database
    HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\FillAggregateDB
    HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise
    Server\FillAggregateDB\RemoteDatabases\DBINSTANCENAME
    **Note: For 64bit installations see the following:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\Enterprise Server\.
    
    User = [login name] 
    Password = [password] 
  4. Restart the BigFix FillDB service.

ODBC Connections

The ODBC connections for the deployment should also refer to the remote database name rather than 'local' for bes_bfenterprise, bes_EntepriseServer, LocalBESReportingServer, and enterprise_setup. The authentication type also needs to be modified accordingly in the ODBC connections for the TEM Server.

Please see the following detailed ODBC Guide:
www.ibm.com/developerworks/mydeveloperworks/wikis/home/wiki/Tivoli%20Endpoint%20Manager/page/Database%20ODBC%20Configuration?lang=en

Please see the following important links for Remote Database installations:

Historical Number

215

Document information

More support for: IBM BigFix family

Software version: All Versions

Operating system(s): Platform Independent

Reference #: 1505841

Modified date: 20 April 2015


Translate this page: