Difference between revisions of "BigFix"

From RiceFamily Wiki
Jump to: navigation, search
(Documentation)
(Interesting items)
 
(118 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
= What is BigFix =
 +
== Short Answer ==
 +
BigFix is a "Agent Based" system used to securely manage computers without needing to constantly visit each computer.
 +
 +
== Long Answer ==
 +
BigFix is a "Client/Server" based system of managing remote computers.
 +
Member computers need to be connected to the network, and can be managed anywhere in the world as long as they are actively connected to a network where they can reach a Relay or the BigFix server. 
 +
The Server and Clients use Relays as "store and forward" devices to allow a huge amount of computers to be managed by a single BigFix implementation.
 +
Console Operators can deploy software to remote computers, including OS Patches and Software installation packages.
 +
Authorized Console Operators can create custom Fixlets and Tasks to perform any task on remote computers that can be scripted.
 +
Management of Computers can be distributed between multiple "Console Operators" and different levels of access can be assigned via the Role objects.
 +
 +
== Components ==
 +
* BigFix Servers
 +
* Console Operators
 +
* Roles
 +
* Sites
 +
* Relays
 +
* Clients
 +
* WebUI Server
 +
* Web Report Server
 +
* Fixlets/Tasks
 +
* Analyses
 +
* Actions
 +
 +
= HCL Content =
 +
HCL Recently bought BigFix from IBM.  This means most all of the links below will need to change. (!!)  Perfect time to clean things up and re-organize the collection!
 +
 +
These links are [https://forum.bigfix.com/t/release-announcement-hcl-bigfix-9-5-product-documentation/31919 from a recent posting on the Forums] and should be a good starting point to fixing the rest of the links.
 +
* [https://help.hcltechsw.com/bigfix/9.5/platform/welcome/BigFix_Platform_welcome.html Platform]
 +
* [https://help.hcltechsw.com/bigfix/9.5/patch/welcome/BigFix_Patch_welcome.html Patch]
 +
* [https://help.hcltechsw.com/bigfix/9.5/lifecycle/welcome/BigFix_Lifecycle_welcome.html Lifecycle]
 +
* [https://help.hcltechsw.com/bigfix/9.5/inventory/welcome/BigFix_Inventory_welcome.html Inventory]
 +
* [https://help.hcltechsw.com/bigfix/9.5/compliance/welcome/BigFix_Compliance_welcome.html Compliance]
 +
* [https://help.hcltechsw.com/bigfix/9.5/webui/welcome/BigFix_WebUI_welcome.html WebUI]
 +
 +
* [https://bigfix-ideas.hcltechsw.com/ HCL BigFix Idea Center]
 +
 +
According to the Forum post, Internet Explorer is NOT supported at the above links.
 +
 +
According to HCL, they are working on providing updated PDF forms of the documentation.
 +
 +
HCL BigFix Technology Partner information can be found [https://www.hcltechsw.com/bigfix/partners HERE]
 +
 +
= V10 Cloud Functions =
 +
* [[BigFix v10 Cloud Functionality]]
 +
* [https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_pluginportal.html The Plugin Portal]
 +
 
= Sites =
 
= Sites =
 +
* [https://www.itcentralstation.com/products/ibm-bigfix-reviews IBM BigFix Review]
 
* [http://Developer.bigfix.com Developer Site]
 
* [http://Developer.bigfix.com Developer Site]
 
* [http://bigfix.me BigFix.Me]
 
* [http://bigfix.me BigFix.Me]
 
* [http://forum.bigfix.com Forums]
 
* [http://forum.bigfix.com Forums]
 +
** [https://forum.bigfix.com/t/bigfix-documentation-resources/12540 Documentation Thread in Forums]
 
* [[BigFix Inventory]]
 
* [[BigFix Inventory]]
 +
* [[IBM License Metric Tool]]
 +
* [https://github.com/jgstew/tools JGStew's Tools]
 +
 +
= Subjects =
 +
* [[IBM BigFix Environment Management]]
 +
* [[IBM Server Automation]]
 +
* [[IBM BigFix Basics]]
 +
* [[BigFix Service Now Integration]]
 +
* [[Configuring SSL Certs for BigFix Components]]
  
 
= Items to Remember =
 
= Items to Remember =
* [https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/How_will_IBM_BigFix_Patch_address_new_servicing_models_for_Windows_7_and_8_1?lang=en How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1?]
+
* RITM2586103 - New Project request so I can get a new VM for the BigFix Test environment.  Freaking stupid that I have to request a whole project just to get a new VM for the Test Environment of a FUNCTIONAL system.
 +
* [https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/How_will_IBM_BigFix_Patch_address_new_servicing_models_for_Windows_7_and_8_1?lang=en How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1?] (Broken)
 
* KB0024021
 
* KB0024021
 
* TASK1728858 - Relay Refresh with X3250 and RS140's.
 
* TASK1728858 - Relay Refresh with X3250 and RS140's.
Line 14: Line 74:
 
* RITM1518488 - New DMZ Relay
 
* RITM1518488 - New DMZ Relay
 
* [https://forum.bigfix.com/t/root-server-hardware-specs/21188/2 Root Server Hardware Specs] - Discussion about running in a VM
 
* [https://forum.bigfix.com/t/root-server-hardware-specs/21188/2 Root Server Hardware Specs] - Discussion about running in a VM
 +
* TASK2593699 - Requesting Service Account for WebUI DB access.
 +
* TASK2597919 - Requesting Service Account SQL access required for WebUI functionality based on documentation from IBM.
 +
* RITM2013089 - SSL Request for Test Environment
 +
* RITM2118451 - Restore Firewall rule for Relays in DMZ (restoring access from Internet on port 52311)
 +
* [https://bigfix.me/fixlet/details/25507 7Zip 18.05 x64 Update]
 +
* PRJ0064377 - Relay Project
 +
* KB0029526 - DHTS Work Instructions on Clearing/Resetting a BigFix Relay
 +
* RITM2240495 - Technical Bridge request for DNS change as part of the switch from Physical to Virtual BigFix servers.
 +
* [[Using DSA to replace a BigFix Server]]
 +
* KB0030524 - Procedure to generate and install an SSL Cert for the Web Reports server.
 +
* RITM2589542 - New Cert for ILMT Server
 +
* PRJ0080342 - Rebuild BigFix Test Environment
 +
* RITM2638250 - Decommission VML-TEM-ILMT and VML-TEM-DB2
 +
* RITM2688193 - Request new PACE Relay
 +
* RITM2688192 - Request new PACE Relay
 +
* RITM2759511 - Firewall request to allow Server communications into the dc-dhts-non-clinical VRF
 +
* INC2496211 - Problem adding Group Manager Groups to Local Administrator Groups via Command Line NET LOCALGROUP commands and Power Shell.
 +
* RITM3374423 - Requested SQL Server be installed on the new SCA server.
 +
* RITM3380791 - New Project Request for Microsoft SCCM POC
 +
* RITM3405803 - Decommission two DMZ Relay servers
 +
* CHG0184584 - Change to Remove BigFix Inventory from Production Environment
 +
* TASK3771248 - Task to create a "Universal" Encryption property in BigFix for reporting purposes.
 +
* RITM3835378 - F5 VIP Request for BF-Core
 +
* [https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-resources Microsoft Windows Update Resources]
 +
* CS0295243 - HCL ticket about systems cycling between Evaluating, Pending Download, and not Relevant.
 +
* RITM4462525 - New ILMT SSL Cert Requested
 +
* RITM4512395 - New WebUI SSL Cert Requested
 +
* RITM5054521 - New WebUI SSL Cert Requested (2023)
 +
* RITM5503316 - Decommissioning 4 Remote Relay Servers running 2012R2
 +
* RITM5523128 - New WebReports SSL Cert Requested (2024/01/10)
 +
* RITM5687282 - New ILMT SSL Cert Request (2024/03/07)
 +
* RITM5913381 - Firewall Requests for ILMT
 +
 +
= Active Issues =
 +
* [[BigFix Server Client Report Ingestion Stalls at Midnight]]
  
 
= Tutorials and Training Material =
 
= Tutorials and Training Material =
Line 27: Line 122:
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Managing%20Pending%20Restart%20and%20automatic%20restart%20of%20endpoints Managing Pending Restart and Automatic Restart of Endpoints]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Managing%20Pending%20Restart%20and%20automatic%20restart%20of%20endpoints Managing Pending Restart and Automatic Restart of Endpoints]
 
* [[Advanced Server Configuration Items]]
 
* [[Advanced Server Configuration Items]]
 +
** Password Restictions
  
 
= Integrations =
 
= Integrations =
 
* [http://www.systemsmanaged.com/upgrading-your-tws-agents-using-ibm-endpoint-manager-2/ BigFix Integration with IBM Workload Scheduler (IWS)]
 
* [http://www.systemsmanaged.com/upgrading-your-tws-agents-using-ibm-endpoint-manager-2/ BigFix Integration with IBM Workload Scheduler (IWS)]
 
* [https://exchange.xforce.ibmcloud.com/hub/extension/IBMBigFix:CVEDashboard BigFix CVE Dashboard]
 
* [https://exchange.xforce.ibmcloud.com/hub/extension/IBMBigFix:CVEDashboard BigFix CVE Dashboard]
 +
* [[BigFix Command Line]]
 +
* [[BigFix and Microsoft SCOM]]
  
 
= Diagnostics =
 
= Diagnostics =
Line 47: Line 145:
 
* [[IBM BigFix Software Distribution|Software Distribtuion]]
 
* [[IBM BigFix Software Distribution|Software Distribtuion]]
 
* [[IBM BigFix Relay Maintenance]]
 
* [[IBM BigFix Relay Maintenance]]
 +
* [[Linux Based Relays Going Off-Line]]
 +
* [https://forum.bigfix.com/t/microsoft-delta-updates-optional/26157 Microsoft Delta Updates]
 +
* https://forum.bigfix.com/t/autopkg-integration-for-mac-os-x/11590
  
 
= Remote Site Relay Hardware =
 
= Remote Site Relay Hardware =
Line 81: Line 182:
 
* string values of selects "MediaLoaded from Win32_CDROMDrive" of wmi
 
* string values of selects "MediaLoaded from Win32_CDROMDrive" of wmi
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Property%20%26%20Relevance%20Examples Examples of Relevance From IBM]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Property%20%26%20Relevance%20Examples Examples of Relevance From IBM]
 +
* [[IBM BigFix Session Relevance]]
  
 
= I Want to ... =
 
= I Want to ... =
 +
* [[Enable SAML 2.0 under BigFix]]
 +
* [[Improve Performance]]
 +
* [[Uninstall software that's not being used]]
 +
* [[Ensure that the BigFix client and Communications are secure]]
 +
* [[Efficiently use BigFix to patch a brand new Computer]]
 
* Know [[How BigFix works]]
 
* Know [[How BigFix works]]
 
* [http://www-01.ibm.com/support/docview.wss?uid=swg21505741 Change where the BigFix Console stores it's Cache data]
 
* [http://www-01.ibm.com/support/docview.wss?uid=swg21505741 Change where the BigFix Console stores it's Cache data]
 
* [[View information about BigFix managed computers]]
 
* [[View information about BigFix managed computers]]
 
* [[Install the BigFix client on Windows]]
 
* [[Install the BigFix client on Windows]]
* [[Install the BigFix clinet on Windows from the DMZ or Outside the Network]]
+
* [[Install the BigFix client on Windows from the DMZ or Outside the Network]]
 
* [[Install the BigFix client on OS X]]
 
* [[Install the BigFix client on OS X]]
 
* [[Install the BigFix clinet on OS X from the DMZ or Outside the Network]]
 
* [[Install the BigFix clinet on OS X from the DMZ or Outside the Network]]
Line 112: Line 219:
 
* [[Deploy an Action the user can trigger or that will start on a schedule]]
 
* [[Deploy an Action the user can trigger or that will start on a schedule]]
 
* [http://www-01.ibm.com/support/docview.wss?uid=swg21636385 Best Practices for Managing Baselines]
 
* [http://www-01.ibm.com/support/docview.wss?uid=swg21636385 Best Practices for Managing Baselines]
 +
* [http://www-01.ibm.com/support/docview.wss?uid=swg21506002 How does BigFix determine if a reboot is required (Windows)]
 +
* [[Detect Apple OS X WDE Encryption Status]]
 +
* [https://forum.bigfix.com/t/number-of-times-and-action-has-run-on-a-client Track number of times a user logs into a computer to install/uninstall software]
  
 
= Content =
 
= Content =
 +
== Utilities ==
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Utilities Utilities Download Page]
 +
* [https://forum.bigfix.com/t/identify-what-web-sites-all-the-fixlets-need-access-to/12176/5 Identify which Web Sites all the Fixlets need access to]
 +
 
== Documentation ==
 
== Documentation ==
 +
=== Videos ===
 +
* [https://www.youtube.com/channel/UCtoLTyln5per0JYzw1phGiQ/videos YouTube BigFix Tech Advisor Channel]
 +
* [https://www.youtube.com/watch?v=6VMGt0Ml-wA BigFix Beyond the Perimeter Considerations when leveraging a DMZ relay]
 +
* [https://www.youtube.com/watch?v=tXRX3zlw1aQ BigFix PeerNest Introduction]
 +
 +
=== Links ===
 +
* [[List of most helpful BigFix links]]
 +
* [https://www.ibm.com/support/knowledgecenter/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Installation/c_list_of_advanced_options.html Advanced Configuration Options]
 +
* [https://www.ibm.com/support/knowledgecenter/en/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Admin_Guide/c_server_settings_definitions.html WebUI Server Settings Definitions]
 +
* [[IBM BigFix Relay Optimization in Large Environments]]
 
* [http://support.bigfix.com/bes/install/quickreference-production.html BigFix Quick Reference Page]
 
* [http://support.bigfix.com/bes/install/quickreference-production.html BigFix Quick Reference Page]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/The%20Basics BigFix Bare Metal OS Deployment]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/The%20Basics BigFix Bare Metal OS Deployment]
Line 142: Line 266:
 
* [https://developer.bigfix.com/action-script/reference/execution/override.html?cm_mc_uid=53326115818414110123250&cm_mc_sid_50200000=1493600088 Override Action Script Command]
 
* [https://developer.bigfix.com/action-script/reference/execution/override.html?cm_mc_uid=53326115818414110123250&cm_mc_sid_50200000=1493600088 Override Action Script Command]
 
* [https://forum.bigfix.com/t/disable-webui-session-timeout/22379/2 Disable WebUI Session Timeout]
 
* [https://forum.bigfix.com/t/disable-webui-session-timeout/22379/2 Disable WebUI Session Timeout]
 +
* [https://www.youtube.com/watch?v=Fy4JWW5qLaY&list=PLQoa632FcODTQk-mpZ9HYwzoEoms1zGaG YouTube Videos about BigFix]
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/Autoselection+Failsafe+Controls Autoselection Failsafe Controls]
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Server%20Migration Server Migration]
  
 
== Diagnostics ==
 
== Diagnostics ==
 
* [https://forum.bigfix.com/t/why-does-a-bigfix-client-sometimes-take-a-long-time-to-do-its-thing/15944 Why does a BigFix client sometimes take a long time to do its thing]
 
* [https://forum.bigfix.com/t/why-does-a-bigfix-client-sometimes-take-a-long-time-to-do-its-thing/15944 Why does a BigFix client sometimes take a long time to do its thing]
 +
 +
== DSA Server ==
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/Distributed+Server+Architecture Distributed Server Architecture]
 +
* [http://blog.viftech.com/ibm-bigfix-distributed-server-architecture-dsa-installation-and-configuration/ IBM BigFix Distributed Server Architecture DSA Installation and Configuration]
 +
* [https://forum.bigfix.com/t/adding-dsa-server/7728 Adding DSA server]
 +
* [[DSA Configuration Considerations]]
 +
* [[Switching the Master Server (Windows)]]
 +
* [https://www.ibm.com/support/knowledgecenter/en/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Installation/c_recovery_dsa_windows.html DSA Recovery - Windows]
 +
* [[Using DSA to replace a BigFix Server]]
 +
* [[BigFix Server Migration]]
 +
 +
== SCM & SCA Server ==
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20and%20SCA SCM and SCA]
 +
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Synchronize%20Custom%20Checks%20wizard Synchronize Checks Wizard]
 +
* Create the check lists using the Wizards and then as the checklists are updated, there are other wizards that can be used to keep them updated.
  
 
== Performance ==
 
== Performance ==
Line 155: Line 297:
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Relays.dat%20Parser Relays.dat Parser]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Relays.dat%20Parser Relays.dat Parser]
 
* [https://github.com/google/macops-planb/blob/master/README.md Mac Ops Plan B]
 
* [https://github.com/google/macops-planb/blob/master/README.md Mac Ops Plan B]
 +
* [https://www.ibm.com/support/knowledgecenter/SS63NW_9.5.0/com.ibm.bigfix.lifecycle.doc/Lifecycle/SWD_Users_Guide/c_migrate_software_repositories.html Migrate Software Repositories]
  
 
== Logging Documentation ==
 
== Logging Documentation ==
* [http://www-01.ibm.com/support/docview.wss?uid=swg21505914 Enable Web Report Logging]
+
* [https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Web_Reports/c_logging_web_reports.html Enable Web Report Logging]
  
 
== Client ==
 
== Client ==
Line 165: Line 308:
 
* RITM0819411/REQ0812148 - Requested DMZ Server for BigFix/Service-Now Test/Dev
 
* RITM0819411/REQ0812148 - Requested DMZ Server for BigFix/Service-Now Test/Dev
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/TEM%20SOAP%20API Tools to interact with BigFix SOAP API]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/TEM%20SOAP%20API Tools to interact with BigFix SOAP API]
* [https://forum.bigfix.com/t/servicenow-anyone/2165/10 FOrums.BigFix.com posting about ServiceNow]
+
* [https://forum.bigfix.com/t/servicenow-anyone/2165/10 Forums.BigFix.com posting about ServiceNow]
 +
* [https://forum.bigfix.com/t/bigfix-service-now-integration-to-invoke-tasks/25708 ServiceNow Integration with BigFix]
 +
* [[BigFix Service Now Integration]]
  
 
== OS Deployment ==
 
== OS Deployment ==
 
* [https://forum.bigfix.com/t/windows-10-in-place-upgrade-feature-is-available-for-bigfix-os-deployment-3-9/16004 OSD 3.9 Announcement]
 
* [https://forum.bigfix.com/t/windows-10-in-place-upgrade-feature-is-available-for-bigfix-os-deployment-3-9/16004 OSD 3.9 Announcement]
 +
 +
== SOAP API ==
 +
* [https://www.ibm.com/developerworks/community/blogs/e9d21113-aa93-467e-ac77-a0d20a21eaec/entry/Session_Relevance_Computer_Properties_query_Efficiency?lang=en Session Relevance Computer Propeties query efficiency]
  
 
== REST API Content ==
 
== REST API Content ==
Line 189: Line 337:
  
 
== Interesting items ==
 
== Interesting items ==
 +
* '(ids of it, values of results of it) of bes properties whose (name of it = "Last Logged on User")'
 
* [[Is today the 2nd Tuesday of the month]]?
 
* [[Is today the 2nd Tuesday of the month]]?
 
* [https://forum.bigfix.com/t/looking-up-information-on-deleted-actions/15041 Undelete Actions via SQL commands]
 
* [https://forum.bigfix.com/t/looking-up-information-on-deleted-actions/15041 Undelete Actions via SQL commands]
Line 201: Line 350:
 
* [[Terminal Services Recommended Settings]]
 
* [[Terminal Services Recommended Settings]]
 
* [http://bigfix.me/analysis/details/2994754 BitLocker Analysis]
 
* [http://bigfix.me/analysis/details/2994754 BitLocker Analysis]
 +
** [https://bigfix-wiki.hcltechsw.com/blogs/bradsexton/entry/Bigfix_Encrypt_your_devices_with_Bitlocker?lang=en_us BigFix - Encryption with Bitlocker is easier now!]
 +
** [https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_windows_bitlocker.html Windows BitLocker]
 
* [http://bigfix.me/analysis/details/96 BitLocker Events from Logs]
 
* [http://bigfix.me/analysis/details/96 BitLocker Events from Logs]
 
* [http://bigfix.me/fixlet/details/3959 Adjust Console Timeout settings to prevent Error 28's]
 
* [http://bigfix.me/fixlet/details/3959 Adjust Console Timeout settings to prevent Error 28's]
Line 266: Line 417:
  
 
== Documentation ==
 
== Documentation ==
 +
* [[List of most helpful BigFix links]]
 +
* [https://www.ibm.com/support/knowledgecenter/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Installation/c_list_of_advanced_options.html List of Advanced Configuration Options]
 +
* [https://www.ibm.com/support/knowledgecenter/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Config/c_config_stngs_overview.html Client Configuration Settings]
 
* [[IBM BigFix Relay Optimization in Large Environments]]
 
* [[IBM BigFix Relay Optimization in Large Environments]]
 
* [ftp://public.dhe.ibm.com/software/tivoli/IEM/9.2/ FTP Server with the BigFix 9.2 Documentation in PDF format]
 
* [ftp://public.dhe.ibm.com/software/tivoli/IEM/9.2/ FTP Server with the BigFix 9.2 Documentation in PDF format]
Line 292: Line 446:
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Relays.dat%20Parser Relays.dat Parser]
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Relays.dat%20Parser Relays.dat Parser]
 
* [https://forum.bigfix.com/t/relay-server-linux-redhat-or-windows-server-2012-r2/15507 FORUM: Windows or Linux Relay]
 
* [https://forum.bigfix.com/t/relay-server-linux-redhat-or-windows-server-2012-r2/15507 FORUM: Windows or Linux Relay]
 +
* [https://www.ibm.com/support/knowledgecenter/en/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Installation/c_list_of_advanced_options.html List of Advanced Options]
 +
 +
== WebUI Documentation ==
 +
* [https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Admin_Guide/WebUI_admin_guide.html WebUI Administration Guide]
 +
* [https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Users_Guide/WebUI_users_guide.html WebUI Users Guide]
 +
* [https://www.ibm.com/support/knowledgecenter/SS63NW_9.5.0/com.ibm.bigfix.lifecycle.doc/ssa_install.htmlSelf Service Application Installation & Configuration Guide]
 +
* [https://www.ibm.com/support/knowledgecenter/SS63NW_9.5.0/com.ibm.bigfix.lifecycle.doc/Lifecycle/Self_Service_Application/SSA_Device_Owners_Guide/c__intro_to_ssa_for_device_owners.html Managing BigFix Offers on Your Device]
 +
* [https://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Users_Guide/c_get_started_with_patches.html Automatic Patching]
  
 
== IEM Component Articles ==
 
== IEM Component Articles ==
Line 307: Line 469:
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Creating%20a%20Null%20Session%20Share Null Session Shares] (not a good idea!)
 
* [https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Creating%20a%20Null%20Session%20Share Null Session Shares] (not a good idea!)
 
* [https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/A_quick_look_at_the_IBM_Endpoint_Security_Strategy?lang=en A quick look at the IBM Endpoint Security Strategy]
 
* [https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/A_quick_look_at_the_IBM_Endpoint_Security_Strategy?lang=en A quick look at the IBM Endpoint Security Strategy]
 +
* [https://developer.ibm.com/answers/questions/368491/how-can-i-clean-out-and-reset-my-bigfix-relay/ How can I clean out and reset my BigFix Relays]
 +
* [[Clean and Reset IBM BigFix Relays]]
 +
* [[IBM BigFix Custom Repositories]]
  
 
= Projects =
 
= Projects =
Line 316: Line 481:
 
* [http://www-03.ibm.com/certify/tests/eduC2150-521.shtml IBM BigFix Certification]
 
* [http://www-03.ibm.com/certify/tests/eduC2150-521.shtml IBM BigFix Certification]
  
 +
== Blogs ==
 +
* [https://www.ibm.com/developerworks/community/blogs/e9d21113-aa93-467e-ac77-a0d20a21eaec BigFix Relevance musings]
 +
* [https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910 BigFix]
 +
 +
= Notes =
 +
* https://forum.bigfix.com/t/add-custom-property-to-relevance-query/26111
 +
 +
[[Category:BigFix]]
 +
[[Category:Tivoli Endpoint Manager]]
 
[[Category:IBM Endpoint Manager]]
 
[[Category:IBM Endpoint Manager]]
 
[[Category:IBM BigFix]]
 
[[Category:IBM BigFix]]
 +
[[Category:Work]]

Latest revision as of 16:12, 19 August 2024

What is BigFix

Short Answer

BigFix is a "Agent Based" system used to securely manage computers without needing to constantly visit each computer.

Long Answer

BigFix is a "Client/Server" based system of managing remote computers. Member computers need to be connected to the network, and can be managed anywhere in the world as long as they are actively connected to a network where they can reach a Relay or the BigFix server. The Server and Clients use Relays as "store and forward" devices to allow a huge amount of computers to be managed by a single BigFix implementation. Console Operators can deploy software to remote computers, including OS Patches and Software installation packages. Authorized Console Operators can create custom Fixlets and Tasks to perform any task on remote computers that can be scripted. Management of Computers can be distributed between multiple "Console Operators" and different levels of access can be assigned via the Role objects.

Components

  • BigFix Servers
  • Console Operators
  • Roles
  • Sites
  • Relays
  • Clients
  • WebUI Server
  • Web Report Server
  • Fixlets/Tasks
  • Analyses
  • Actions

HCL Content

HCL Recently bought BigFix from IBM. This means most all of the links below will need to change. (!!) Perfect time to clean things up and re-organize the collection!

These links are from a recent posting on the Forums and should be a good starting point to fixing the rest of the links.

According to the Forum post, Internet Explorer is NOT supported at the above links.

According to HCL, they are working on providing updated PDF forms of the documentation.

HCL BigFix Technology Partner information can be found HERE

V10 Cloud Functions

Sites

Subjects

Items to Remember

  • RITM2586103 - New Project request so I can get a new VM for the BigFix Test environment. Freaking stupid that I have to request a whole project just to get a new VM for the Test Environment of a FUNCTIONAL system.
  • How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1? (Broken)
  • KB0024021
  • TASK1728858 - Relay Refresh with X3250 and RS140's.
  • RITM1309391 - Decommission request for DEMO & CON1
  • BigFix WebUI
  • RITM1518487 - New DMZ Relay
  • RITM1518488 - New DMZ Relay
  • Root Server Hardware Specs - Discussion about running in a VM
  • TASK2593699 - Requesting Service Account for WebUI DB access.
  • TASK2597919 - Requesting Service Account SQL access required for WebUI functionality based on documentation from IBM.
  • RITM2013089 - SSL Request for Test Environment
  • RITM2118451 - Restore Firewall rule for Relays in DMZ (restoring access from Internet on port 52311)
  • 7Zip 18.05 x64 Update
  • PRJ0064377 - Relay Project
  • KB0029526 - DHTS Work Instructions on Clearing/Resetting a BigFix Relay
  • RITM2240495 - Technical Bridge request for DNS change as part of the switch from Physical to Virtual BigFix servers.
  • Using DSA to replace a BigFix Server
  • KB0030524 - Procedure to generate and install an SSL Cert for the Web Reports server.
  • RITM2589542 - New Cert for ILMT Server
  • PRJ0080342 - Rebuild BigFix Test Environment
  • RITM2638250 - Decommission VML-TEM-ILMT and VML-TEM-DB2
  • RITM2688193 - Request new PACE Relay
  • RITM2688192 - Request new PACE Relay
  • RITM2759511 - Firewall request to allow Server communications into the dc-dhts-non-clinical VRF
  • INC2496211 - Problem adding Group Manager Groups to Local Administrator Groups via Command Line NET LOCALGROUP commands and Power Shell.
  • RITM3374423 - Requested SQL Server be installed on the new SCA server.
  • RITM3380791 - New Project Request for Microsoft SCCM POC
  • RITM3405803 - Decommission two DMZ Relay servers
  • CHG0184584 - Change to Remove BigFix Inventory from Production Environment
  • TASK3771248 - Task to create a "Universal" Encryption property in BigFix for reporting purposes.
  • RITM3835378 - F5 VIP Request for BF-Core
  • Microsoft Windows Update Resources
  • CS0295243 - HCL ticket about systems cycling between Evaluating, Pending Download, and not Relevant.
  • RITM4462525 - New ILMT SSL Cert Requested
  • RITM4512395 - New WebUI SSL Cert Requested
  • RITM5054521 - New WebUI SSL Cert Requested (2023)
  • RITM5503316 - Decommissioning 4 Remote Relay Servers running 2012R2
  • RITM5523128 - New WebReports SSL Cert Requested (2024/01/10)
  • RITM5687282 - New ILMT SSL Cert Request (2024/03/07)
  • RITM5913381 - Firewall Requests for ILMT

Active Issues

Tutorials and Training Material

Items to investigate further

Integrations

Diagnostics

Current Issues

Remote Site Relay Hardware

I need to spec out hardware for Relays to place at "Remote" locations. These systems don't need to have massive processors or tons of RAM, they just need a decent network connection, and they need to be cheap.

After a little Googling I found these systems ...

Our Facilities Manager doesn't like them because they don't have Dual Power Supplies. My thought is "that's fine", I plan to use them in an N+1 configuration for each location anyway. If there is even dual power available at a location, we can always connect the even numbered units to one leg of power and the odd numbered units to the other leg of power. If power fails at a site, my guess is most of the workstations will go with it, and there won't be a huge need for the Relays ANYWAY.

The Solutions

It looks like it's going to be a combination of both the RS140 and the X3250 from Lenovo.

  • Lenovo RS140
    • Low Cost
    • Mountable in 2 post rack systems (TelComm Racks)
    • Single Power Supply
  • Lenovo X3250-m5
    • Low Cost
    • Mountable in standard server racks
    • Dual Power Supplies available as an option

History

The search for inexpensive rackable computers with Dual Power Supplies until I can convince someone it's a bad idea.

Relevance

I Want to ...

Content

Utilities

Documentation

Videos

Links

Diagnostics

DSA Server

SCM & SCA Server

  • SCM and SCA
  • Synchronize Checks Wizard
  • Create the check lists using the Wizards and then as the checklists are updated, there are other wizards that can be used to keep them updated.

Performance

Utilities

Logging Documentation

Client

Service Now Items of Note

OS Deployment

SOAP API

REST API Content

IBM AIX Support in BigFix

Custom Content Creation

Interesting items

Client Installation Information

Client Configuration Content

Creating Custom Content

  • exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Sassafras\Install\KeyAccess" of (x64 registries; x32 registries)

Documentation

WebUI Documentation

IEM Component Articles

Tools that might be useful

Pages about odd information

Projects

Support Links

Blogs

Notes