Difference between revisions of "BigFix"

From RiceFamily Wiki
Jump to: navigation, search
(Interesting items)
(Interesting items)
Line 343: Line 343:
 
* [http://bigfix.me/analysis/details/2994754 BitLocker Analysis]
 
* [http://bigfix.me/analysis/details/2994754 BitLocker Analysis]
 
** [https://bigfix-wiki.hcltechsw.com/blogs/bradsexton/entry/Bigfix_Encrypt_your_devices_with_Bitlocker?lang=en_us BigFix - Encryption with Bitlocker is easier now!]
 
** [https://bigfix-wiki.hcltechsw.com/blogs/bradsexton/entry/Bigfix_Encrypt_your_devices_with_Bitlocker?lang=en_us BigFix - Encryption with Bitlocker is easier now!]
 +
** [https://help.hcltechsw.com/bigfix/10.0/mcm/MCM/Config/c_windows_bitlocker.html Windows BitLocker]
 
* [http://bigfix.me/analysis/details/96 BitLocker Events from Logs]
 
* [http://bigfix.me/analysis/details/96 BitLocker Events from Logs]
 
* [http://bigfix.me/fixlet/details/3959 Adjust Console Timeout settings to prevent Error 28's]
 
* [http://bigfix.me/fixlet/details/3959 Adjust Console Timeout settings to prevent Error 28's]

Revision as of 07:17, 9 February 2022

What is BigFix

Short Answer

BigFix is a "Agent Based" system used to securely manage computers without needing to constantly visit each computer.

Long Answer

BigFix is a "Client/Server" based system of managing remote computers. Member computers need to be connected to the network, and can be managed anywhere in the world as long as they are actively connected to a network where they can reach a Relay or the BigFix server. The Server and Clients use Relays as "store and forward" devices to allow a huge amount of computers to be managed by a single BigFix implementation. Console Operators can deploy software to remote computers, including OS Patches and Software installation packages. Authorized Console Operators can create custom Fixlets and Tasks to perform any task on remote computers that can be scripted. Management of Computers can be distributed between multiple "Console Operators" and different levels of access can be assigned via the Role objects.

Components

  • BigFix Servers
  • Console Operators
  • Roles
  • Sites
  • Relays
  • Clients
  • WebUI Server
  • Web Report Server
  • Fixlets/Tasks
  • Analyses
  • Actions

HCL Content

HCL Recently bought BigFix from IBM. This means most all of the links below will need to change. (!!) Perfect time to clean things up and re-organize the collection!

These links are from a recent posting on the Forums and should be a good starting point to fixing the rest of the links.

According to the Forum post, Internet Explorer is NOT supported at the above links.

According to HCL, they are working on providing updated PDF forms of the documentation.

HCL BigFix Technology Partner information can be found HERE

V10 Cloud Functions

Sites

Subjects

Items to Remember

  • RITM2586103 - New Project request so I can get a new VM for the BigFix Test environment. Freaking stupid that I have to request a whole project just to get a new VM for the Test Environment of a FUNCTIONAL system.
  • How will IBM BigFix Patch address new servicing models for Windows 7 and 8.1? (Broken)
  • KB0024021
  • TASK1728858 - Relay Refresh with X3250 and RS140's.
  • RITM1309391 - Decommission request for DEMO & CON1
  • BigFix WebUI
  • RITM1518487 - New DMZ Relay
  • RITM1518488 - New DMZ Relay
  • Root Server Hardware Specs - Discussion about running in a VM
  • TASK2593699 - Requesting Service Account for WebUI DB access.
  • TASK2597919 - Requesting Service Account SQL access required for WebUI functionality based on documentation from IBM.
  • RITM2013089 - SSL Request for Test Environment
  • RITM2118451 - Restore Firewall rule for Relays in DMZ (restoring access from Internet on port 52311)
  • 7Zip 18.05 x64 Update
  • PRJ0064377 - Relay Project
  • KB0029526 - DHTS Work Instructions on Clearing/Resetting a BigFix Relay
  • RITM2240495 - Technical Bridge request for DNS change as part of the switch from Physical to Virtual BigFix servers.
  • Using DSA to replace a BigFix Server
  • KB0030524 - Procedure to generate and install an SSL Cert for the Web Reports server.
  • RITM2589542 - New Cert for ILMT Server
  • PRJ0080342 - Rebuild BigFix Test Environment
  • RITM2638250 - Decommission VML-TEM-ILMT and VML-TEM-DB2
  • RITM2688193 - Request new PACE Relay
  • RITM2688192 - Request new PACE Relay
  • RITM2759511 - Firewall request to allow Server communications into the dc-dhts-non-clinical VRF
  • INC2496211 - Problem adding Group Manager Groups to Local Administrator Groups via Command Line NET LOCALGROUP commands and Power Shell.
  • RITM3374423 - Requested SQL Server be installed on the new SCA server.
  • RITM3380791 - New Project Request for Microsoft SCCM POC
  • RITM3405803 - Decommission two DMZ Relay servers
  • CHG0184584 - Change to Remove BigFix Inventory from Production Environment
  • TASK3771248 - Task to create a "Universal" Encryption property in BigFix for reporting purposes.
  • RITM3835378 - F5 VIP Request for BF-Core
  • Microsoft Windows Update Resources
  • CS0295243 - HCL ticket about systems cycling between Evaluating, Pending Download, and not Relevant.

Active Issues

Tutorials and Training Material

Items to investigate further

Integrations

Diagnostics

Current Issues

Remote Site Relay Hardware

I need to spec out hardware for Relays to place at "Remote" locations. These systems don't need to have massive processors or tons of RAM, they just need a decent network connection, and they need to be cheap.

After a little Googling I found these systems ...

Our Facilities Manager doesn't like them because they don't have Dual Power Supplies. My thought is "that's fine", I plan to use them in an N+1 configuration for each location anyway. If there is even dual power available at a location, we can always connect the even numbered units to one leg of power and the odd numbered units to the other leg of power. If power fails at a site, my guess is most of the workstations will go with it, and there won't be a huge need for the Relays ANYWAY.

The Solutions

It looks like it's going to be a combination of both the RS140 and the X3250 from Lenovo.

  • Lenovo RS140
    • Low Cost
    • Mountable in 2 post rack systems (TelComm Racks)
    • Single Power Supply
  • Lenovo X3250-m5
    • Low Cost
    • Mountable in standard server racks
    • Dual Power Supplies available as an option

History

The search for inexpensive rackable computers with Dual Power Supplies until I can convince someone it's a bad idea.

Relevance

I Want to ...

Content

Utilities

Documentation

Videos

Links

Diagnostics

DSA Server

SCM & SCA Server

  • SCM and SCA
  • Synchronize Checks Wizard
  • Create the check lists using the Wizards and then as the checklists are updated, there are other wizards that can be used to keep them updated.

Performance

Utilities

Logging Documentation

Client

Service Now Items of Note

OS Deployment

SOAP API

REST API Content

IBM AIX Support in BigFix

Custom Content Creation

Interesting items

Client Installation Information

Client Configuration Content

Creating Custom Content

  • exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Sassafras\Install\KeyAccess" of (x64 registries; x32 registries)

Documentation

WebUI Documentation

IEM Component Articles

Tools that might be useful

Pages about odd information

Projects

Support Links

Blogs

Notes