What is IBM Bigfix? Tutorial for Beginners – Learn From Home

Last updated on 31st May 2020, Blog, Tutorials

What is IBM BigFix Platform? 

IBM BigFix Platform is a multilayered platform which is an integral part of the Global Information Technology Infrastructure. It helps in the management of computers running on different operating systems. IBM BigFix is actually a dynamic and content-driven management system which itself allocates the work of IT Infrastructure management to the managed device, i.e agents. 

Why do we need BigFix?

One of the best ways of securing a business enterprise is applying better security to portholes, vulnerabilities points and the endpoints which if left open may create a big network disaster.  IBM BigFix is the most effective method for Endpoint security and critical business assets management. 

IBM BigFix follows 3 principals  as mentioned below: 

Find it: Firstly, it will identify the endpoints which are not being managed properly and after that by using real-time visibility, it will find out the errors.

Fix it: Once the issues are identified, it will apply the patches across different endpoints to fix the issues. 

Secure it: Monitor and enforce security compliance with operational, regulatory, and security policies and respond back to the threats in a proactive manner. 

IBM BigFix monitors every endpoint continuously to identify the issues and threats so that it can enforce compliance with operational, regulatory and security policies.  This solution works effectively even at the remote locations with minimum bandwidth. IBM BigFix platform is designed on the world’s biggest security portfolio to provide real-time security. It provides the clients with real-time updates of each endpoint present on the network. 

Real life issues you can fix through IBM BigFix platform:

• You can manage the distributed endpoints in a better way  ( on and off the network).
• Automate the server management operations like Sequenced Server Builds and Cluster Server Patching. 
• Cost effective and makes sure that business is securing and managing every endpoint present in the business environment. 

The Architecture of IBM BigFix

The BigFix Architecture allows the authenticated user to allocate the software patches and configuration settings in a faster and easier manner.  To run the BigFix Architecture, a user must have a 64-bit Windows operating system with access to BigFix server. 

IBM Endpoint  Architecture supports the following components:

IBM Endpoint Manager Clients

Clients are also referred to agents which are installed on the different computers which users want to manage through IBM Endpoint Manager. Clients access the collection of Fixlet which identifies configuration errors, security loopholes, and the other issues. After that, it deploys the corrective measures to fix issues that are received by console via server. IBM Endpoint Manager allows the administrator to revert to screen prompts for actions which need input from users.  The client can also encrypt communication to protect confidential information.  

IBM Endpoint Manager Servers

IBM Endpoint Manager server is the collection of the web server, database server and application services, which is a backbone of IEM.  It manages the information flow to and from the computer and saves outcomes in the IEM database. The components of the server can work solely without any interference from the side of the administrator, it also includes the web reporting through which the authenticated users can check all the details about the computer, actions, and vulnerabilities via web browser.

IBM Endpoint Manager Relays

It Improves the system efficiency by allowing the clients to send a download request to relay, instead of the server, which later sends a single request to the server for downloads.  One relay can be connected to others to improve efficiency.  A user can install relay software on any windows server on which the IEM client manager is installed.

IBM Endpoint Manager Consoles

It joins all the components together for providing a wide-view of the system, which includes the different computers present in the network, along with their issues and corrective measures.  IEM console allows the authenticated users to allocate the fixes to affected computers without interrupting the other computers present in the network. 

Features of IBM Big Fix:

Below  are the features supported by IBM BigFix platform:

A single intelligent agent:

A single Intelligent agent helps to regularly monitor the endpoint states with respect to the policies mentioned, whether they are connected to the internet or not.  It only uses the 10 MB of RAM, thus easy to install and manage on different computers (also known as the client).  When the agent identifies that the target is out of compliance with a checklist or policy, it immediately notifies the server, starts the configured remediation process, and informs the server of task status. Most of the time, agents are able to operate without any user interference. But, if the user’s feedback is necessary, you can have the screen prompts.

A single console:

With the help of a single console, you can effectively manage a particular solution you are using such as security configuration, endpoint protection, system lifecycle management, and vulnerability management.  If you are an operator having some specific privileges, a single console allows you to fix the problems of the specific computers over the network that require the solution without affecting the working entire network.

A single server:

It manages the information flow to and from the particular client and saves the output in the database. It helps the operator in the maintenance of real-time visibility and allows the operator to have control over the different devices. It also helps in managing the policy based content. Content is shared in the form of messages which are referred to Fixlet. Content Delivery Cloud-based service is used by the agents for updating the content on a regular basis as the agent is responsible for the content analysis and processing. A single server is able to manage around 250000 endpoints.

Optionally one or more relays:

It helps in managing the policy content and distributed devices. A relay is referred to as the client and is responsible for taking all the actions necessary for protecting the host computer. Also, it provides the software download and content delivery to sub-relays. Instead of using the server. The relay can be used to which the different clients can send the download request and later the relay can generate a single request which will be sent to the server, which reduces the network congestion. To increase efficiency, you can connect different relays to each other.

Optionally, a secondary server:

A Disaster Server Architecture (DSA) server can be used for replicating the server details for disaster recovery.  In simple words, if the IBM BigFix server fails, then another similar server can take its place and perform all the functions.

Web reports: 

Web reports can help you to generate the graphs and charts of your data in the form of hardcopy.  It also helps you to export the data to a database or spreadsheet for additional manipulation. With web reports, a user can maintain the audit trail of all the content activities performed in the network. 

Benefits of IBM BigFix

• It allows users to have an extremely successful patching program. Reduces the network traffic while the user downloads the patches by downloading the patch to the central location and then to a particular site by using the relay. 
• Allows users to deploy the required security capabilities faster. IBM BigFix can be used to deploy drivers, update systems, and manage the information.
• Fix the malware, viruses, and spyware. A user can instantly patch all endpoints that require antivirus or scans. 
• BigFix can be used through the API
• connection to minimize and automate time and resources. 
• Management of multiple servers can be done through the centralized location which reduces the efforts and time consumed earlier. 
• Offers better integration with the different applications. 
• It provides the user with correct and real-time information about the endpoints – regardless of location, connectivity, or operating system. 
• Provides the easy enforcement of security policies across the various endpoints and offers regular monitoring of the endpoints. 

IBM BigFix Applications:

IBM BigFix platform supports the following applications:

IBM BigFix lifecycle formerly referred to as IBM endpoint manager for lifecycle management:

You can use the IBM BigFix Lifecycle application to provide the agent-based tools to the administrator. This tool provides the proper visibility to the endpoint states and also resolves the issues automatically. This application provides you with remote control capabilities which you can use to monitor the services and workstation in the deployment via a remote location. This application also has capabilities like power management and server automation with the integration of two independent applications  – IBM Endpoint Manager (for power management) and IBM Endpoint Manager (for server management).

IBM Endpoint Manager for Power Management: 

You can use this application for observing and managing the power usage over various computers present in the network.  It also helps to manage the company conservation policies which you set through wizards, web reports, and dashboards.  This application is capable of delivering amazing power management capabilities.

IBM BigFix Compliance formerly referred to as IBM Endpoint Manager for Security and Compliance:

This application allows the users to secure the endpoints by fixing the problems and assure the operator that each security requirement is being met properly.

IBM BigFix Protection formerly referred to as IBM Endpoint Manager for Core Protection:

This application can help users to perform real-time antimalware functions against the web threat, malware, spyware, viruses, worms, Trojan horses, etc.  It uses security methods like web reputation, behavior monitoring, and a personal firewall for:

• Virtual endpoints.
• Endpoints: connection to the internet and roaming.
• Network connected endpoints.

IBM BigFix Inventory formerly referred to as IBM Endpoint Manager for Software Use Analysis:

 This application allows the users to scan the monitored computers for:

• Installed software identification.
• Matching the signs identified by the scan with respect to the software catalog.
• Result comparison with respect to the cost.
• Creating the report.

IBM Endpoint Manager Server Automation

This application provides the users with powerful automation. Users can use this application to execute step-by-step sequence automation actions across different endpoints.

Types of Content in BigFix 

IBM BigFix works upon the concept of content. Content is actually representing the data to distribute to targets, or the instructions to execute on the targets, or the queries to execute on the targets. The different types of content included in the IBM BigFix Implementation are:

Action: An action is a script which is executed on specific targets.  Action helps to spot and tackle the policy violation, security exposure and to execute the configuration process. In other words, the action is used to run the operations and execute commands on the targets. Task, baselines, and Fixlet involve the actions and according to that, they run the remediation process. 

Fixlet: It is a documentation in which the instructions are mentioned. These instructions are used by IBM BigFix agents to identify the issues and assess the status in the targeted system. 

Task: A task is a documentation in which the instructions executed by IBM BigFix agents on the targeted system for running the commands and configuring the activities are provided. 

Baselines: Baselines can be referred to as the deployment containers of tasks and the Fixlets.  With the help of baselines, a user can apply the set of content on different targets simultaneously.  The content is applied by following a particular sequence mentioned in the baseline description.  

Analysis: An analysis is a property expression collection through which the operator can summarize and check the different properties of computers present across the network of the different IBM BigFix clients. 

All types of content are available in the IBM BigFix Console. Each IBM BigFix application utilizes the content to perform different activities. 

How to identify which targets to apply content? 

Relevant action: Relevant action helps to fix the damage by executing the guidelines mentioned in the action instructions. These guidelines are executed with the help of  Action Script language. Actions support the relevance clauses which an operator can customize during the execution in Take Action Dialog.

Relevant Fixlet: This indicates that computer not following the policy rules. If the Fixlet is relevant, actions mentioned in the Fixlet definition are executed.  After executing the action, relevance is checked again to make sure that issues are successfully fixed.

Relevant task: Relevant task indicates that the computer is not following the configuration requirements or standards and requirements. Thus, it is necessary to run the maintenance activities. If the task is relevant, actions mentioned in the task definition are executed to fix the error and after that, task is no more relevant.  Evaluation of relevant tasks cannot be done again. For example – the relevant task is applicable only for those systems where the Symantec Endpoint protection is not in an active state.

Relevant Baseline: Relevant baselines assure the available Fixlet for the computers are satisfying the standards mentioned in the relevance expression – standards mentioned in the Fixlet description and baseline’s applicable computer tab. In case, any criteria are not mentioned for the baseline’s computer applicable tab, then no limitation is applicable on Fixlet or task applicability.

Relevant analysis: Relevant analysis executes the property queries as per their query intervals and shares the outcomes with the server. The outcomes can be seen on the BigFix Console.

Patch management: IBM BigFix Patch Management offers an easy and automated patching process which can be directed through a particular console. Patch Management improves the patch process, increases its effectiveness, and reduces the operational cost.  The scenario includes two parts:

• A configuration of Patch management for Windows Patches
• Applying windows patches. 

A configuration of Patch management for Windows Patches

Once the IBM BigFix product is successfully installed, it subscribes to some maintenance and management sites automatically. Thus, the content available on those sites enters your enterprise automatically and then its evaluation is done to check the relevance of all computers running on the IBM BigFix console.

You can follow the given steps to subscribe to the patch management site:

• Double click on IBM BigFix console icon to open it.
• Tap on the License overview dashboard.
• Scroll down till you reach the patch management area.
• Read the terms and conditions of the Patch Management License Agreement and then click on accept.
• In the  ‘Available Sites’ option, click ‘enable’ to start downloading the content from Patch Management site.  Now, the site is listed in the domain panel’s Manage site node.
• Open ‘Manage Site Node’ and choose the option ‘Patches for Windows’ (English).
• From the Site dialog box, press the  ‘Computer Subscription’ tab and choose ‘All Computers’.
• Click on the ‘Gather’ process to download the content from chosen sites.

Applying the Windows Patch

Follow the mentioned steps to apply the windows patch from console:

• Expand ‘Patches for Windows’ subtree and tap on the subscribed computers.   You can check the entry in the list panel which is showing the name of the client installed on the server.
• Click on the ‘Relevant Fixlets and Tasks’ tab to check the Fixlets relevant to the chosen clients. Fixlet is only relevant if it is necessary for the client to install the content provided in Fixlet.
• Access the Fixlet description by a double click on Fixlet.
• Start the deployment process through the Action pane.
• From the Take action panel, choose a client and then tap on OK to start the deployment process.
• Now, you will be redirected to the Action panel where you can check the deployment process status.Now, you will be redirected to the action panel. The status will change from the ‘Not evaluated’ to ‘Evaluating to Fixed’ if the issue is sorted.  The evaluation of the process is done through the set of predefined conditions mentioned in the Success Criteria tab.Once the issue is sorted, Fixlet will be marked as irrelevant for the client. Thus, there is no need to apply the Fixlet again.
• By following these guidelines, a user can subscribe to the patch management site and apply the windows patches. 

IBM BigFix vs SCCM

SCCM (System Center Configuration Manager) product is developed by Microsoft, and it is used for the management of large groups of computers running on Windows OS. SCCM and BigFix offer quite similar services. But, if we consider the multiple operating systems, multi-tenant scenario or complex network environment, then BigFix offers better management as compared to the SCCM which has limited scope. Not only this, if the user has complex security requirements, SCCM is not the idle choice.

Check the below-mentioned points to know why BigFix is better than SCCM:

IBM BigFix Vs SCCM

IBM BigFix can effectively manage endpoints, task, and activities over the different operating systems like Windows, MAC OS, Unix, Linux, etc. SCCM works well on the Windows Operating system for endpoints management, but the scope is limited for the other operating systems like Linux, Unix, and third-party vendor applications.

With IBM BigFix platform, a user can easily manage up to  250,000 endpoints, thus it offers better scalability The task of managing endpoints becomes complex, even next to impossible when the count goes above 10,000. For managing the multi-tenant scenario, complex network environment, multiple operating systems, BigFix is the ideal choice.SCCM is only beneficial to use when the user does not have any complex management requirements.BigFix allows users to collect data, create reports, and export CSVs.SCCM allows users to set up the schedule as per the security requirements. A user can also automate the patching process of computers and servers. 

In BigFix, it is easy to deploy the security and non-security capabilities, update systems, deploy drivers, and find out the required information. IBM BigFix also supports central deployment capabilities.SCCM allows users to have basic system management and supports centralization, so it becomes easy for users to access the required information just from a single console.

Conclusion :

The aforementioned points clearly state that IBM BigFix software deployment can be very beneficial for business enterprises for endpoints, compliance, and security management.  With IBM BigFix, an organization can effectively manage the virtual and physical endpoints through a single console and also can resolve the real-life concern.Hope you have found all the details that you were looking for, in this article.