IBM Bigfix Tutorial

In this article, we have enlightened the essential Concepts like IBM Bigfix Introduction, BigFix Platforms, Architecture, Features, Benefits & Applications, etc. which will help you understand About IBM BigFix Tutorial.

IBM BigFix Tutorial - A Complete Guide

• Why do we need BigFix?
• The Architecture of IBM BigFix
• Features of IBM Big Fix
• Benefits of IBM BigFix
• IBM BigFix Applications
• IBM Endpoint Manager Server Automation
• How to identify which targets to apply content?
• Applying the Windows Pach
• IBM BigFix vs SCCM

What is the IBM BigFix Platform

IBM BigFix Platform is a multilayered platform that is an integral part of the Global Information Technology Infrastructure. It helps in the management of computers running on different operating systems. IBM BigFix is actually a dynamic and content-driven management system that itself allocates the work of IT infrastructure management to the managed device, i.e agents. 

This platform can effectively handle up to 250,000 physical as well as virtual devices in a secure way on the public as well as a private network, which includes:  smartphones, server computers, roaming laptops, point-of-sale devices, self-service kiosks, and an auto teller machine. IBM BigFix Platform supports various operating systems like Microsoft Windows, VMware ESX, Linux, macOS, Symbian, and Unix. 

Why Do We Need IBM BigFix

Every business enterprise needs protection against security threats. One of the best ways of securing a business enterprise is applying better security to portholes, vulnerabilities points, and the endpoints which if left open may create a big network disaster.  IBM BigFix is the most effective method for Endpoint security and critical business assets management. 

IBM BigFix follows 3 principles as mentioned below: 

Find it: Firstly, it will identify the endpoints which are not being managed properly, and after that by using real-time visibility, it will find out the errors.

Fix it: Once the issues are identified, it will apply the patches across different endpoints to fix the issues. 

Secure it: Monitor and enforce security compliance with operational, regulatory, and security policies and respond back to the threats in a proactive manner. 

IBM BigFix monitors every endpoint continuously to identify the issues and threats so that it can enforce compliance with operational, regulatory, and security policies.  This solution works effectively even at remote locations with minimum bandwidth.

IBM BigFix platform is designed on the world’s biggest security portfolio to provide real-time security. It provides the clients with real-time updates of each endpoint present on the network. 

Real-life issues you can fix through the IBM BigFix platform:

• You can manage the distributed endpoints in a better way  ( on and off the network).
• Automate the server management operations like Sequenced Server Builds and Cluster Server Patching. 
• Cost-effective and makes sure that the business is securing and managing every endpoint present in the business environment. 
• Reduces the power consumption cost. 

The Architecture of IBM BigFix

The BigFix Architecture allows the authenticated user to allocate the software patches and configuration settings in a faster and easier manner.  To run the BigFix Architecture, a user must have a 64-bit Windows operating system with access to the BigFix server. 

IBM Endpoint  Architecture supports the following components:

IBM Endpoint Manager Clients

Clients are also referred to agents which are installed on the different computers which users want to manage through IBM Endpoint Manager. Clients access the collection of Fixlet which identifies configuration errors, security loopholes, and other issues. After that, it deploys the corrective measures to fix issues that are received by the console via the server. 

IBM Endpoint Manager allows the administrator to revert to screen prompts for actions that need input from users.  The client can also encrypt communication to protect confidential information.  

IBM Endpoint Manager Servers

IBM Endpoint Manager server is the collection of the web server, database server, and application services, which is the backbone of IEM.  It manages the information flow to and from the computer and saves outcomes in the IEM database.

The components of the server can work solely without any interference from the side of the administrator, it also includes web reporting through which the authenticated users can check all the details about the computer, actions, and vulnerabilities via a web browser.

IBM Endpoint Manager Relays

It Improves the system efficiency by allowing the clients to send a download request to relay, instead of the server, which later sends a single request to the server for downloads.  One relay can be connected to others to improve efficiency.  A user can install relay software on any windows server on which the IEM client manager is installed.

IBM Endpoint Manager Consoles

It joins all the components together for providing a wide view of the system, which includes the different computers present in the network, along with their issues and corrective measures.  IEM console allows the authenticated users to allocate the fixes to the affected computer without interrupting the other computers present in the network. 

Features of IBM Big Fix

Below  are the features supported by the IBM BigFix platform:

A single intelligent agent: A single Intelligent agent helps to regularly monitor the endpoint states with respect to the policies mentioned, whether they are connected to the internet or not.  It only uses 10 MB of RAM, thus easy to install and manage on different computers (also known as the client). 

When the agent identifies that the target is out of compliance with a checklist or policy, it immediately notifies the server, starts the configured remediation process, and informs the server of task status. Most of the time, agents are able to operate without any user interference. But, if the user’s feedback is necessary, you can have the screen prompts.

A single console: With the help of a single console, you can effectively manage a particular solution you are using such as security configuration, endpoint protection, system lifecycle management, and vulnerability management.

If you are an operator having some specific privileges, a single console allows you to fix the problems of the specific computers over the network that require the solution without affecting the working entire network.

A single server: It manages the information flow to and from the particular client and saves the output in the database. It helps the operator in the maintenance of real-time visibility and allows the operator to have control over the different devices.

It also helps in managing the policy-based content. Content is shared in the form of messages which are referred to as Fixlet. Content Delivery Cloud-based service is used by the agents for updating the content on a regular basis as the agent is responsible for the content analysis and processing.

• A single server is able to manage around 250000 endpoints.

Optionally one or more relays: It helps in managing the policy content and distributed devices. A relay is referred to as the client and is responsible for taking all the actions necessary for protecting the host computer. Also, it provides the software download and content delivery to sub-relays. Instead of using the server.

• The relay can be used to which the different clients can send the download request and later the relay can generate a single request which will be sent to the server, which reduces the network congestion. 
• To increase efficiency, you can connect different relays to each other.

Optionally, a secondary server: A Disaster Server Architecture (DSA) server can be used for replicating the server details for disaster recovery.  In simple words, if the IBM BigFix server fails, then another similar server can take its place and perform all the functions.

Web reports: Web reports can help you to generate the graphs and charts of your data in the form of hardcopy.  It also helps you to export the data to a database or spreadsheet for additional manipulation. With web reports, a user can maintain the audit trail of all the content activities performed in the network. 

Benefits of IBM BigFix

• It allows users to have an extremely successful patching program. Reduces the network traffic while the user downloads the patches by downloading the patch to the central location and then to a particular site by using the relay. 
• It offers great encryption management and provides proper monitoring of the endpoints. 
• Allows users to deploy the required security capabilities faster. IBM BigFix can be used to deploy drivers, update systems, and manage the information.
• Fix the malware, viruses, and spyware. A user can instantly patch all endpoints that require antivirus or scans. 
• BigFix can be used through the API connection to minimize and automate time and resources. 
• Management of multiple servers can be done through the centralized location which reduces the efforts and time consumed earlier. 
• Offers better integration with the different applications. 
• It provides the user with correct and real-time information about the endpoints - regardless of location, connectivity, or operating system. 
• Provides the easy enforcement of security policies across the various endpoints and offers regular monitoring of the endpoints. 
• Audits all the authorized or unauthorized servers in the inventory for maintaining security. 

IBM BigFix Applications

IBM BigFix platform supports the following applications:

IBM BigFix lifecycle formerly referred to as IBM endpoint manager for lifecycle management.

You can use the IBM BigFix Lifecycle application to provide agent-based tools to the administrator. This tool provides the proper visibility to the endpoint states and also resolves the issues automatically. This application provides you with remote control capabilities that you can use to monitor the services and workstation in the deployment via a remote location.

This application also has capabilities like power management and server automation with the integration of two independent applications  - IBM Endpoint Manager (for power management) and IBM Endpoint Manager (for server management).

IBM BigFix Patch formerly referred to as IBM Endpoint Manager for Patch Management

This application helps to provide an easy and automated patching process to the various distributed endpoints. With this application, you can effectively manage the software application patches and operating system.

IBM Endpoint Manager for Power Management 

You can use this application for observing and managing the power usage over various computers present in the network.  It also helps to manage the company conservation policies which you set through wizards, web reports, and dashboards.  This application is capable of delivering amazing power management capabilities.

IBM BigFix Compliance formerly referred to as IBM Endpoint Manager for Security and Compliance

This application allows the users to secure the endpoints by fixing the problems and assure the operator that each security requirement is being met properly.

IBM BigFix Protection formerly referred to as IBM Endpoint Manager for Core Protection

This application can help users to perform real-time antimalware functions against the web threat, malware, spyware, viruses, worms, Trojan horses, etc.  It uses security methods like web reputation, behavior monitoring, and a personal firewall for:

• Virtual endpoints.
• Endpoints connection to internet and roaming.
• Network-connected endpoints.

IBM BigFix Inventory formerly referred to as IBM Endpoint Manager for Software Use Analysis

 This application allows the users to scan the monitored computers for:

• Installed software identification.
• Matching the signs identified by the scan with respect to the software catalog.
• Result comparison with respect to the cost.
• Creating the report.

IBM Endpoint Manager Server Automation

This application provides the users with powerful automation. Users can use this application to execute step-by-step sequence automation actions across different endpoints.

Types of Content in BigFix 

IBM BigFix works upon the concept of content. Content is actually representing the data to distribute to targets, or the instructions to execute on the targets, or the queries to execute on the targets. The different types of content included in the IBM BigFix Implementation are:

• Action: An action is a script that is executed on specific targets.  Action helps to spot and tackle the policy violation, security exposure and to execute the configuration process. In other words, the action is used to run the operations and execute commands on the targets. Task, baselines, and Fixlet involve the actions and according to that, they run the remediation process. 
• Fixlet: It is documentation in which the instructions are mentioned. These instructions are used by IBM BigFix agents to identify the issues and assess the status in the targeted system. 
• Task: A task is documentation in which the instructions executed by IBM BigFix agents on the targeted system for running the commands and configuring the activities are provided. 
• Baselines: Baselines can be referred to as the deployment containers of tasks and the Fixlets.  With the help of baselines, a user can apply the set of content on different targets simultaneously.  The content is applied by following a particular sequence mentioned in the baseline description.  
• Analysis: An analysis is a property expression collection through which the operator can summarize and check the different properties of computers present across the network of the different IBM BigFix clients. 

All types of content are available in the IBM BigFix Console. Each IBM BigFix application utilizes the content to perform different activities. An operator can also create customized content as per the requirements. For example, an operator can create the customized Fixlets to apply the policy rule or patches on the applications. 

How to identify which targets to apply content?

IBM BigFix helps in the operator identification that which computer requires the content or we can say, to specify on which target content to be applied.  To perform this task, the relevant expression is used which comes under the content definition. Relevant expressions are given in human-readable form referred to as Relevance Language.

1. Relevant action: Relevant action helps to fix the damage by executing the guidelines mentioned in the action instructions. These guidelines are executed with the help of the Action Script language. Actions support the relevance clauses which an operator can customize during the execution in taking Action Dialog.
2. Relevant Fixlet: This indicates that the computer not following the policy rules. If the Fixlet is relevant, actions mentioned in the Fixlet definition are executed.  After executing the action, relevance is checked again to make sure that issues are successfully fixed.
3. Relevant task: Relevant task indicates that the computer is not following the configuration requirements or standards and requirements. Thus, it is necessary to run the maintenance activities. If the task is relevant, actions mentioned in the task definition are executed to fix the error and after that, the task is no more relevant.  Evaluation of relevant tasks cannot be done again. For example – the relevant task is applicable only for those systems where the Symantec Endpoint protection is not in an active state.
4. Relevant Baseline: Relevant baselines assure the available Fixlet for the computers are satisfying the standards mentioned in relevance expression – standards mentioned in the Fixlet description and baseline’s applicable computer tab. In case, any criteria are not mentioned for the baseline’s computer applicable tab, then no limitation is applicable on Fixlet or task applicability.
5. Relevant analysis: Relevant analysis executes the property queries as per their query intervals and shares the outcomes with the server. The outcomes can be seen on the BigFix Console.
6. Patch management: IBM BigFix Patch Management offers an easy and automated patching process that can be directed through a particular console. Patch Management improves the patch process, increases its effectiveness, and reduces operational costs. 

Patch Management Scenario: Patch Management scenario includes the process of deploying the patches on IBM BigFix through the Patch Management Application. The execution of the process is done through IBM BigFix Console. 

Patch Management Scenario is applicable on Windows OS, but you can follow the same process to apply patches on the other available operating systems. 

The scenario includes two parts:

• A configuration of Patch management for Windows Patches. 
• Applying windows patches. 

A configuration of Patch management for Windows Patches

Once the IBM BigFix product is successfully installed, it subscribes to some maintenance and management sites automatically. Thus, the content available on those sites enters your enterprise automatically, and then its evaluation is done to check the relevance of all computers running on the IBM BigFix console.

You can follow the  given steps to subscribe to the patch management site:

• Double click on the IBM BigFix console icon to open it.
• Tap on the License overview dashboard.
• Scroll down till you reach the patch management area.
• Read the terms and conditions of the Patch Management License Agreement and then click on accept.
• In the  ‘Available Sites’ option, click ‘enable’ to start downloading the content from the Patch Management site.  Now, the site is listed in the domain panel’s Manage site node.
• Open ‘Manage Site Node’ and choose the option ‘Patches for Windows’ (English).
• From the Site dialog box, press the  ‘Computer Subscription’ tab and choose ‘All Computers’.
• Click on the 'Gather’ process to download the content from chosen sites.

Applying the Windows Patch

Follow the mentioned steps to apply the windows patch from the console:

• Expand the ‘Patches for Windows’ subtree and tap on the subscribed computers.   You can check the entry in the list panel which is showing the name of the client installed on the server.
• Click on the ‘Relevant Fixlets and Tasks’ tab to check the Fixlets relevant to the chosen clients. Fixlet is only relevant if it is necessary for the client to install the content provided in Fixlet.
• Access the Fixlet description by double click on Fixlet.
• Start the deployment process through the Action pane.
• From the Take action panel, choose a client and then tap on OK to start the deployment process.
• Now, you will be redirected to the Action panel where you can check the deployment process status.
• Now, you will be redirected to the action panel. The status will change from ‘Not evaluated’ to ‘Evaluating to Fixed’ if the issue is sorted.  The evaluation of the process is done through the set of predefined conditions mentioned in the Success Criteria tab.
• Once the issue is sorted, Fixlet will be marked as irrelevant for the client. Thus, there is no need to apply the Fixlet again.
• By following these guidelines, a user can subscribe to the patch management site and apply the windows patches. 

IBM BigFix vs SCCM

SCCM (System Center Configuration Manager) product is developed by Microsoft, and it is used for the management of large groups of computers running on Windows OS. SCCM and BigFix offer quite similar services. But, if we consider the multiple operating systems, multi-tenant scenario, or complex network environment, then BigFix offers better management as compared to the SCCM which has limited scope. Not only this, if the user has complex security requirements, SCCM is not the idle choice.

Check the below-mentioned points to know why BigFix is better than SCCM:

Conclusion

The aforementioned points clearly state that IBM BigFix software deployment can be very beneficial for business enterprises for endpoints, compliance, and security management.  With IBM BigFix, an organization can effectively manage the virtual and physical endpoints through a single console and also can resolve real-life concern. A comparison between IBM BigFix and SCCM is given which clearly indicates the SCCM platform is effective to manage the application running on windows OS whereas BigFix can be deployed over any platform and deliver the desired outcomes.