Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.
Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.
We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.
It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise.
We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.
It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.
Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.
Some of the most valuable features are its:
My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.
I'd like to see:
I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.
Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.
Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.
We implemented in-house.
The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated.
I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.
I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it.