Most Helpful Review
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
It's enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.
Servers are patched more consistently than they have been previously.
Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has helped my organization.
We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.
BigFix has drastically reduced the maintenance window period to patch and reboot servers.
Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.
It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability which is nice.
Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that were vulnerable to antivirus and initiate scans. That's key.
It is a good choice for deployment that performs very well.
It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer.
There is a faster time to rollout. If we get a new PC, it can be ready for productivity right away.
With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.
It gives us the ability to set up schedules, according to what our security requirements are, to automate the patching of our servers and desktops.
What's valuable is the basic management of the systems, being able to control who can access the systems.
You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything.
With the right administrator, application deployment can do wonders.
Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers, in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.
I would like to see the integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately.
The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point.
I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for your ServiceNow or your Qualys. More API connectivity to make it easier to integrate to other tools.
I would like to see a web UI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.
I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.
The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.
I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.
The setup was complex and I faced a lot of problems initially because I was new to the solution.
Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it.
Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.
Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.
There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. But we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.
Their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. It is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it.
There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate.
As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way.
Pricing and Cost Advice
Compliance, inventory, and licensing are really pricey. They should lower the price. It discourages users from getting onboard.
The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.
I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.
When purchasing, buying with other IBM tools provided us with a very good discount in pricing.
I can estimate the reduced cost of servers maintenance to approximatively $500,000.
SCCM comes with its own version of SQL Server. If you use that SQL Server with SCCM and don't use it for another applications than you get an SQL Server for free.
Overall, I think it's fine. It's pretty much in-line because there are ways to offset it with the Office 365 licensing.
Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources. It's an expensive solution. There's no doubt about it.
Pricing and licensing are horrible. You have to not look at dollar value to use SCCM. It's super-duper expensive but it works. The acquisition cost is expensive, it's labor-intensive. But it works.
Answers from the Community
out of 22 in Configuration Management
out of 22 in Configuration Management
Compared 57% of the time.
Compared 7% of the time.
Compared 6% of the time.
Compared 37% of the time.
Compared 14% of the time.
Compared 8% of the time.
Also Known As
|Tivoli Endpoint Manager||System Center Configuration Manager|
IBM BigFix provides complete visibility and control into all endpoints through a single, unified platform. Enterprises can now bridge the bridge the gap between threat detection and response, drastically reducing remediation times and costs by consolidating best-in-class EDR, enterprise asset discovery, endpoint interrogation, rich threat intelligence, multi-platform patch management (90+ OS) and software distribution. Security and operations teams can see, understand and act on all endpoint threats while proactively reducing the attack surface. • SEE: Discover and audit every endpoint, on or off the corporate network—and rapidly detect evasive attacks using behavioral analytics that understand how attackers compromise your endpoints. • UNDERSTAND: Guided investigation enables security analysts to understand the full context and scope of an attack based on real-time endpoint information, not just historical data. • ACT: Respond with purpose. BigFix provides the capability to deliver targeted remediation—not only on patient zero but enterprise-wide—in minutes or hours.
|With System Center Configuration Manager, you can manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving your employees access to corporate applications on the devices that they choose.|
Learn more about BigFix
Learn more about SCCM
|US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education Corporation||Bank Alfalah Ltd., Wªrth Handelsges.m.b.H, Dimension Data, Japan Business Systems, St. Lucie County Public Schools, MISC Berhad|
Financial Services Firm27%
Financial Services Firm21%
Comms Service Provider15%