IBM BigFix vs. SCCM

IBM BigFix is ranked 1st in Configuration Management with 31 reviews vs SCCM which is ranked 2nd in Configuration Management with 8 reviews. The top reviewer of IBM BigFix writes "Provides a single pane view into the entire environment". The top reviewer of SCCM writes "Enables us to set up schedules, according to security needs, to automate server and desktop patching". IBM BigFix is most compared with SCCM, Tanium and Symantec Endpoint Protection. SCCM is most compared with IBM BigFix, Ansible and Quest KACE Systems Management. See our IBM BigFix vs. SCCM report.
You must select at least 2 products to compare!
IBM BigFix Logo
20,499 views|10,575 comparisons
Read 8 SCCM reviews.
28,242 views|18,640 comparisons
Most Helpful Review
Anonymous User
Find out what your peers are saying about IBM BigFix vs. SCCM and other solutions.
309,677 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.It is user-friendly.It has plugins development options, which are great.Patch Management for a variety of operating systems makes it valuable as we can rely on a single tool for obtaining patch compliance of the entire compute infrastructure.Patch management, because it very much improved the patch compliance and has the capability to manage Windows and non-Windows clients.Vulnerability scanning and patch automation.The architecture for patching and the 100% correct reporting makes BigFix stand apart from other solutions.Ability to run custom reports and custom relevance.

Read more »

It is a good choice for deployment that performs very well.It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer.There is a faster time to rollout. If we get a new PC, it can be ready for productivity right away.With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.It gives us the ability to set up schedules, according to what our security requirements are, to automate the patching of our servers and desktops.What's valuable is the basic management of the systems, being able to control who can access the systems.You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything.With the right administrator, application deployment can do wonders.

Read more »

Sometimes there is a lag time for our users.The product is quite buggy and complicated to use.Relay selection and availability needs improvement as an incorrect relay selected can cause network chokes.Needs to improve Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks.There is no support for patch management on SLES on IBM pSeries (only the Intel platform is supported).The new EDR (Endpoint Detection and Response) feature, Detect, is new and still needs a few updates.We need a much better multi-tenant option.IBM has not focused on the Web Reports capabilities.

Read more »

The setup was complex and I faced a lot of problems initially because I was new to the solution.Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it.Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. But we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.Their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. It is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it.There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate.As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way.

Read more »

Pricing and Cost Advice
The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.When purchasing, buying with other IBM tools provided us with a very good discount in pricing.I can estimate the reduced cost of servers maintenance to approximatively $500,000.

Read more »

SCCM comes with its own version of SQL Server. If you use that SQL Server with SCCM and don't use it for another applications than you get an SQL Server for free.Overall, I think it's fine. It's pretty much in-line because there are ways to offset it with the Office 365 licensing.Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources. It's an expensive solution. There's no doubt about it.Pricing and licensing are horrible. You have to not look at dollar value to use SCCM. It's super-duper expensive but it works. The acquisition cost is expensive, it's labor-intensive. But it works.

Read more »

Use our free recommendation engine to learn which Configuration Management solutions are best for your needs.
309,677 professionals have used our research since 2012.
Answers from the Community
Rhea Rapps
Onyegbule UcheUser

SCCM is good for managing windows endpoints but it uses WMI which is a headache and has slower reporting. it also has limited support(in most cases none) for Unix/Linux based OS, and third-party vendor applications.

if you're a very large environment, SCCM becomes a headache when you try to scale over 10,000 endpoints

The upside is that if you're a heavy windows environment, SCCM can be the ideal way to go, but if you plan on introducing different OS, you should consider BigFix.

SCCM can be free with the enterprise version of windows,

With IBM BigFix, you have support for over 90 different Operating systems, and over 9000 application vendors and over 250,000 third-party applications. and can roll out patches and achieve compliance in minutes and hours.

BigFix uses an intelligent agent(with local inspectors) and a relevance language for making sure that only the correct patches are applied to an endpoint and complete granular visibility into an endpoint (e.g applications installed, processes running, hardware information, etc)

With BigFix setting up distribution points has become much simpler and it can be done simply from the console. no extensive configuration is necessary.

When it comes to scalability, a single BgFix server can manage up to 250,000 endpoints.

The downside to IBM BigFix is the learning curve to it, its a bit high.

23 March 18

I am going to talk about IBM BigFix and Microsoft SCCM.

SCCM is a Windows dedicated platform for OS Confguration Management. It is powerful for managing Windows environments but very limited for managing UNIX environments (in particular OS provisioning, patch management, audit, compliance, remote control, etc.). It doesn’t integrate well with mixed Windows -Linux/ Unix setups and .

IBM BigFix, formerly Tivoli Endpoint Manager (TEM), is powerful for managing all OS (Windows, UNIX, VMware ESX, Linux, OSX) and for daily tasks and activities (remote control, patch management, software distribution, OS deployment, compliance, audit, reporting, network access and protection)

Both of them have their own inventory database and use Master-slave architecture (agent should be installed for both of SCCM and BigFix managed nodes).

If you are going to manage more Windows than UNIX systems, so it is better to use SCCM. If your main focus is to manage different OS using GUI and command line, I would recommend to use BigFix. It is flexible and offers many features and functionalities that help administrators automate and orchestrate infrastructure with few clicks rather than do it manually and lose more much time fixing and fixing issues.

Talking Licensing model, SCCM is more expensive than BigFix.

For those who are interested, there are also other tools that manage infrastructure and OS (Ansible, Puppet, OO, SA, etc.).

21 March 18
Martin CarnegieConsultant

As a couple people have mentioned, understanding your requirements would help to point you in the right direction.

One person above made the comment "SCCM isn't just for patching like BigFix". Just to be very clear BigFix does all of the same stuff as SCCM, but the usual entry for BigFix is the Patch Management. BigFix does have inventory, software distribution, OS deployment for Windows and Linux, Compliance (very extensive).

If you were just interested in Windows OS deployment, I might point you to SCCM, but the OS deployment from BigFix has improved quite a bit, so it is a good product also.

For setup, I can 100% tell you that BigFix is way easier. Getting an infrastructure up and running with the BigFix server and say 200 clients is about a 4 hour job. By the end of the 4 hours, BigFix can show you the patch status for any systems checking in and this is not just Windows. With the client deploy tool, I can easily deploy hundreds of clients in a few minutes.

Adding infrastructure for scalability (relays) is also very easy and only takes a few minutes to add. If you want to service Internet connected devices, then you add a relay in the DMZ (and firewall rules) and you are able to connect to a device pretty much like they are on the LAN. This does not require a different infrastructure to make it work.

When I was first introduced to BigFix back when IBM bought them, I downloaded the trial version and attempted an installation without reading documentation. For my home lab, I was able to install the server and 5 clients in about 1 hour. I was also able to see the patch info and deploy patches to these systems. I mainly did this just to see how hard it would be to set up. Once set up, I started to read the documentation.

I know people that use SCCM, BigFix and Dell Kace that they really like the simplicity, scalability and power of BigFix over the others.

My current site that I am at, we have BigFix Patch only as we were mainly interested in the patch status for servers (Windows, AIX, RedHat, Oracle Linux and Solaris) as there was no simple way to get this information and consolidate it in a common view. Even though we only have Patch, we can still create custom content to deploy software like Symantec Endpoint Protection, SCOM agents and others. We can also use it to collect custom data like, currently logged on users, SCOM agent configuration, hardware information and a lot more. Some of this is in-house developed from scratch, others are built using samples from the BigFix community.

Hope that helps a bit.

06 April 18
Caio PiernoReal User

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirements.

BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix.

25 March 18
Caio PiernoReal User

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirement.
BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix;

22 March 18
Avg. Rating
Avg. Rating
Top Comparisons
Compared 59% of the time.
Compared 8% of the time.
Compared 36% of the time.
Compared 14% of the time.
Also Known As
Tivoli Endpoint Manager, IBM Endpoint Manager, TEMSystem Center Configuration Manager

IBM BigFix provides complete visibility and control into all endpoints through a single, unified platform. Enterprises can now bridge the bridge the gap between threat detection and response, drastically reducing remediation times and costs by consolidating best-in-class EDR, enterprise asset discovery, endpoint interrogation, rich threat intelligence, multi-platform patch management (90+ OS) and software distribution. Security and operations teams can see, understand and act on all endpoint threats while proactively reducing the attack surface. • SEE: Discover and audit every endpoint, on or off the corporate network—and rapidly detect evasive attacks using behavioral analytics that understand how attackers compromise your endpoints. • UNDERSTAND: Guided investigation enables security analysts to understand the full context and scope of an attack based on real-time endpoint information, not just historical data. • ACT: Respond with purpose. BigFix provides the capability to deliver targeted remediation—not only on patient zero but enterprise-wide—in minutes or hours.

With System Center Configuration Manager, you can manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving your employees access to corporate applications on the devices that they choose.
Learn more about IBM BigFix
Learn more about SCCM
Sample Customers
US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education CorporationBank Alfalah Ltd., Wªrth Handelsges.m.b.H, Dimension Data, Japan Business Systems, St. Lucie County Public Schools, MISC Berhad
Top Industries
Healthcare Company21%
Wireless Company14%
Manufacturing Company7%
Financial Services Firm34%
Manufacturing Company11%
Transportation Company5%
Financial Services Firm18%
Manufacturing Company8%
Company Size
Small Business6%
Midsize Enterprise9%
Large Enterprise85%
Small Business7%
Midsize Enterprise19%
Large Enterprise74%
Small Business33%
Midsize Enterprise33%
Large Enterprise33%
Small Business11%
Midsize Enterprise16%
Large Enterprise73%
Find out what your peers are saying about IBM BigFix vs. SCCM and other solutions.
309,677 professionals have used our research since 2012.
We monitor all Configuration Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email