Setup Considerations
During setup, match your optimum deployment size to your hardware specifications. Use the suggestions as general guidance to setup BigFix Compliance Analytics.
- BigFix Compliance Analytics database server
- BigFix Compliance Analytics application server
BigFix Compliance Analytics database server
The size of the BigFix Compliance Analytics database server depends on the following factors.
- The number of computers
- The amount of content that is subscribed onto these computers
- The number of imports that are run
You can add more disk space for future growth of endpoints and more security compliance checks.
- CPU and memory considerations
A minimum of 2 to 3 GHz CPU with 8 GB RAM is sufficient for hosting a BigFix Compliance Analytics database server. The database server would gather analytics data for several hundred BigFix clients. The requirements scale with the number of computers and compliance checks.
It is suggested that you add more RAM for the SQL Server as the deployment environment scales up.
Use the following suggested sizing matrix for your deployment environment.Table 1. Suggested sizing matrix for BigFix Compliance Analytics deployment environments Deployment Size (Number of computers) Data Size CPU Memory 1 - 500 0 - 15 GB quad core 8 GB 500 - 5,000 15 - 25 GB quad core 8 GB 5,000 - 30,000 25 - 60 GB quad core 16 GB 30,000 - 100,000 60 - 165 GB quad core 32 GB 100,000+ 165 GB + 1.5 GB for every 1,000 endpoints 2 x quad core 64 GB+ Note: The sizing matrix does not include the database log size. For BigFix Compliance Analytics, the log size generally requires the same size as the database size.
- Disk space considerations and assumptions
An example deployment size of 30,000 BigFix Clients that are subscribed to SCM contents must take into account the following disk space considerations and assumptions:
- A 60 GB of free disk space is needed by the BigFix Compliance Analytics database server with 30,000 BigFix Clients.
- Add 1.5 GB free disk space for the BigFix Compliance Analytics database server for every 1,000 more clients.
- The disk space suggestions are based on the following assumptions:
- Your deployment environment has an average of 2,000 SCM checks and 200 SCM checks per computer
- 2% check result change over each import (daily)
- 5% of the checks have associated exceptions that are managed in BigFix Compliance Analytics
- 1% of the measured value change over each import (daily)
- All measured value analyses for all checks are activated
- Your deployment contains one year of archived compliance data (365 imports)
Note: Disk space size is affected by the sum of the following key elements:(Number of check results and their compliance change over time) + (Number of vulnerability results and their compliance change over time) + (Number of measured values change over time) + (Computer Group * Checks * Number of imports over time) + (Number of exceptions + Number of Measured Values)
BigFix Compliance Analytics application server
- A minimum of 3 GB of free disk space is needed by the BigFix Compliance Analytics Server. 10 GB of free disk space can be sufficient for up to 250,000 computers.
- A 2 to 3 GHz CPU Quad-cores with 8 GB RAM free memory space to support 30,000 computers.
It is suggested that you have at least 1 GB of available memory space to facilitate PDF generation tasks. Each PDF generation task runs as a separate process and each process takes as much as 150 MB of memory space.
Firewall considerations
- The BigFix Compliance application uses IBM Java to run of top of IBM WebSphere Liberty. The service launches prunsrv.exe, a packaged executable file. By default, the protocol encryption layer and port options are set to TLS 1.0 on port 9081, but you can configure the options during the initial set up.
- You can configure the connection for the report mailing feature. The application must be able to contact the mail server.
- The PDF export functionality uses pdf.exe, an external executable file that is packaged with the application. This executable file does not make any outside connections.