Home
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Configuring the OS Deployment Environment
To start working with OS Deployment, run the configuration Fixlets and tasks listed in the Setup Node.
Verifying Secure Hash Algorithm (SHA-256) readiness
BigFix version 9.1 uses the SHA-256 hashing algorithm to increase file exchange security. OS Deployment manages file exchange within the application flows using SHA-256.

OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
- Product overview
- Configuring the OS Deployment Environment
  To start working with OS Deployment, run the configuration Fixlets and tasks listed in the Setup Node.
  - Update Server Whitelist for OS Deployment
  - Managing the Linux Image provider
    The Linux Image provider component is needed for reimaging Linux systems in your environment and it can be installed on Windows computers only.
  - Managing Bare Metal OS Deployment Servers
    The Bare Metal Server Manager dashboard manages the installation, upgrade, and uninstallation of Bare Metal OS Deployment servers.
  - Ports used by the Bare Metal OS Deployment Server
    To ensure correct communication, check the ports used for the different deployment scenarios.
  - Configuring the DHCP server
    To connect targets to the OS Deployment server, you might need to configure the DHCP server based on the characteristics of your network.
  - Deploying the Management Extender for Bare Metal Targets
    You can manage Bare Metal Targets from the BigFix infrastructure by installing and using the Management Extender for Bare Metal targets.
  - Activating Analyses
  - Health Checks Dashboard
  - Verifying Secure Hash Algorithm (SHA-256) readiness
    BigFix version 9.1 uses the SHA-256 hashing algorithm to increase file exchange security. OS Deployment manages file exchange within the application flows using SHA-256.
- Managing MDT Bundles and Deployment Media for Windows targets
  To perform OS Deployment of Windows operating systems, you prepare your deployment environment and resources using the Bundle and Media Manager Dashboard.
- Managing Drivers for Windows Deployments
  The Manage Images and Drivers node includes tasks to prepare and import drivers for deployment to Windows targets.
- Managing Linux OS Resources and Deployment Media
  You can import Linux OS Resources needed to create network boot media and to capture and deploy Linux images
- Managing Images
  The Manage Images and Drivers node includes tasks to capture, import and manage images for deployment to targets.
- Upload Mode
  By default, the OS images are permanently stored in the BigFix root server.
- Reimaging
  Reimaging is the process of saving the user state on a computer, installing a new image on it, and then restoring the user state.
- Installing Windows 10 or Windows 11 using in-place upgrade
  To upgrade your existing Windows systems to Windows 10 or Windows 11 you can use the in-place upgrade fixlets.
- Bare Metal deployments
  You can install and manage BigFix for OS Deployment servers and create profiles for bare metal deployments.
- Monitoring Deployment Activities
  You can track and monitor all deployment activities in your Endpoint Management network.
- Maintenance and troubleshooting
  You can monitor deployment activities, correct exceptions and adjust configuration settings specific to your environment through dashboards and tasks available for these purposes.
- Setting up OS Deployment in an air-gapped network
  You can choose to configure your OS Deployment and Bare Metal Imaging site in an air-gapped network.
- Deprecated and Superseded functionalities
  This topic lists the functionalities that are still present in OSD, but are deprecated.
- Create Ubuntu OS Resources manually

Verifying Secure Hash Algorithm (SHA-256) readiness

BigFix version 9.1 uses the SHA-256 hashing algorithm to increase file exchange security. OS Deployment manages file exchange within the application flows using SHA-256.

From BigFix Version 9.1, all application-specific files are managed with SHA-256. All new files uploaded by the user (images, drivers, MDT Bundles etc.) and generated by the system after the installation of BigFix version 9.1 are created with the SHA-256 hashing information included, and are managed accordingly. The files that were uploaded and created on earlier BigFix versions, do not have the SHA-256 information. You can continue to use these files, but file exchange will not benefit from the improved security provided by SHA-256.

If the BigFix Server is configured to allow exchange of files in SHA-256 mode only, then it will no longer be possible to use files created with earlier versions of BigFix.

To verify SHA-256 readiness, the health check named "OS deployment Environment is SHA-256 compliant" scans for files that do not have SHA-256 information. The outcome of this check can result in a warning message indicating that some files are not SHA-256 compliant. You can start an action to calculate the missing SHA-256 information and to automatically update the affected files from the Resolution section of the health check. If the action does not update one or more files, you can display the file names for further problem determination. When the action completes successfully, the status changes to "Pass". In this case, a synchronization action is automatically started to update the hashing information on Bare Metal servers in the network.

If the BigFix server is configured to allow the exchange of files in SHA-256 mode only, a warning banner is also displayed in the OS Deployment dashboards, with an indication for the user if the SHA256 compliance health check status is not "Pass". Clicking on the banner opens the Health Checks dashboard from where you can start a remediation action.