Jump to main content
BigFix Documentation Homepage
BigFix 10 Platform Documentation
Welcome to the BigFix Platform documentation, where you can find information about how to install, maintain, and use BigFix.
Detailed system requirements
The content of this page has moved to the HCL Support site. You will be redirected shortly. If the auto-redirect fails for some reason, use this link: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0087327.
Platform guides in PDF format
Following is a list of links to the BigFix Platform user guides in PDF format:
Common Criteria Certification
BigFix complies with the requirements of the standard ISO/IEC 15408 (Common Criteria) v. 3.1 for the assurance level: EAL2
Getting Started
Use this section to become familiar with BigFix infrastructure and key concepts necessary to understand how it works.
BigFix is a suite of products that provides a fast and intuitive solution for compliance, endpoint, and security management and allows organizations to see and manage physical and virtual endpoints through a single infrastructure, a single console, and a single type of agent.
BigFix Platform
All the BigFix applications run on top of the BigFix platform.
BigFix applications
The BigFix solution comprises several application products that provide consolidated security and operations management, simplified and streamlined endpoint management, while increasing accuracy and productivity.
A sample architecture
A sample architecture helps you to plan your environment.
Types of content
BigFix is based on contents. The generic term of content might represent data to distribute to targets, or instructions to run on targets, or queries to run on targets.
How to identify on which targets to apply content
BigFix helps you identify on which targets to apply content.
A patch management scenario
Follow the steps listed in these topics to learn how to deploy a patch using the Patch Management application on a newly installed BigFix server. All the steps are run from the BigFix console.
HTTPS across BigFix applications
This topic describes how the SSL/HTTPS communication works in BigFix applications and links the tasks on how to configure it.
Installation Guide
Learn the system requirements, licensing and installation instructions, and how to configure and maintain BigFix.
BigFix aims to solve the increasingly complex problem of keeping your critical systems updated, compatible, and free of security issues. It uses patented Fixlet technology to identify vulnerable computers in your enterprise. With just a few mouse-clicks you can remediate them across your entire network from a central console.
BigFix Platform Unicode Support Overview
BigFix Platform V10 gathers data from BigFix clients deployed with different code pages and languages, encode the data into UTF-8 format, and report it back to the BigFix server.
Sample deployment scenarios
The following deployment scenarios illustrate some basic configurations taken from actual case studies.
Requirements and assumptions
BigFix runs efficiently using minimal server, network, and client resources.
Types of installation
Before you install the product, decide if you want to do an evaluation or production installation.
Managing licenses
You must obtain a license key before you can install and use BigFix.
Before installing
Before running the installation make sure that you read the following topics and run the requested activities if needed.
Installing on Windows systems
Now that you understand the terms and the administrative roles, you are ready to get authorized and install the programs.
Installing on Linux systems
After understanding the terms and the administrative roles, you are ready to actually get authorized and install the programs.
Installing the clients
Install the BigFix client on every computer in your network that you want to administer, including the computer that is running the console.
BigFix Administration Tool
The BigFix Administration Tool, also called BESAdmin, is the tool we use to perform configuration changes and maintenance operations.
Post-installation configuration steps
After having run the installation, make sure that you read the following topics and run the requested activities if needed.
Managing relays
Relays can significantly improve the performance of your installation.
Introduction to Tiny Core Linux - BigFix Virtual Relay
Follow the step-by-step sequence of operations needed to build the virtual machine, from the downloading of the ISO image to the complete setup and configuration of the BigFix Virtual Relay.
Setting up a proxy connection
If your enterprise uses a proxy to access the Internet, your BigFix environment can use that communication path to gather content from sites.
Running backup and restore
You can schedule periodic backups (typically nightly) of the BigFix server and database files, to reduce the risk of losing productivity or data when a problem occurs by restoring the latest backup.
Upgrading on Windows systems
Before you begin
Upgrading on Linux systems
Before you begin
SQL Server parallelism optimization
The performance of an SQL Server database instance can often be improved by small tweaks. Performance might also be hindered by simple oversights. In fact, some SQL Server parallelism settings have suboptimal default values. Moreover, they have to be re-tuned after an hardware upgrade. Other issues might arise from inadvertent hardware configurations, especially when SQL Server is hosted on a virtual machine (VM).
Known limitations and workarounds
This section describes the known limitations and possible workarounds.
This section describes the log files associated with the BigFix components.
Uninstalling the BigFix client
To uninstall the BigFix client installed on the various operating systems, see the following sections.
Configuration Guide
Learn how to configure BigFix according to your needs.
This guide explains additional configuration steps that you can run in your environment after installation.
BigFix Site Administrator and Console Operators
In BigFix there are two basic classes of users.
Integrating with LDAP
You can add Lightweight Directory Access Protocol (LDAP) associations to BigFix.
Enabling SAML V2.0 authentication for LDAP operators
Starting from Version 9.5.5, BigFix supports SAML V2.0 authentication via LDAP-backed SAML identity providers.
Disabling local operators
Starting from BigFix Version 10.0.8, this feature provides a mechanism where the creation and use of any local operator is prohibited in favor of LDAP-based operators.
Using multiple servers (DSA)
Some important elements of multiple server installations.
Server object IDs
The BigFix server generates unique ids for the objects that it creates: Fixlets, tasks, baselines, properties, analysis, actions, roles, custom sites, computer groups, management rights, subscriptions.
Customizing HTTPS for Gathering
Using the DHE/ECDHE key exchange method
By default, BigFix 10.0 Patch 1 components use the DHE/ECDHE key exchange method if the version of the BigFix component on the other side of the SSL communication allows it.
Configuring secure communication
Real Time AV Exclusions
BigFix Console, Server and Relay components of the architecture perform high volume file operations. This activity is a substantial part of the functionality that these BigFix architecture components provide.
Downloading files in air-gapped environments
In air-gapped environments, to download and transfer files to the main BigFix server, use the Airgap utility and the BES Download Cacher utility.
Getting client information by using BigFix Query
The BigFix Query feature allows you to retrieve information and run relevance queries on client workstations from the WebUI BigFix Query Application or by using REST APIs.
The Plugin Portal
The Plugin Portal is a new component introduced in BigFix 10 to help manage cloud devices as well as modern devices such as Windows 10 and MacOS endpoints enrolled to BigFix. For details on modern client management, see the Modern Client Management documentation.
Extending BigFix management capabilities
BigFix 10 delivers a few significant new functions for enhancing the visibility and management of devices on your network regardless of whether the devices are physical or virtual.
Persistent connections
The capability to establish persistent connections was added to the product.
Relays in DMZ
The capability to establish a persistent TCP connection between the parent relay in the more secure zone and its child relay inside the DMZ network was added to the product. This allows you to manage systems in a demilitarized zone (DMZ network).
Working with PeerNest
The BigFix Client includes a new feature named PeerNest, that allows to share binary files among Clients located in the same subnet. The feature is available starting from BigFix Version 9.5 Patch 11.
Archiving Client files on the BigFix Server
You can collect multiple files from BigFix clients into an archive and move them through the relay system to the server.
BigFix Configuration Settings
A number of advanced BigFix configuration settings are available that can give you substantial control over the behavior of the BigFix suite. These options allow you to customize the behavior of the BigFix server, relays, and clients in your network.
Additional configuration steps
These topics explain additional configuration steps that you can run in your environment.
Migrating the BigFix Server (Windows/MS-SQL)
This section details the steps and operational procedures necessary for migrating the BigFix Server from existing hardware onto new computer systems.
Migrating the BigFix Server (Linux)
This section provides basic information on migrating your BigFix Server from existing Linux hardware onto new systems.
Server audit logs
The BigFix Server generates a server audit log file which contains the access information (login/logout) and information about the actions performed through the Console or the WebUI by the different users.
List of advanced options
The following lists show the advanced options.
Security Configuration Scenarios
BigFix provides the capability to follow the NIST security standards by configuring an enhanced security option.
Client certificate
To comply with the modern industry standards, starting from product version 10.0.7, the client certificate of the BigFix Agent will have a validity period of 13 months.
Client Authentication
Client Authentication (introduced in version 9) extends the security model used by BigFix to encompass trusted client reports and private messages.
Maintenance and Troubleshooting
If you are subscribed to the Patches for Windows site, you can ensure that you have the latest upgrades and patches to your SQL server database servers.
Console Operator's Guide
Learn how to work with the BigFix Console.
Accessing the console
The console is the visible face of BigFix, used by the operator to monitor and repair networked computers running the BigFix client.
Fixlets and Tasks
Actions are scripts that run on selected targets. They are used to fix policy violation and security exposures and to run configuration steps. Fixlet, tasks, and baselines depend on actions to run their remediation mission.
Client Computers
Computer Groups
Relays and Servers
Activating the license counting process
How to activate the license counting process.
Displays and Reports
The Dialogs
Disabling local operators on BigFix Console
Starting from BigFix Version 10.0.8, you can decide to disable the local operators from logging into the BigFix Console, to use LDAP operators instead.
Asset Discovery User's Guide
Learn how BigFix Asset Discovery works.
A brief overview on how BigFix discovers assets and on what are Scan Points.
Using Asset Discovery
How to operate and things to know about Asset Discovery.
Unmanaged Asset Importer - NMAP
The following options will work as command line arguments to run the importer on its own. For example "UAImporter-NMAP -debugout output.txt -file testfile.xml".
Frequently asked questions
A list of the most frequently asked questions.
Web Reports Guide
Learn how the Web Reports feature extends the power of BigFix.
Configuring Web Reports
Web Reports is used whenever you want to view BigFix data that is spread over multiple databases in your deployment.
Using the Program
The Web Reports interface is simple and straightforward.
The Explore Data section of the program allows you to look at data collected from your entire BigFix network to filter it, and to create reports.
The Report List section of the program is accessed by clicking the appropriate tab from the top tab bar.
Administering the Program
The Administration section of the program lets you manage activities, filters, addresses, users, and databases.
Tasks for advanced users
This section presents tasks unlikely to be needed by the typical user, but which can be of use to advanced users with specific customization needs.
This glossary provides terms and definitions for the Modern Client Management for BigFix software and products.