Discovering software and hardware on IBM i

Available from 9.2.5. You can discover software and hardware inventory on IBM i systems by using disconnected scans that do not require direct connection between the scanned computers and the BigFix server. Scripts that are provided in the disconnected scanner package initiate software and capacity scans, and prepare scan results that you later on upload to BigFix Inventory.

Important: Because the BigFix client is not available for IBM i, the disconnected scanner is the only method of software and hardware discovery on IBM i systems. Unlike on other operating systems, approval from IBM Compliance is not required to use disconnected scans on IBM i.

Disconnected scanner package

To collect the software and hardware inventory data, you need an endpoint package that consists of:
  • Scanner
  • Configuration files
  • Scripts to run the scans and prepare the scan result package
The scripts initiate software and capacity scans, gather scan results, and adjust them to the format that is compatible with BigFix Inventory. If the scripts are not appropriate for your environment, you can edit and customize them, or create new scripts that better fit your needs. You can also use a manual procedure. However, it is not recommended for inexperienced users.

Scalability

The default number of the result packages that can be imported at a time is limited to 1000. However, the disconnected scanner provides support for more packages. It is recommended not to exceed 10 000 at a time. To increase the output capacity, configure the transaction logs size and increase java heap. For more information, see: Tuning performance in medium and large environments.

Scan frequency

The disconnected scanner triggers the following scans:
  • Capacity scan - The scan runs via the BFI_HW jobs that are scheduled during the installation as QSECOFR user on its default queue. The capacity scan runs every 30 minutes.
  • Software scan - You can schedule the software scan to run according to your preference and use any specified queue. The recommended scan frequency is once a month.
Each of these scans consists of a set of scripts and binaries that use up to 5 jobs. Thus, if you use the same queue, make sure that the job limit is set to 10 or more.

A Software scan scheduled / run on demand by end user using user/queue specified by end user. Recommended to be executed once a month. Each of these scans consists of a set of scripts and binaries that use up to 5 jobs. Thus, if you use the same queue, make sure that the job limit is set to 10 or more.

Multiple environments

When you have multiple environments, for example test and production, ensure that the following requirements are met:
  • Every computer reports only one of the environments.
  • Results of the disconnected scan from one environment are not uploaded to BigFix Inventory that monitors the other environment.

Limitations

  • Resource utilization, and metering data are not supported. For more information, see: Raw utilization of license metrics.
  • Scanning remote shared file systems is not supported.
  • Detailed hardware scan cannot be collected if you use the disconnected scan.
  • The disconnected scanner always collects full scans, not delta scans.
  • The disconnected scan does not include additional computer properties that are defined by the user. To collect these details, you need to define additional entries in the computer.yml file.